CS513 System Security - Overview and Organization

CS513: System Security - Overview and Organization

Course Overview. This course discusses security for computers, communications networks, and distributed systems. We cover applications of cryptography as well as abstractions, principles, structuring constructs, and methods for implementing military as well as commercial-grade secure systems.

Course URL: http://www.cs.cornell.edu/Courses/CS513/2004SP/

Lecture: Attendance is required.

10:10 - 11:25am Tuesday and Thursday. Hollister B14.

Reserve Monday 7:30pm-9:30pm (Upson B17) for occasional make-up lectures and for discussions devoted to the course project. These meetings will be scheduled as needed and announced in lecture, one week before each meeting.

Instructor:

Professor Fred B. Schneider (255-9221) 4115C Upson Hall

Office hours: Available after class and most afternoons, Tues - Thurs. Feel free to drop by without an appointment.

email: fbs@cs.cornell.edu. Please send email only to request an appointment (and include some choices for days and times that you are available---afternoons are best.). Other email will be read but not answered; live interactions are more fun, more efficient, and email is a painfully ineffective and impersonal way to discuss anything substantive.

Other Staff:

Michael Clarkson	clarkson@cs.cornell.edu	4154 Upson
Kevin Hamlen	hamlen@cs.cornell.edu	5138 Upson
Andrew Naumov	an46@cornell.edu	326 Upson
Benyah Shaparenko	benyah@cs.cornell.edu	4143 Upson

Office hours for meeting with these folks.

Prerequisites. The course is open to any undergraduate or graduate student who has mastered the material in CS414 (Operating Systems) or CS514 (Distributed Systems) or CS519 (Engineering Computer Networks) or CS601 (Systems Principles) or CS614 (Advanced Systems). Familiarity with JAVA or C# will be helpful for doing the required programming assignments.

Reading:

The following books, on-reserve in Carpenter Library, should prove useful. Bishop's book is the most comprehensive; readings to complement the lectures will be assigned from it. Schneier's book is a classic reference and well worth owning. The Kaufman et al text is a delightfully written treatment of material we will be covering on network security and cryptographic protocols.

Matt Bishop. Computer Security: Art and Science. Pearson Educational Inc., