T. Andrew Yang
Email: yang@uhcl.edu
Web page:  http://sce.uhcl.edu/yang/
Tel.: (281) 283-3835

CSCI 5233 Computer Security and Integrity

Fall 2002  (8/26 - 12/7 + final)

Assignments & Projects

Installation of JCE security provider

an alternative provider

Class Notes, Topics & Schedule
- Print out the class notes and bring them to the class.
Office Hours
Grading
Assignments Guidelines
To be accepted into the discusssion group, make sure you give your full name and class number (csci5233) in your request to join.    It's a good idea to use your full name as your yahoo id.

Time & Classroom

Tu. Th. 10-11:20AM (Delta 237)

Prerequisite:  Design of Database Systems (CSCI 4333), Operating Systems (CSCI 4534).

Course Objectives:  Introduction to encryption and decryption; security mechanisms in computer programs, operating systems, databases, networks, administration of computer security, and legal/ethical issues in computer security.   This course provides foundation knowledge for further advanced study of security issues in computer systems and applications.

Class Format:  Lectures are combined with discussions and, if applicable, student presentations and discussions of advanced topics.  Students are expected to be active participants, by studying the relevant chapters and/or research papers and participating at in-class discussions.

Instructor:
 

Dr. T. A. Yang
(office) Delta 106
(phone#) (281) 283-3835 (Please leave a message if not available.)
NOTE: If the suite office is locked, you may use the phone outside the office to call me (by entering the extension 3835). 
(email address) yang@uhcl.edu
Emails without a subject line or signature will be discarded.
Here is a sample subject line: "CSCI5132 project #1, question 1".
(web site)  http://sce.uhcl.edu/yang
NOTE: Find the assignments and/or projects at the  Assignments & Projects page.
Office Hours : See http://sce.uhcl.edu/yang/teaching/officeHours.htm
NOTE: In addition, you are highly encouraged to send your questions to me by e-mails ( yang@uhcl.edu ). You, however, are responsible for describing, in your email message, the problem(s) you have encountered, the solution(s) you have tried, and the outcome you have got from these solution(s).

Teaching Assistant:                Mallikarjun Merla                    

  • Email:            merlam@uhcl.edu        
  • Office Hours:    Mon. 10am-1pm; Tues. 3-7pm; Wdn. 9am-12 noon; Sat. 9am-1pm      
  • Location:      PC Lab / Sun Lab      

Required Text:

Pf:  Charles P. Pfleeger.   Security in Computing, 2 nd Edition.  Prentice Hall.  1997.  (ISBN: 0133374866 )
VM:
John Viega and Gary McGraw.  Building Secure Software: How to Avoid Security Problems the Right Way .  Addison Wesley.  2002.   (ISBN:  0 20172152X )
+ Instructor's handout in the class and/or on the Web


    • Books:
      • Pistoia, Marco, Duane F. Reller, Deepak Gupta, Milind Nagnur, Ashok Ramani, Java 2 Network Security, 2 nd Edition , Prentice Hall, 2000.
      • Rescorla, Eric, SSL and TLS: Designing and Building Secure Systems , Addison Wesley Professional, 2001.
      • Schneier, Bruce, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2 nd Edition , Wiley, 1996.
    • Articles:
      • Andrews, Gregory R., "Partitions and principles for secure operating systems", Proceedings of the 1975 ACM annual conference, January 1975.
      • Viega, John, Tadayoshi Kohno, and Bruce Potter, "Trust (and mistrust) in secure applications", Communications of the ACM, Volume 44 Issue 2 , February 2001.
      • Bashir, Imran, Enrico Serafini, and Kevin Wall, "Securing network software applications: introduction", Communications of the ACM, Volume 44 Issue 2, February 2001.
    • RFC's:
      • RFC2827 : Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing (5/2000)

Topics and Notes

  • NOTE: The following schedule will be followed as much as possible, although changes are probable.  Always check with your instructor if you are not sure what would be covered next week.
wk (dates)
Topics (Book: Chapters)
Assigned
Due
1 (8/27, 29)
 Syllabus
I. Fundamentals:
Overview of computer security ( Pf: Ch 1 )
The 10 principles of software security ( VM: Ch 5 )


2  (9/3, 5)
 Basic encryption & decryption (Pf: Ch 2) Part A   Part B
 		Assignment 1
3 (9/10, 12)
 Secure encryption systems & algorithms (Pf: Ch 3)
Part A   Part B  
Project 1
4 (9/17, 19)
 Secure encryption systems & algorithms (Pf: Ch 3)
inverse.java     Part C     Part D
Randomness & Determinism (VM: Ch 10)
Assign 1
(9/17)
5 (9/24, 26)
 Encryption protocols & practices
   (Pf: Ch 4; VM: Appendix A)   Part A  
Assignment 2
6  (10/1, 3)
 Encryption protocols & practices (Continued)
    Part B     Part C   voting protocols  
   [DEM82] paper (section 1.4)
   Project 1
(10/1)
7 (10/8, 10)
 II. Security in Computer Applications:
Software security ( Pf: Ch 5 ; VM: Ch 1)
OS security (Pf: Ch 6, 7; VM: Ch 8, 13) Pf.Ch6  
      Pf.Ch6B        
 Project 2
 Assign 2
(10/8)
8
(10/15, 17)
 Database security (Pf: Ch 8 , Ch 8b ; VM: Ch 14)
 Assignment 3
 midterm exam (10/15)
9
(10/22, 24)
 Networking security ( Pf:Ch 9   Ch9B   Ch9C ; VM:Ch16)
 Project 2

