CS513: System Security - Overview and Organization

Course Overview. This course discusses security for computers, communications networks, and distributed systems. We cover applications of cryptography as well as abstractions, principles, structuring constructs, and methods for implementing military as well as commercial-grade secure systems.

Course URL:   http://www.cs.cornell.edu/Courses/CS513/2005FA/

Lecture: Attendance is required. All students are responsible for announcements made in lecture and material that is covered in lecture. If you must be absent from a class session, make arrangements with another student to find out what you missed.

10:10 -- 11:25am Monday and Wednesday. Bradfield 101.

There will be no lecture on Oct 5 due to the Jewish Holiday.

Professor Fred B. Schneider   (255-9221)   4115C Upson Hall

Office hours: Available after class and most afternoons, Mon -- Wed. Feel free to drop by without an appointment.

email: fbs@cs.cornell.edu.   Please send email only to request an appointment (and include some choices for days and times that you are available---afternoons are best.). Other email will be read but not answered; email is a painfully ineffective and impersonal way to discuss anything substantive. Besides, live interactions are more fun, and more efficient.

Other Staff:
Kevin O'Neill oneill@cs.cornell.edu
Greg Roth gbroth@cs.cornell.edu
TA Office Hours:
Mon. 1:30 - 3:30 (O'Neill) Upson 322
Tues. 1:30 - 3:30 (Roth) Upson 4107A
Wed. 1:30 - 3:30 (O'Neill) Upson 322
Thurs.1:30 - 3:30 (Roth) Upson 4107A
Fri. 1:30 - 3:30 (O'Neill) Upson 322

Prerequisites. The course is open to any undergraduate or graduate student who has mastered the material in CS414 (Operating Systems). Familiarity with C, JAVA, or C# will be helpful for doing the required programming assignments.
Readings to complement the lectures are noted in the course outline.

A text having a large intersection with what we will cover this semester and having a broad coverage of computer security at the MEng level is:

So if you want to purchase a book, this is a reasonable choice.

The following books, on-reserve in Carpenter Library, should also prove useful. Schneier's book is a classic reference and well worth owning. The Kaufman et al. text is a delightfully written treatment of material we will be covering on network security and cryptographic protocols.

Lecture notes from prior offerings of the lectures can be found on-line. The contents of the lectures change from year to year (and the on-line notes don't get updated in a timely way), so these on-line notes are a poor substitute for attending class.

Assignments and Grading. In keeping with the professional (and practical) orientation of this course, assignments are deliberately underspecified, open-ended, and motivated by problems that arise in the real world (messy as it is). You will have to think on your own, build tools, refine problem specifications, make reasonable and defensible assumptions, and be creative. Success in CS513 (and in life) depends heavily on you figuring out what's important and concentrating on that.

Undergraduate courses give explicit reading assignments and define homework problems closely tied to that reading. CS513 is not an undergraduate course and thus doesn't take that road. Instead, CS513 students are themselves responsible for identifying and reading the relevant sections of the textbook and on-line lecture notes after material has been covered in lecture. Moreover, assignments in CS513 may well take a student far beyond that material to other readings.

Your final course grade will be computed as follows:

Students who have attended all of the lectures, submitted and made a good faith effort on all of the required homeworks, and made a good faith effort to get their project running, can expect to receive a final course grade of B- or better. The portion of the grade earmarked for "subjective factors" typically affects only a handful of students, raising or lowering their final course grade by 1/2 letter grade.

All assignments are due on the date stipulated so that correct answers can be freely discussed after the due date. Late submissions are not accepted without prior approval from the instructor.

Academic integrity violations will be prosecuted aggressively. Collaborate with your group on the project; do not collaborate with anyone on the assigned homeworks.

Students are expected to be familiar with the University's and the CS Department's various policies on appropriate use of computers.