cs458 - Spring 2014


Goal

Quick Links

This class is an introduction to the fundamentals of computer and information security. The course focuses on algorithms and techniques used to defend against malicious software.

Topics include an introduction to encryption systems, operating system security, database security, network security, system threats, and risk avoidance procedures.

Prerequisites: CS-425 and CS-450.


Before you get started

This class requires you to do a *lot* of work between homeworks, programming assignments -- some of which are quite difficult -- reading assignments (a dozen or so), a class presentation, and two exams.

^ Top ^


Hours

Section 1
(CRN: 20065, Main Campus)
Section 2
(CRN: 25440, Internet)
Section 3
(CRN: 26647, India)
Instructor Virgil Bistriceanu
Office hours Mon, Tue 5:30 pm - 6:15 pm
Office SB-214
Phone (312) 567-5146
Fax (312) 278-0427
e-mail bistriceanu@iit.edu
Lecture Tue 6:25 pm - 9:05 pm, room SB-220
Teaching Assistant
  • Name: TBA
    • Office: TBA
    • Office Hours: TBA
    • Phone: TBA
    • email: TBA

^ Top ^


Books

Textbook - required

Other books - useful reads, however not required

  • The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws, Dafydd Stuttard, Marcus Pinto, Wiley, ISBN-13: 9780470170779
  • Hacking: The Art of Exploitation, Jon Erickson, 2nd edition, No Starch Press, ISBN-10: 1593271441
  • Exploiting Software - How to Break Code, Greg Hoglund and Gary McGraw, Addison Wesley, ISBN: 0-201-78695-8
  • The Art of Deception: Controlling the Human Element of Security, Kevin D. Mitnick, Wiley, ISBN-10: 076454280X
  • Introduction to Computer Security, Matt Bishop, Addison Wesley, ISBN: 0-321-24744-2

^ Top ^


Grading

Since no TA has been assigned to this class by the beginning of school, it is somewhat reasonable to assume that none will be assigned; hence, the amount of work you are required to do in order to get an A has been reduced accordingly.

The grade you earn in this class is based on the number of points you accumulate during the semester, between mandatory -- such as midterm, final, and class presentation -- and optional assignments, such as homeworks, programming assignments, extra credit, etc.

The purpose is to to give you flexibility in the way you manage your time and the kind of assignments you want to work on. There are only two deadlines in this class, one for submitting work that's classified as homeworks (2/18) and another one for work that's classified as programming assignments (4/1) -- and that's only if you decide to submit additional work for this class.

You can submit all your homeworks at once or one per week, it's all up to you. You may even decide you don't want to submit any homework and focus instead on programming assignments.

With great flexibility comes the danger that you won't be able to manage your time properly, and you'll attempt to get everything done just before the deadlines, which is a sure recipe for disaster.

My recommendation is to start early and try to submit a piece of completed work every week.

The table below summarizes the nature of various assignments for this class.

Work Done Max Points Mandatory? [Y/N]
Midterm exam 100 Y
Final exam 200 Y
Class presentation 200 Y
Homeworks At least 150 N
Programming assignments At least 450 N
Extra credit At least 10 N

The only caveats about work you submit for this class are:

  • Each and every one of the optional assignments must be graded at least 60% of the maximum number of points for that assignment. Anything that's below 60% will be counted as zero (0) for purposes of your final score. The reason for this is simple, I don't want anyone to get a passing grade in this class by just submitting lots of mediocre work.
  • You must get at least 60% in the final AND 60% in the class presentation in order to pass this class.

The relationship between the number of points you accumulate in this class and your final grade is given in the table below.

Grade Points required
A 500+
B [450, 500)
C [400, 450)
D(1) [350, 400)
E [0, 350)
(1)This grade may not be applied to graduate students.

Class participation will help settle borderline grades. While class attendance is not taken, your instructor believes that regular class attendance is important and expects students to actively participate in class. Questions and comments are always welcome.

^ Top ^


Late Work

All work that you turn in must be submitted on the Blackboard before midnight (Central Time) the day the work is due.

