CS 513: System Security
Fall 2006

Computer Science Department
Cornell University

Meetings

The class meets in Thurston Hall, room 205, on Mondays and Wednesdays from 10:10 to 11:25am.

Prerequisites

The course is open to any undergraduate or graduate student who has mastered the material in CS414 (Operating Systems). Familiarity with C, Java, or C# will be helpful for doing the programming assignments.

Course staff and office hours
Name Position Email Office Office hours
Prof. Andrew Myers Instructor Upson 4119C Thursday 1–2pm
Joy Zhang TA Upson 338 Tuesday 1-2pm
Xin Zheng TA Upson 4156 Monday 3:30-4:30pm

Students are encouraged to meet with course staff when they have questions. Course staff should be available during office hours without appointment. To meet at other times, please arrange an appointment by email.

Readings

Readings to complement lectures are noted in the course outline.

A text having a large intersection with what we will cover this semester and having a broad coverage of computer security at the MEng level is:

  • Matt Bishop, Introduction to Computer Security, Addison Wesley, 2005 (ISBN 0-321-24744-2).
If you want to purchase a book, this is a reasonable choice. A more detailed text by the same author is
  • Matt Bishop, Computer Security: Art and Science Addison Wesley, 2003.

The following books, on reserve in Carpenter Library, should also prove useful. Schneier's book is a classic reference and well worth owning. The Kaufman et al. text is a delightfully written treatment of material we will be covering on network security and cryptographic protocols.

  • Bruce Schneier. Applied Cryptography. Second Edition. Wiley, 1996.
  • Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security. Private Communication in a Public World. Prentice Hall, 1995.
Lecture notes from prior offerings of the lectures can be found on-line. The contents of the lectures change from year to year (and the on-line notes don't get updated in a timely way), so the online notes are a poor substitute for attending class.

Assignments and Grading

In keeping with the professional (and practical) orientation of this course, assignments are deliberately underspecified, open-ended, and motivated by problems that arise in the real world (messy as it is). You will have to think on your own, build tools, refine problem specifications, make reasonable and defensible assumptions, and be creative. Success in CS513 (and in life) depends heavily on you figuring out what's important and concentrating on that.

Undergraduate courses give explicit reading assignments and define homework problems closely tied to that reading. CS513 is not an undergraduate course and thus doesn't take that road. Instead, CS513 students are themselves responsible for identifying and reading the relevant sections of the textbook and on-line lecture notes after material has been covered in lecture. Moreover, assignments in CS513 may well take a student far beyond that material to other readings. Your final course grade will be computed as follows:

  • 60% Homeworks. There will be 4–6 assignments. Students are expected to work alone on each; a few assignments may involve programming; the lowest homework grade will be dropped.

  • 35% Group Project. Working in a group, you will identify and document a problem, write a functional specification for a solution, and implement that solution.

  • 5% Subjective Factors. These include attendance, class participation, and solving extra credit assignments.
Students who have attended all of the lectures, submitted and made a good-faith effort on all of the required homeworks, including their project, can expect to receive a final course grade of B− or better. The portion of the grade earmarked for “subjective factors” typically affects only a handful of students, raising or lowering their final course grade by 1/2 letter grade.

Assignments are due on the date stipulated. Assignments will be accepted late at a penalty. Assignments turned up to 24 hours late will receive a 10% deduction. Assignments turned in up to 48 hours late will receive a 30% deduction. Assignments will not be accepted more than 48 hours late without prior approval from the instructor. If there are special circumstances affecting your ability to complete assignments on time, you are expected to inform the course staff at least three days in advance.

Academic integrity violations will be prosecuted. Collaborate with your group on the project; do not collaborate with anyone on the assigned homeworks.

Students are expected to be familiar with the University's and the CS Department's various policies on appropriate use of computers.