cs458 - Fall 2009


Quick Links

This class is an introduction to the fundamentals of computer and information security. The course focuses on algorithms and techniques used to defend against malicious software.

Topics include an introduction to encryption systems, operating system security, database security, network security, system threats, and risk avoidance procedures.

Prerequisites: CS-425 and CS-450.

Before you get started

This class requires you to do a LOT of work between homeworks (4), programming assignments (6) -- some of which are quite difficult, reading assignments (a dozen or so), a class presentation, and two exams.

Grading is quite strict as well, in that failure to get a passing grade in, say, any of the programming assignments will earn you a failing grade in this class. Put it another way, you cannot get around all the work by just skipping assignments.

I'm not trying to scare you into not taking this class, I just want you know full well what you're getting yourself into.

^ Top ^


Section 1
(Main Campus)
Section 2
(TV, channel 413)
Section 3
Instructor Virgil Bistriceanu
Office hours Mon, Tue 5:30 pm - 6:15 pm
Office SB-214
Phone (312) 567-5146
Fax (312) 567-5067
e-mail bistriceanu@iit.edu
Lecture Mon 6:25 pm - 9:05 pm, room SB-201
Teaching Assistant
  • Name: Xufei Mao (will grade all programming assignments)
    • Office: SB-019B
    • Office Hours: Tue, Fri, 1:00pm-2:00pm
    • Phone: 312-567-5869
    • email: xmao3@iit.edu

^ Top ^



Other books

  • The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws, Dafydd Stuttard, Marcus Pinto, Wiley, ISBN-13: 9780470170779
  • Hacking: The Art of Exploitation, Jon Erickson, 2nd edition, No Starch Press, ISBN-10: 1593271441
  • Exploiting Software - How to Break Code, Greg Hoglund and Gary McGraw, Addison Wesley, ISBN: 0-201-78695-8
  • The Art of Deception: Controlling the Human Element of Security, Kevin D. Mitnick, Wiley, ISBN-10: 076454280X
  • Introduction to Computer Security, Matt Bishop, Addison Wesley, ISBN: 0-321-24744-2

^ Top ^


  • Homeworks: 15%
  • Midterm: 15%
  • Final: 20%
  • Programming Assignments: 35%
  • Class Presentation: 15%

The following grading scale will be used to determine your grade in this class:

  • A: 90 - 100
  • B: 80 - 89
  • C: 70 - 79
  • D: 60 - 69
  • E: 0 - 59 This is a failing grade!
To pass this class you will need to have the following marks:
  • 60% in each Programming Assignment
  • 60% for the homeworks average
  • 60% for the class presentation
  • 60% in the final exam

The overall average must be 60+ as well.

Please read this again since it is not your typical grading policy.

Come grading day it won't matter that your overall average is above 60 if you have missing assignments or you failed to get at least 60 in your final, etc.

Class participation will help settle borderline grades. While class attendance is not taken, your instructor believes that regular class attendance is important and expects students to actively participate in class. Questions and comments are always welcome.

^ Top ^

Late Work

Everything you have to turn in is due before midnight (Central Time) the day the work is due.

For late submittal there is a 5% per calendar day penalty.

There are only three ways you can avoid this late penalty:

  • Petition your instructor to change the due date for an assignment. If a change is made, then all students will benefit from it.
  • A documented medical emergency. Based on provided documentation your teacher will try to assign you a new due date. Please note that, based on circumstances, the teacher may decide to assign you an incomplete grade, "I", or otherwise ask you to drop the class.
  • A personal emergency other than a medical emergency, such as a death in the family, etc. Based on provided documentation your teacher will try to assign you a new due date. Please note that, based on circumstances, the teacher may decide to assign you an incomplete grade, "I", or otherwise ask you to drop the class.

^ Top ^

Academic Honesty

All the work you submit must be individual, including, but not limited to, those cases when your instructor has approved pair-programming for you; in these cases the only thing that may be identical with somebody else's is code.

