CS5430: System Security - Overview and Organization

Course Overview. This course discusses security for stand-alone computers and networked information systems. The focus is abstractions, principles, and defenses for implementing secure systems.

Course URL:   http://www.cs.cornell.edu/Courses/CS5430/2020SP/

Lecture: Attendance is required. If you must miss a lecture, arrange with another student to find out the material you missed.

10:10am -- 11:25am Monday, Wednesday, Friday. Thurston Hall, room 203

We will meet for a total of 28 lectures, averaging 2 lectures per week. The meeting schedule for a given week will be posted at announcements by midnight on the Sunday night.

Professor Fred B. Schneider   (255-9221)   422 Gates Halll

Office hours: Directly after lecture and Wednesday afternoons after 330pm.
But Schneider is in the office most afternoons --- feel free to drop-in without an appointment. If we can't chat then, we can work out a time to meet.

email: fbs@cs.cornell.edu   In person discussions are more efficient and more informative. Email works well only for questions that require a short answer and don't require much context. Email is also a good way to set up an appointment to speak in person with the instructor---include a few choices for days and times when you would be available.

Course Staff:
Akhil Bhandaru, email: avb39@cornell.edu
Janice Chan, email: jc2729@cornell.edu
Cong Ding, email: cd564@cornell.edu
Yiteng Guo, email: yg229@cornell.edu
Giancarlo Pacenza, email: gap75@cornell.edu

TA Office Hours: Course staff are available each day to help with questions about course material and assignments.

Prerequisites. The course is open to any undergraduate or graduate student who has mastered the material in CS4410 (Operating Systems).
Readings to complement the lectures are noted in the course outline. Students are expected to stay current with this reading, which includes draft chapters for a textbook Schneider is writing and notes transcribed from prior offerings of the lectures. But the lectures in this course do change from year to year and the on-line notes don't get updated in a timely way, so the notes do not substitute for attending class.

A text having a large intersection with what we will cover this semester and having a broad coverage of computer security at the MEng level is:

The following books are useful references on cryptographic protocols. Schneier's book is a classic reference and well worth owning.

Assignments and Grading. Consistent with the MEng, hence professional (and practical) orientation of this course, assignments are deliberately underspecified, open-ended, and motivated by problems that arise in the real world (which is messy). Part of your challenge will be to resolve ambiguity, refine problem specifications, make reasonable and defensible assumptions (which you justify in writing), and be creative. Success in CS5430 (and in life) depends on figuring out what's important and concentrating on that.

Final course grades will be computed as follows:

A student who has attended all of the lectures and submitted and made a good faith effort on all of the homework can expect to receive a final course grade of B or better (even if the average grade on homeworks is lower than B). The portion of the grade earmarked for "subjective factors" typically affects only a handful of students, raising or lowering their final course grade by "1/2 letter" grade (e.g, B to B+ or B-).

All assignments are due on the date stipulated, so that correct answers can be distributed and/or freely discussed in lecture after the due date. Late submissions will receive a grade deduction of two "1/2 letters". (E.g., A becomes B+; A- becomes B; B+ becomes B-, etc).

Academic integrity violations will be prosecuted aggressively. Do not discuss or collaborate with other students in the class on the assigned homeworks unless the assignment explicitly states otherwise. The source and the sink in an illicit collaboration both will receive a penalty.

Students are expected to be familiar with the University's and the CS Department's various policies on appropriate use of computers.