I understand that from time to time you'll get overwhelmed with work, or that you may have personal problems that will make you less productive than you'd like. That's why each student in this class has a credit of 20 points for late work.

You can use this credit as you see fit, for good reason or no reason at all, all at once or in pieces -- though there is no fractional credit, i.e. you cannot request 0.3 points of credit. The only thing we ask for is that, in your Blackboard submission (in the COMMENT field) you indicate how much of your credit you want to use.

After you've used your "late work credit", or if you don't want to use it, there is a 5% per calendar day penalty for late work. The way this works is that the late penalty is taken from the top, and then the TA -- or whoever grades your work -- applies other penalties that result from grading the work.

Let's say you're N days late on an assignment that's worth X points; also, let's also assume that the TA finds errors in your submission that accumulate to a total of Y points. Then, your mark for the said work is going to be (X - N*0.05*X) - Y.

For example, let's assume we're talking about PA-2 where you can earn a maximum of 70 points (X=70), and that you're three days late (N=3). Let's also assume that the TA finds errors in your submission that are worth 11 points. Then your mark on this assignment will be (70 - 3*0.05*70) - 11 = 48.5, which will be rounded up -- using the round half up rule -- to 49.

^ Top ^


Exceptional circumstances

Your teacher will try to accommodate you in those cases that are beyond your control, such as medical and personal emergencies, as described below. In any event, you'll be using your "late work credit" first, before any additional accommodations can be made.

  • A documented medical emergency. Based on provided documentation your teacher will try to assign you a new due date for late assignments. Please note that, based on circumstances, the teacher may decide to assign you an incomplete grade, "I", or otherwise ask you to drop the class.
  • A personal emergency other than a medical emergency, such as a death in the family, etc. Based on provided documentation your teacher will try to assign you a new due date for late assignments. Please note that, based on circumstances, the teacher may decide to assign you an incomplete grade, "I", or otherwise ask you to drop the class.

^ Top ^


Incomplete (I) Grades

Yes, you can get an incomplete in this class even if you're not dealing with a personal emergency. Here are the conditions:

  • It's not automatic; you have to request an incomplete from your instructor before final grades are posted.
  • It's a single piece of work that's holding you back. For example, you forgot it's finals day and failed to take the final exam. Well, I can give you an incomplete for that. However, I cannot give you an incomplete if you failed to submit one of the programming assignments and you failed to get a passing score in the final.
  • You accept whatever work I'll be assigning you to remediate the incomplete; I promise you that the work will be relevant to this class, however it may not be the exact same as the work you just missed.

^ Top ^


Academic Honesty

All the work you submit must be individual, including, but not limited to, those cases when your instructor has approved pair-programming for you; in these cases the only thing that may be identical with somebody else's is code.

Academic dishonesty will not be tolerated. IIT has a strict academic honesty policy; here are the top points:

  1. The misrepresentation of any work submitted for credit as the product of a student’s sole independent effort, such as using the ideas of others without attribution and other forms of plagiarism.
  2. The use of any unauthorized assistance in taking quizzes, tests or examinations.
  3. The acquisition, without permission, of tests, answer sheets, problem solutions or other academic material when such material has been withheld from distribution by the instructor.
  4. Deliberate harmful obstruction of the studies, research or academic work of any member of the IIT community.
  5. Making material misrepresentation in any submission to or through any office of the university to a potential employer, professional society, meeting or organization.
  6. The intentional assistance of others in the violation of the standards for academic honest.

You can read the entire policy at http://www.iit.edu/student_affairs/handbook/information_and_regulations/code_of_academic_honesty.shtml. You should read it until you fully understand it. A good way to test whether you understand it is to try to explain it to somebody else.

