CS5430 System Security - Overview and Organization

CS5430: System Security - Overview and Organization

Course Overview. This course discusses security for computers and networked information systems. We focus on abstractions, principles, and defenses for implementing military as well as commercial-grade secure systems.

Course URL: http://www.cs.cornell.edu/Courses/CS5430/2013SP/

Lecture: Attendance is required. All students are responsible for announcements made in lecture and material that is covered in lecture. If you must be absent from a class session, please make arrangements with another student to find out what you missed.

10:10 -- 11:25am Monday and Wednesday. Thurston 205

No lecture: 2/25 (M) and other dates to be announced.
Class will meet Fridays 10:10 -- 11:25 for make-up lectures and also to explore additional content.

Instructor:

Professor Fred B. Schneider (255-9221) 4115C Upson Hall

Office hours: Available directly after class and most Mon / Wed afternoons. But feel free to drop by anytime without an appointment, and either I will meet with you then or work out a time that day when we can meet.

email: fbs@cs.cornell.edu. Email is great for questions that require a short answer and don't require much context. However, email is a horrible way to have a conversation, and most questions about course content and procedures require conversations. Besides, live interactions are more fun and more efficient. Students are therefore urged to email the instructor only when it is sensible. For example, email is a sensible way to set up an appointment to speak in person with the instructor---include choices for days and times that you are available.

Teaching Assistants:

Eleanor Birrell, Upson 4143, email: eleanor@cs.cornell.edu

Elisavet Kozyri, Upson 5148, email: ekozyri@cs.cornell.edu .

TA Office Hours:

Mon.	4pm - 6pm	Upson 360, Bay C
Tues.	2pm - 4pm	Upson 360, Bay C
Wed .	4pm - 6pm	Upson 360, Bay C
Thurs.	2pm - 4pm	Upson 360, Bay C

Prerequisites. The course is open to any undergraduate or graduate student who has mastered the material in CS4410 (Operating Systems).

Readings:

Readings to complement the lectures are noted in the course outline.

A text having a large intersection with what we will cover this semester and having a broad coverage of computer security at the MEng level is:

Matt Bishop, Introduction to Computer Security, Addison Wesley, 2005 (ISBN 0-321-24744-2).

So if you want to purchase a single text for this course, it is a reasonable choice.

The following books, on-reserve in Carpenter Library, should also prove useful references on cryptographic protocols. Schneier's book is a classic reference and well worth owning. The Kaufman et al. text is a delightfully written treatment.

Bruce Schneier. Applied Cryptography. Second Edition. Wiley, 1996.
Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security. Private Communication in a Public World. Prentice Hall, 1995.

Draft chapters for a textbook Schneider is writing as well as written lecture notes from Schneider's prior offerings of the lectures can be found on-line. The contents of the lectures in this course changes from year to year (and the on-line notes don't always get updated in a timely way), so on-line lecture notes are a poor substitute for attending class.

Assignments and Grading. Assignments are deliberately underspecified, open-ended, and motivated by problems that arise in the real world (messy as it is) as is consistent with the MEng, hence professional (and practical) orientation, of this course. So you will have to think on your own, refine problem specifications, make reasonable and defensible assumptions, and be creative. Success in CS5430 (and in life) depends heavily on you figuring out what's important and concentrating on that.

Your final course grade will be computed as follows:

40% Homeworks. There will be 5 written homework assignments. Students are expected to work alone on each. The lowest homework grade will be dropped. Grades will not only reflect technical content but also clarity of exposition (including usage, grammar, and spelling).
50% Group Project. Working in a group, you will build a secure system of your choosing. See here are details about the project.
10% Entirely Subjective Factors. These include attendance, class participation, and other means of demonstrating mastery (or lack thereof) of course content.

Homeworks and projects will receive letter grades, which should be interpreted as follows.

A:	Paper "as is" could be posted as the solution set.
B:	Paper has small technical problems (though not many) and has no flaws that suggest fundamental misconceptions about the material or task.
C:	Paper reflects deep misunderstandings of some aspects and/or significant additional work is still required.
D:	Unsatisfactory effort.

The final course grade for each student is based on the weighted average of that student's grades on homeworks and projects. (Not all project phases receive equal weights). This grade might then be adjusted as follows.

A student who has attended all of the lectures and submitted and made a good faith effort on the project and all of the homework can expect to receive a final course grade of B- or better (even when the average grade on homeworks and project phases is lower than B-).

The portion of the grade earmarked for "subjective factors" typically affects only a handful of students, raising or lowering their final course grade by "1/2 letter" grade (e.g, B to B+ or B-).

All assignments are due on the date stipulated, so that correct answers can be freely discussed in lecture after the due date. Late submissions will receive a grade deduction of two "1/2 letters". (E.g., A becomes B+; A- becomes B; B+ becomes B-, etc).

Academic integrity violations will be prosecuted aggressively. Collaborate with your group on the project; do not discuss or collaborate with anyone on the assigned homeworks.

Students are expected to be familiar with the University's and the CS Department's various policies on appropriate use of computers.