CS5430 System Security - Overview and Organization

CS5430: System Security - Overview and Organization

Course Overview. This course discusses security for stand-alone computers and networked information systems. The focus is abstractions, principles, and defenses for implementing secure systems.

Course URL: http://www.cs.cornell.edu/Courses/CS5430/2020SP/

Lecture: Attendance is required. If you must miss a lecture, arrange with another student to find out the material you missed.

10:10am -- 11:25am Monday, Wednesday, Friday. Thurston Hall, room 203

We will meet for a total of 28 lectures, averaging 2 lectures per week. The meeting schedule for a given week will be posted at announcements by midnight on the Sunday night.

Instructor:

Professor Fred B. Schneider (255-9221) 422 Gates Halll

Office hours: Directly after lecture and Wednesday afternoons after 330pm.
But Schneider is in the office most afternoons --- feel free to drop-in without an appointment. If we can't chat then, we can work out a time to meet.

email: fbs@cs.cornell.edu In person discussions are more efficient and more informative. Email works well only for questions that require a short answer and don't require much context. Email is also a good way to set up an appointment to speak in person with the instructor---include a few choices for days and times when you would be available.

Course Staff:

Akhil Bhandaru, email: avb39@cornell.edu
Janice Chan, email: jc2729@cornell.edu
Cong Ding, email: cd564@cornell.edu
Yiteng Guo, email: yg229@cornell.edu
Giancarlo Pacenza, email: gap75@cornell.edu

TA Office Hours: Course staff are available each day to help with questions about course material and assignments.

Mon	3:30pm - 5:30pm	Rhodes 574	Janice Chan
Tues	5:30pm - 7:30pm	Rhodes 574	Giancarlo Pacenza
Wed	12:30pm - 2:30pm	Rhodes 574	Cong Ding
Thurs	5:00pm - 7:00pm	Rhodes 574	Yiteng Guo
Fri	3:30pm - 5:30pm	Rhodes 574	Akhil Bhandaru

Prerequisites. The course is open to any undergraduate or graduate student who has mastered the material in CS4410 (Operating Systems).

Readings:

Readings to complement the lectures are noted in the course outline. Students are expected to stay current with this reading, which includes draft chapters for a textbook Schneider is writing and notes transcribed from prior offerings of the lectures. But the lectures in this course do change from year to year and the on-line notes don't get updated in a timely way, so the notes do not substitute for attending class.

A text having a large intersection with what we will cover this semester and having a broad coverage of computer security at the MEng level is:

Matt Bishop, Introduction to Computer Security, Addison Wesley, 2005 (ISBN 0-321-24744-2).

The following books are useful references on cryptographic protocols. Schneier's book is a classic reference and well worth owning.

Bruce Schneier. Applied Cryptography. Second Edition. Wiley, 1996.
Colin Boyd, Anish Mathuria, Douglas Stebila. Protocols for Authentication and Key Establishment. Second Edition. Springer-Verlag, 2020.
Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security. Private Communication in a Public World. Prentice Hall, 1995.

Assignments and Grading. Consistent with the MEng, hence professional (and practical) orientation of this course, assignments are deliberately underspecified, open-ended, and motivated by problems that arise in the real world (which is messy). Part of your challenge will be to resolve ambiguity, refine problem specifications, make reasonable and defensible assumptions (which you justify in writing), and be creative. Success in CS5430 (and in life) depends on figuring out what's important and concentrating on that.

Final course grades will be computed as follows:

80% Homework. There will be 6 - 8 homework assignments. Students are expected to work alone on each. The lowest homework grade will be dropped. Grades on homeworks will not only reflect technical content but also clarity of exposition (including usage, grammar, and spelling).
10% Possible in-class surprise quizes. These will help you and us to gauge whether you are following the reading and attending lectures.
10% Entirely Subjective Factors. These include attendance, class participation, and other means of demonstrating mastery (or lack thereof) of course content.

A student who has attended all of the lectures and submitted and made a good faith effort on all of the homework can expect to receive a final course grade of B or better (even if the average grade on homeworks is lower than B). The portion of the grade earmarked for "subjective factors" typically affects only a handful of students, raising or lowering their final course grade by "1/2 letter" grade (e.g, B to B+ or B-).

All assignments are due on the date stipulated, so that correct answers can be distributed and/or freely discussed in lecture after the due date. Late submissions will receive a grade deduction of two "1/2 letters". (E.g., A becomes B+; A- becomes B; B+ becomes B-, etc).

Academic integrity violations will be prosecuted aggressively. Do not discuss or collaborate with other students in the class on the assigned homeworks unless the assignment explicitly states otherwise. The source and the sink in an illicit collaboration both will receive a penalty.

Students are expected to be familiar with the University's and the CS Department's various policies on appropriate use of computers.