^ Top ^


Extra Credit

There are multiple ways you can receive extra credit in this class, here are some:

  • Take class notes: scan them and return them to your instructor after each class in PDF format. If you take notes electronically, then turn in to your instructor a copy of your notes, .txt, .odf, .doc, .pdf formats ok.
    • Maximum extra credit: 5 points that will be added to the pool of points you accumulate during the semester
    • If you want to get this extra credit, then you'll have to commit to turning in notes for each class.
    • In addition, your instructor will have to confirm upfront that you are eligible for this extra credit since only one student in class can get it.
  • Identify errors in the programming assignments, e.g. typos, wrong commands, conflicting statements, etc, and submit a suggestion for how it should be corrected. Extra credit depends on how significant your find is.
  • Recommend new programming assignments for this class. Your recommendation should be original and non-trivial. If you're not sure what original and non-trivial mean, then talk to your instructor.
    • Extra credit: 5 points per accepted recommendation. All extra credit will be added to your class score.
  • Recommend problems to be included in the midterm or final. You'll get credit for submitting a good problem. Your submission should be original and non-trivial.
    • Extra credit: 5 points per accepted recommendation. All points you earn for your recommendations will be added to your class score.
    • The credit will be doubled for each problem that's included in an exam.
  • Turn in (attach to your final exam) the paper for extra credit on topics assigned in class by your instructor. This extra credit assignment can boost your final exam mark by 10 points.

^ Top ^


Exams

Exams are open-book(s), open-notes. You may bring with you any notes you want, however you may not share them with anybody else during the exam.

During the exam the use of communication devices such as phones, laptops, etc. is permitted, however, we'll ask you to be disconnected from the network (any network). You may also bring with you a calculator.

^ Top ^


Programming Assignments

Programming assignments are designed to improve your understanding of core concepts by implementing them. Feel free to use your favorite programming language or use this as an opportunity to learn new ones.

All programming work you do for this class will be tested on one of two environments

NOTE: the fact that your code runs on your computer and not on ours is not enough to earn you credit for your work.

We'd love to accommodate you with other test environments, however the TA -- assuming one is even assigned to this class -- is already overworked, which means we're not going to do it.

Let me repeat, we're not going to test under any other version of Windows, nor are we going to do it under and other Unix variant other than the one described above.

If your application requires things (e.g. libraries, plug-ins, gems, etc.) that don't come with the standard distribution, then you should tell us, in the README file you provide with your other deliverables, how to install required dependencies.

^ Top ^


Class Presentations

The purpose of this section is for students to do some independent research work and present their findings to the class.

No later than 2/11, each student must choose a topic for the class presentation. Your topic must be approved by your instructor.

Submit your request via email to your class instructor. Topic requests will be honored on a FIFO basis.

As a general rule, the sooner you submit the request, the more time you'll have to prepare it.

An outline of your class presentation is due (on the Blackboard) no later than 3/11; a penalty of 5% will be assigned if you fail to submit your draft presentation or if you submit it late. There are two purposes to this:

  • Make sure you're on track with your work.
  • Select the most promising presentations for live presentations; that's primarily of concern for your teacher.

Again, should you fail to deliver a draft of your presentation by the due date, you'll get penalized 5% in your presentation score.

The draft presentation must be substantive, i.e. it should show you've spent enough time researching the presentation topic in order to have a good idea about what needs to go in and what needs to stay out. If the draft presentation is deemed to not be substantive by your instructor, then you'll get a 5% penalty on your presentation.

You must submit your final presentation on the Blackboard. The presentation must include notes for each slide, which notes include the detail related to each slide; if you prefer, you can produce a separate document that includes the detail of your presentation. If the notes you provide for your presentation are deemed to not be substantive by your instructor, then you'll get a 10% penalty on your presentation.

Allocate significant time to survey the IS topic you have selected. Do not wait until a few days before the presentation is due, chances are that if you do so, then you'll run out of time and will end up with a very poor mark in this section.

Presentations will be limited to 20' and will be followed by Q&A up to a total of 30'. Grading will consider both the content and the way the presentation is made to the class. Your class peers will participate in the grading process and their opinion accounts for 40% of your mark, unless you are one of the students who submits the topic late and/or you cannot be physically present in class for a live presentation.

