T. Andrew Yang

Email: yang@uhcl.edu

Web page:  http://sce.uhcl.edu/yang/

Tel.: (281) 283-3835 


Last updated:

 

2/14/2012

CSCI 4233 & CINF 4233 Computer Security

Spring 2012  (1/17 – 4/30 + final exam)

·        Important Information:

o   (Required) Join the discussing group for announcements and discussions: http://groups.google.com/group/cscicinf-4233-computer-security?hl=en

o   Installation of JCE security provider for unlimited strength security

o   Java source programs from the Professional Java Security book

·        To run the KeyStoreExample.java application

Class Notes, Topics & Schedule

- Print out the class notes for the day and bring them to the class.

Assignments & Projects


Time & Classroom

Tues., 10am-12:50pm (Delta 203)

Course Description: Introduction to encryption and decryption; security mechanisms in computer architectures, operating systems, database, networks, and introduction to security.

Prerequisite: CSCI3532 (Advanced Data Structures and Algorithms) + MATH3331 (Discrete Math), or equivalents.

Special Note: Students who have completed CSCI5233 (Computer Security & Integrity) should not take this course. Instead, please consider taking CSCI5235 Network Security, CSCI5234 Web Security, or other advanced courses.

Course Objectives: Introduction to encryption and decryption; security mechanisms in computer programs, operating systems, databases, networks, administration of computer security, and legal/ethical issues in computer security.   This course provides foundation knowledge for further advanced study of security issues in computer systems and applications.

 

Learning Outcome:

  1. Understand the five security components (confidentiality, integrity, authenticity, availability, and non-repudiability), and apply them when evaluating a given security mechanism.
  2. Understand the process of developing a secure application, including development of security policies, sample policy languages, relationship between security policies and mechanisms, and different types of security mechanisms.
  3. Understand basic cryptography (encryption and decryption) and major cryptographical protocols, including symmetric and asymmetric cryptography, message digests, HMAC, digital signatures, digital certificates, key exchange, and key storage, etc.
  4. Develop sample applications using security protocols provided by a given language such as Java (JCA, JCE).
  5. Understand legal and ethical issues in computer security (privacy issues, Computer Security Act, HIPPA, etc.).
  6. Have an overall understanding of some security applications, including authentication, access control, network security, and system security.

Class Format: Lectures are combined with discussions and, if applicable, student presentations and discussions of advanced topics. Students are expected to be active participants, by studying the relevant chapters and/or research papers, and participating at in-class discussions.


Instructor: Dr. T. A. Yang

(office) Delta 106

(phone#) (281) 283-3835 (Please leave a message if not available.)

NOTE: If the suite office is locked, you may use the phone outside the office to call me (by entering the extension 3835).

(email address) yang@uhcl.edu

Important notes:

Emails without a subject line or signature will be considered as potentially malicious and be discarded. Here is a sample subject line: "CSCI4233 project #1, question 1".

Although email messages tend to be informal, please check the grammar and spelling of your messages to ensure their legibility.

(Web site)  http://sce.uhcl.edu/yang
NOTE: Find the assignments and/or projects at the Assignments & Projects page.

Office Hours : See http://sce.uhcl.edu/yang/teaching/officeHours.htm

NOTE: In addition, you are highly encouraged to send your questions to me by e-mails (yang@uhcl.edu). Try to provide sufficient details in your email message, such as the problem(s) you have encountered, the solution(s) you have tried, and the outcome you have got from these solution(s).

Teaching assistant info and office hours:

 

TA -

Neeraj Jadhav (jadhav.neeraj87@gmail.com)

 

Office hours -

Monday: 12 PM - 5 PM (5 hours)

Wednesday: 2 PM - 7 PM (5 hours)

Thursday: 10 AM - 2 PM (4 hours)

 

 


Required Text:

Matt Bishop. Introduction to Computer Security. Addison Wesley. 2004. (ISBN: 0321247442)

+ Instructor's handouts in the class and/or on the Web

Recommended (but not required):

·        Jess Garms and Daniel Somerfield. Professional Java Security. Wrox. 2001. (ISBN: 1861004257)

Note: Sample programs from this book could be useful for you to get started with your programming projects.

·       David Hook. Beginning Cryptography with Java. Wrox. 2005. (ISBN: 0764596330)

·       Scott Oaks. Java Security (2nd Edition). O'Reilly Media. 2001. (ISBN: 0596001576)

·       Jason Weiss. Java Cryptography Extensions: Practical Guide for Programmers. Morgan Kaufmann. 2004. (ISBN: 0127427511)

References and Resources:

Ongoing research related to computer security
Past and current advanced courses related to computer security (Web Security, Network Security, Wireless security, etc.)


Topics and Notes
NOTE: The following schedule will be followed as closely as possible, although changes are probable. Always check with your instructor if you are not sure what would be covered next week.

wk (dates)

Topics & Slides (Book: Chapters)

Due Dates

1 (1/17)

Syllabus
I. Fundamentals 1

- Overview of computer security (Ch 1 )

- Overview: components and mechanisms

2 (1/24)

- Access Control Matrix (Ch 2)

 

3 (1/31)

- Security Policies (Ch 4)

Lab 1

4 (2/7)

II. Cryptography et. al.
- Basic Cryptography 1
(Ch 8)

Lab 2

5 (2/14)

- Basic Cryptography 2 (Ch 8) + Extended Euclidean Algorithm (Ch. 31) + inverse.java (computing the inverse of a mod n, given a and n)

 

6 (2/21)

Review outline & sample exam for exam 1 (new)

Exam 1

Exam

7 (2/28)

- Digital Signatures (Ch 9)

Lab 3

8 (3/6)

- Certificates (Ch 9)

Lab 4

9 (3/13)

Spring break. No class meetings.

