Overview
|
This course provides a graduate-level introduction to computer and network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography, cryptanalysis, and systems security, and continues by covering a number of seminal papers and monographs in a wide range of security areas.
Topics covered include network security, authentication, security protocol design and analysis, security modeling, trusted computing, key management, program safety, intrusion detection, DDOS detection and mitigation, architecture/operating systems security, security policy, group systems, biometrics, web security, and other emerging topics. A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.
Most of the course readings will come from seminal papers in the field. Links to these papers will be provided on the course pages. In addition, the following book will be used for readings and as reference material.
- Kaufman, C., Perlman, R. and Speciner, M., Network Security: Private Communication in a Public World, 2nd edition, Prentice Hall 2002.
Grading
The course will be graded on exams, quizzes, assignments, projects, and class participation in the following proportions:
| 30% | Course Research Project |
| 10% | Quizzes |
| 20% | Mid-term Exam |
| 30% | Final Exam |
| 10% | Class Participation |
Course Project
The course project requires each student execute a limited research project in security. The chief product of the project will be a conference style paper. Project topics will be discussed in class after the introductory material is completed. Be realistic about what can be accomplished in a single semester. However, the work should reflect real thought and effort. The grade will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort.
Project teams may include groups of up to two students, though single authored works are strongly preferred. I will advise each team/individual independently as needed. The project grade will be a combination of grades received for a number of milestone artifacts and the final project write-up. Details of the milestones and content will be given in class with the other project details.
Project Formatting: Unless otherwise specified, all project related assignments must be created in the LaTeX formatting program. The final project writeup should be at least 12 pages (but no more than 20) of single spaced, double column pages. All bibliographic entries should be managed using the BibTeX tool. Bibliographic entries (References section) are counted in the page limitations.
If you are unfamiliar with LaTeX, please review one of the several available tutorials online on its use and syntax. For reference, you can obtain a sample project LaTeX starter documenter here.
Quizzes
Quizzes will be given with regularity over the course. Quizzes will be given in the first 5-10 minutes of class and will cover the reading material assigned for that day and the material from the preceding day. Note that there will be no make up for these quizzes for any reason, no matter how important or legitimate--this is just the costs of not coming to class. If you are late or miss the class for any reason, you will receive a 0 on the quiz.
Class Participation
Course lectures will be driven by the contents of assigned papers and book chapters. Students are going to be required to participate in discussions of the paper content during each lecture. Hence, the students ability to exhibit comprehension of papers is essential to a passing grade.
Lateness Policy
Project milestones are assessed a 10% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.
Academic Integrity Policy
Students are required to follow the university guidelines on academic conduct at all times. Students failing to meet these standards will automatically receive a 'F' grade for the course. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign the 'F' grade and refer the student to the appropriate University bodies for possible further action.
Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.
Ethics Statement
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.
When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor McDaniel.
**** Health Warning **** This semester has the potential to be effected by the H1N1 virus. Students who believe they have been infected with the virus should consult a medical professional immediately. Do not come to class but contact the professor to indicate your situation prior to the class. All students should read and monitor Penn State's H1N1 health updates webpage for important information.
Course Updates
[11/11/2009] Several students have requested an alternate seating for the course final exam. Students who are attending a conference or are in CSE 514 (which has a final scheduled at the same time as ours) will be able to take the exam on Friday, December 11th at 5:00pm. There will be no other alternate seatings. If you wish to take the exam at that time email me that you are in 514 (I will confirm with Professor La Porta) or have your advisor send me an email stating that you will not be in town on the 15th because of a conference engagement.
[11/4/2009] The course project formatting and content details have been clarified on the course syllabus. Please refer to these instructions and sample documents before submitting any project related materials.
[9/29/2009] I have updated the in-class access matrix worksheet to remove ambiguity. Please download, print and complete by this upcoming Thursday (10/08/09) to be turned in and graded. Note that the substance of the questions has changed from that handed out in class, so you will need to update any answers you completed in class.
[08/24/2009] The course webpage with schedule is now online. Note that the schedule is subject to change at the discretion of Professor McDaniel, and it is the responsibility of each student to monitor for changes.
[08/03/2009] It is my pleasure to announce that Ying Chen has been selected to be our TA for the course. She is a wonderful teacher and student, and I am sure you will all get to know her well.
[07/31/2009] Welcome to CSE543 - Computer and network security! The class website is now setup. Students are encouraged to review its contents and start reading the assigned readings before the first day in class.