If you are a student whose presentation hasn't been selected for one of the live presentations sessions or a student who takes the class remotely and cannot attend a live presentation, then you will have to record your presentation as if you were giving it in front of your peers and turn in a .mpeg movie together with all the other deliverables for the class presentation. Your presentation is due on the first day of student presentations as outlined in the Class Schedule.

In the movie we'll want to see:

  • Your face, at least in the beginning and at the end of the presentation
  • Slides
  • Synchronized sound

The presentation must be very well rehearsed; failure to properly prepare for the presentation will result in an extremely poor mark on the presentation.

The following grading sheets will be used for your class presentation.

^ Top ^


Communications

The first person you should contact for any questions related to assignments is your TA, if one has been assigned to this class.

Please be descriptive in the subject line when you email your TA or instructor such that processing doesn't get delayed. At the very minimum you should indicate the class and the term, followed by a brief description of what is it that you want to communicate.

Examples of good subject lines for your email:

  • cs458, Spring 2014 - Hw1, part (i)
  • cs458, Spring 2014 - When will the grades be posted on the Blackboard?
  • cs458, Spring 2014 - Question about PA2

^ Top ^


Tools

BackTrack is a Linux distribution that includes lots of tools used for penetration testing, including the tools you'll need to test your programming assignments. You can run BackTrack from a LiveCD or from a full installation on your computer.

Alternately, you can just download, install, and use just the tools you need for the task at hand.There is no hard-and-fast rule, just do what works best for you.

^ Top ^


Class Schedule

Date Lecture Assignment Due
1/14/14 Security Overview  
1/21/14 Elementary Cryptography  
1/28/14 Operating System Security  
2/4/14 Program Security  
2/11/14 Confidentiality and Integrity Models Deadline for selecting class presentation topic
2/18/14 Database and Data Mining Security Deadline for submitting homework assignments
2/25/14 Midterm Exam  
3/4/14 Network Security (guest speaker)  
3/11/14 Privacy & Social Engineering Draft class presentation due
3/18/14 Spring Vacation No class
3/25/14 The Economics of Cybersecurity  
4/1/14 Legal and Ethical Issues  
4/8/14 Administering Security (guest speaker) ... maybe Deadline for submitting programming assignments
4/15/14 Class Presentations -- Live presentations, Day #1 Deadline for all recorded presentations
4/22/14 Class Presentations -- Live presentations, Day #2  
4/29/14 Class Presentations -- Live presentations, Day #3  
5/6/14 Final Exam, 7:30pm - 9:30pm, SB-220  

Your instructor reserves the right to change this schedule.

^ Top ^


Important Events

Last day to change/add/drop a class with no tuition charges 1/24/14
Last day to remove incomplete grades from Fall 2013 2/24/14
Midterm 2/25/14
Spring break (no classes) 3/17-21/14
Last day for official withdrawal 3/31/14
Last day of classes 5/3/14
Final exam 5/6/14, 7:30pm - 9:30pm, SB-220

For more important dates and detail go to the IIT site.

^ Top ^


Americans with Disabilities Act (ADA)

Reasonable accommodations will be made for students with documented disabilities. In order to receive accommodations, students must obtain a letter of accommodation from the Center for Disability Resources. The Center for Disability Resources (CDR) is located in 3424 S. State St., room 1C3-2 (on the first floor).

^ Top ^


Varia

Unless otherwise stated all papers you turn in will be TYPED. No handwritten work is accepted.

Each page will have a header as follows:

  • The left side: your name
  • Middle: page number and the total number of pages (ex. 2/5 indicates this is page 2 out of a total of 5)
  • Right hand side: name of the assignment (ex. Homework #2)

Each page will also have a footer:

  • The left hand side will contain the following text: cs458-section: Spring 2014 where section stands for the section you are in
  • The right hand side will contain the following text: Illinois Institute of Technology - Computer Science

^ Top ^



$Id: syllabus.html,v 1.3 2014/03/02 00:29:09 virgil Exp $