Academic dishonesty will not be tolerated. IIT has a strict academic honesty policy; here are the top points:

  1. The misrepresentation of any work submitted for credit as the product of a student’s sole independent effort, such as using the ideas of others without attribution and other forms of plagiarism.
  2. The use of any unauthorized assistance in taking quizzes, tests or examinations.
  3. The acquisition, without permission, of tests, answer sheets, problem solutions or other academic material when such material has been withheld from distribution by the instructor.
  4. Deliberate harmful obstruction of the studies, research or academic work of any member of the IIT community.
  5. Making material misrepresentation in any submission to or through any office of the university to a potential employer, professional society, meeting or organization.
  6. The intentional assistance of others in the violation of the standards for academic honest.

You can read the entire policy in the Student Handbook (start at page 31). You should read it until you fully understand it. A good way to test whether you understand it is to try to explain it to somebody else.

^ Top ^

Extra Credit

There are multiple ways you can receive extra credit in this class, here are some:

  • Take class notes: scan them and return them to your instructor after each class in PDF format. If you take notes electronically, then turn in to your instructor a copy of your notes, .txt, .odf, .doc, .pdf formats ok.
    • Maximum extra credit: 4 points that will be added to the average class score (scale from one to 100)
    • If you want to get this extra credit, then you'll have to commit to turning in notes for each class.
    • In addition, your instructor will have to confirm upfront that you are eligible for this extra credit since only one student in class can get it.
  • Identify errors in the programming assignments, e.g. typos, wrong commands, conflictying statements, etc, and submit a suggestion for how it should be corrected. Extra credit depends on how significant your find is.
  • Recommend new programming assignments for this class. Your recommendation should be original and non-trivial. If you're not sure what original and non-trivial mean, then talk to your instructor.
    • Extra credit: 5 points per accepted recommendation. All extra credit will be added to your average class score (scale from one to 100).
  • Recommend problems to be included in the midterm or final. You'll get credit for submitting a good problem. Your submission should be original and non-trivial.
    • Extra credit: 2 points per accepted recommendation. All points you earn for your recommendations will be added to your average class score (scale from one to 100).
    • The credit will be doubled for each problem that's included in the exam.
  • Turn in (attach to your final exam) the paper for extra credit on topics assigned in class by your instructor. This assignment can boost your final exam mark by up to 10%.

^ Top ^


Exams are open-book(s), open-notes. You may bring with you any notes you want, however you may not share them with anybody else during the exam.

During the exam the use of communication devices such as phones, laptops, etc. is not allowed. You may bring with you a calculator.

^ Top ^

Programming Assignments

Programming assignments are designed to improve your understanding of core concepts by implementing them. Feel free to use your favorite programming language or use this as an opportunity to learn new ones.

All programming work you do for this class will be tested on one of two environments

  • Our computer running a fresh instalation of Ubuntu 8.10. This is the preferred environment.
  • Our computer running Windows XP, SP3.

NOTE: the fact that your code runs on your computer and not on ours is not enough to earn you credit for your work.

We'd love to accomodate you with other test environments, however this is a big class and the TA is already overworked.

Let me repeat, we're not going to test under any other version of Windows, nor are we going to do it under and other Unix variant other than the one described above.

If your application requires things (e.g. libraries, plug-ins, gems, etc.) that dont's come with the standard distribution, then you should tell us, in the README file you provide with your other deliverables, how to install required dependencies.

^ Top ^

Class Presentations

The purpose of this section is for students to do some independent research work and present their findings to the class.

No later than 9/21/09, each student must choose a topic for the class presentation. Your topic must be approved by your instructor.

Submit your request via email to your class instructor. Topic requests will be honored on a FIFO basis.

As a general rule, the sooner you submit the request, the more time you'll have to prepare it.

A draft of the presentation is due on 10/26/09; a penalty of 10% will be assigned if you fail to submit your draft presentation or if you submit it late. There are two purposes to this:

  • Make sure you're on track with your work.
  • Select the most promising presentations for live presentations; that's primarily of concern for your teacher.

Should you fail to deliver a draft of your presentation by the due date, you'll get penalized 10% in your final grade for the presentation.

The draft presentation must be substantive, i.e. it should show you've spent enough time researching the presentation topic in order to have a good idea about what needs to go in and what needs to stay out. If the draft presentation is deemed to not be substantive by your instructor, then you'll get a 10% penalty on your presentation.

Your presentation must include notes for each slide, which notes include the detail related to each slide; if you prefer, you can produce a separate document that includes the detail of your presentation. If the notes you provide for your presentation are deemed to not be substantive by your instructor, then you'll get a 10% penalty on your presentation.