 

10 (3/20)

- Key Exchange (Ch 9)

Lab 5

11 (3/27)

- Key Storage (Ch 9)

 

12 (4/3)

Exam 2

Exam

13 (4/10)

- Cipher Techniques (Ch 10) + RSA FAQs 2.1.4 (What is a block cipher?) and 2.1.5 (What is a stream cipher?)

- Authentication (Ch 11)

Lab 6

14 (4/17)

VI. Practicum

- Basics of Network Security (Ch 10)

- Network Security (Ch 23)

Lab 7

15 (4/24)

- System Security (Ch 24)

16 (5/1)

Final exam: comprehensive, open-book

Final exam

 

 

 


Computer Labs:

The computers in the PC Lab (Delta 119) are configured with JDK and JCE for running the sample programs. You are encouraged to configure your own computer to do the projects.

·        Windows account information at: http://sce.uhcl.edu/accountSearch.html

·        Click http://sce.uhcl.edu/NTLabIntroduction.asp for the list of available software in the PC lab.

Evaluation:

category

Percentage (min ~ max)

Labs (5% each X 7)

35%

midterm exams (15%, 15%)

30%

final exam (open book)

30%

Attendance++

5%

Class Participation+++

0% ~ 3%

Total:

100% (0% ~ 103%)

++ Attendance Policy: You are expected to attend all classes. There will be no penalty for a person’s first two absences without documented excuse. 1% will be taken for each of the absences after the first two absences without excuse. Note: Being tardy is no excuse when a person is found to be absent from the class.

Note: If you ever miss a class, it is your responsibility to get hold of whatever may have been discussed in the class.

+++ Class Participation: Participating in the class is expected. You should ask or answer questions during the in-class or online discussions. Up to 3% may be granted to students who are active participants.

Grading Scale:

The accumulated points from all the categories determine a person's final grade. There will be no extra-credit projects.

Percentile

Grade

90% or above

A

87% - 89%

A-

84% - 86%

B+

80% - 83%

B

77% - 79%

B-

74% - 76%

C+

70% - 73%

C

67% - 69%

C-

64% - 66%

D+

 

60%-63%

D

 

57%-59%

D-

Less than 57%

F

Tests & Exams:

Both analytic and synthetic abilities are emphasized. Being able to apply the learned knowledge toward problem solving is also highly emphasized in the tests. 

Unless due to unexpected, documented emergency, no make-up exams will be given. No make-up exams will be granted once the exams have been corrected and returned to the class.

Assignments and Late Penalty:

Assignments and projects will be posted at the class web site. Assignments & projects are due before the beginning of the class on the due day. See Topics and Notes for the due dates. 

Points will be deducted from late assignments: 20% for the first 24 hours after the due time, 40% for the next 24 hours, 70% for the third 24 hours, and 100% after that. No extension will be granted except for documented emergency. Starting to work on the assignments as early as possible is always the best strategy.

 

Assignments Guidelines:

a. Identification page: All assignments must have your name, and course name/number/section number (e.g., CSCI4233-01) at the top of the first page.

b. Proper stapling: Staple all the pages together at the top-left corner. NOTE: Do not use paper clips.

c. Order ! Order! Arrange the solutions following the sequence of the questions. Write the question number at the top-right corner of each page.

d. Word processing: It is required that you type your reports (e.g., print them using a printer). Use a word processor and appropriate typesetting and drawing tools to do the assignments. Spell-check the whole document before printing it. You may lose points due to spelling or grammatical errors. 

Projects:

The projects will involve the design and implementation of encryption/decryption algorithms and/or application of the algorithms to real-world problems. Students are expected to employ the theories and techniques learned in the class to design the system.

Details of the projects will be later made available at Assignments & Projects.

NOTE: Unless otherwise specified, all assignments and projects are individual work. Students should take caution not to violate the academic honesty policies. Check out the details at this link.

 


Instructor's Notes:

  • Important: If you think you have lost some points due to grading errors, make sure you approach the instructor within a week after the assignment, project, or test has been returned to you.
  • To get the most out of this class, you need to read the textbooks and spend time using computers regularly. Be prepared for a class by previewing the material to be covered in that class and participate in discussions and problem-solving exercises, if applicable, in the class.
  • Due to the intensive nature of graduate classes, 15-20 hours per week are expected of students in studying the textbook/notes and working on the assignments, in addition to class attendance. Expect to spend more hours during summer sessions.

Related Links:

·        UHCL General Program Requirements: http://www.uhcl.edu/XDR/Render/catalog/archives/125/06/

 

·        Withdrawals, Appeals, GPA, Repeated Courses, and the 6 Drop Rule: http://www.uhcl.edu/XDR/Render/catalog/archives/125/06/%23A0110#A0110

 

        4/23/2012: last day to drop with W

 

·        ASSESSMENT FOR ACCREDITATION:

The School of Science and Computer Engineering may use assessment tools in this course and other courses for curriculum evaluation.  Educational assessment is defined as the systematic collection, interpretation, and use of information about student characteristics, educational environments, learning outcomes, and client satisfaction to improve program effectiveness, student performance, and professional success. This assessment will be related to the learning objectives for each course and individual student performance will be disaggregated relative to these objectives.  This disaggregated analysis will not impact student grades, but will provide faculty with detailed information that will be used to improve courses, curriculum, and student performance.

Go to the Index