Assignment 3

Project 2 design
* 10/28: Last day to drop a class
10
(10/29, 31)
 III. Software Security:
Buffer overflows (VM: Ch 7 )
Managing risks in software security (VM: Ch 2) Selecting technologies (VM: Ch 3)
Open source versus closed source (VM: Ch 4)

11 (11/5, 7)
 Software auditing (VM: Ch 6)


 Assignment 4 Proj. 2 design
(Th. 11/7)
12
(11/12, 14)
 Race conditions (VM: Ch 9)
Applying cryptography in programming (VM: Ch 11)
Assign 3
(Tu. 11/12)
13
(11/19, 21)
 Trust management (VM: Ch 12)
Client-side security (VM: Ch 15)
  

14
(11/26)
 IV. Security administration & legal issues :
Administering security (Pf: Ch 10)

15 (12/3, 5)
 		Legal & ethical issues (Pf: Ch 11)
Project 2
(7pm, Mon. 12/2)
16
Time: 12/10 Tu. 10am-12:50
Final exam is cumulative.
 final exam
(12/10)

Computer Labs & Hours

Check  http://sce.uhcl.edu/computing.html?resources for lab information and open hours.
Evaluation:
category
percentage
assignments
15%
projects and/or presentations
15%
midterm exam
30%
final exam
40%
NOTE:  The accumulated points from all the categories determine a person's final grade. There will be no extra-credit projects.
Grading Scale:
Percentile
Grade
93% or above
A
90% - 92%
A-
87% - 89%
B+
84% - 86%
B
80% - 83%
B-
77% - 79%
C+
74% - 76%
C
70% - 73%
C-
60%-69%
D
59% or below
F
Tests:
Both analytic and synthetic abilities are emphasized. Being able to apply the learned knowledge toward problem solving are also highly emphasized in the tests. 
Assignments and Late Penalty:
Assignments and projects will be posted at the class web site. Assignments & projects are due before the beginning of the class on the due day.  See Topics and Notes for the due dates. 

Points will be deducted from late assignments: 20% for the first 24 hours after the due time, 40% for the next 24 hours, 70% for the third 24 hours, and 100% after that. No extension will be granted except for documented emergency. S tarting to work on the assignments as early as possible is always the best strategy.
NOTE: Unless otherwise specified, all assignments and projects are individual work.  Students should take caution not to violate the academic honesty policies.  See  http://b3308-adm.uhcl.edu/PolicyProcedures/Policy.html for details.
Assignments Guidelines:

a. Identification page: All assignments must have your name, and course name/number/section number (e.g., CSCI5132-01 or CSCI5333-03) at the top of the first page.

b. Proper stapling:  Staple all the pages together at the top-left corner. NOTE: Do not use paper clips.

c. Order ! Order!  Arrange the solutions following the sequence of the questions. Write the question number at the top-right corner of each page.

d. W ord  processing:  It is required that you type your reports (e.g., print them using a printer). Use a word processor and appropriate typesetting and drawing tools to do the assignments. Spell-check the whole document before printing it. You may loose points due to spelling or grammatical errors. 

Projects:

The projects will involve the design and implementation of encryption/decryption algorithms and/or application of the algorithms to real-world problems .  Students are expected to employ the theories and techniques learned in the class to design the system.  

Details of the projects will be later made available at Assignments & Projects

Attendance Policy:

You are expected to attend all classes. If you ever miss a class, it is your responsibility to get hold of whatever may have been discussed in the class.
Instructor's Notes:
  • Unless due to unexpected, documented emergency, no make-up exams will be given.   No make-up exam s will be granted once the exams have been corrected and returned to the class. 
  • Important:   If you think you have lost some points due to grading errors, make sure you approach the instructor within a week after the assignment, project, or test is returned to you .  
  • To get the most out of this class, you need to read the textbooks and spend time using computers regularly.  Be prepared for a class by preview the material to be covered in that class and participate in discussions and problem-solving exercises, if applicable, in the class.
  • Due to the intensive nature of graduate classes, 15-20 hours per week are expected of students in studying the textbook/notes and working on the assignments, in addition to class attendance.   Expect to spend more hours during summer sessions.

Ø Go to the  Index

dd   Main Page

dd   Biography

dd   Teaching

dd    Research

dd    Services

dd     Other Links




Last updated: 8/02