Allocate significant time to survey the IS topic you have selected. Do not wait until a few days before the presentation is due, chances are that if you do so, then you'll run out of time and will end up with a very poor mark in this section.

Presentations will be limited to 20' and will be followed by Q&A up to a total of 30'. Grading will consider both the content and the way the presentation is made to the class. Your class peers will participate in the grading process and their opinion accounts for 40% of your mark, unless you are one of the students who submits the topic late and/or you cannot be physically present in class for a live presentation.

If you are a student whose presentation hasn't been selected for one of the live presentations sessions or a student who takes the class remotely and cannot attend a live presentation, then you will have to record your presentation as if you were giving it in front of your peers and turn in a .mpeg movie together with all the other deliverables for the class presentation. Your presentation is due on the first day of student presentations as outlined in the Class Schedule.

In the movie we'll want to see:

  • Your face, at least in the beginning and at the end of the presentation
  • Slides
  • Synchronized sound

The presentation must be very well rehearsed; failure to properly prepare for the presentation will result in an extremely poor mark on the presentation.

The following grading sheets will be used for your class presentation.

^ Top ^


The first person you should contact for any questions related to assignments is your TA. Please note that we may have more than one TA assigned for this class, each of them grading a subset of the assignments,

Please be descriptive in the subject line when you email your TA or instructor such that processing doesn't get delayed. At the very minimum you should indicate the class and the term, followed by a brief description of what is it that you want to communicate.

Examples of good subject lines for your email:

  • cs458, Fall 2009 - Hw1, part (i)
  • cs458, Fall 2009 - When will the grades be posted on the Blackboard?
  • cs458, Fall 2009 - Question about PA2

^ Top ^


BackTrack is a Linux distribution that includes lots of tools used for penetration testing, including the tools you'll need to test your programming assignments. You can run BackTrack from a LiveCD or from a full installation on your computer.

Alternately, you can just download, install, and use just the tools you need for the task at hand. There is no hard-and-fast rule, just do what works best for you.

^ Top ^

Class Schedule

Date Lecture Assignment Due
8/24/09 Security Overview  
8/31/09 Elementary Cryptography HW#1
9/7/09 Labor Day - no class PA#1 due on 9/8/09
9/14/09 Operating System Security HW#2
9/21/09 Program Security PA#2
Select class presentation topic
9/28/09 Network Security (guest speaker) HW#3
10/5/09 Midterm PA#3
10/12/09 Fall Break - no class  
10/19/09 Database and Data Mining Security HW#4
10/26/09 Privacy & Social Engineering PA#4
Draft presentation due
11/2/09 The Economics of Cybersecurity  
11/9/09 Administering Security (guest speaker) PA#5
11/16/09 Legal and Ethical Issues  
11/23/09 Class Presentations -- Live presentations, Day #1 PA#6
All recorded presentations due
11/30/09 Class Presentations -- Live presentations, Day #2  
12/7/09 Class Presentations -- Live presentations, Day #3  
12/14/09 Final, 7:30pm - 9:30pm, SB-201  

Your instructor reserves the right to change this schedule.

^ Top ^

Important Events

Event Sections 1, 2, 3
Last day to change/add/drop a class and receive full tuition refund 9/9/09
Deadline for topic selection for class presentation 9/21/09
Last day to remove incomplete grades 10/5/09
Midterm 10/5/09
Fall break (no classes) 10/12/09
Last day for official withdrawal 11/2/09
Thanksgiving break 11/25/09 - 11/27/09
Last day of classes 12/7/09
Final exam 12/14/09, 7:30pm - 9:30pm, SB-201

For more important dates and detail go to the IIT site.

^ Top ^


Unless otherwise stated all papers you turn in will be TYPED. No handwritten work is accepted.

Each page will have a header as follows:

  • The left side: your name
  • Middle: page number and the total number of pages (ex. 2/5 indicates this is page 2 out of a total of 5)
  • Right hand side: name of the assignment (ex. Homework #2)

Each page will also have a footer:

  • The left hand side will contain the following text: cs458-section: Fall 2009 where section stands for the section you are in
  • The right hand side will contain the following text: Illinois Institute of Technology - Computer Science

^ Top ^

$Id: syllabus.html,v 1.9 2009/09/17 02:17:25 virgil Exp $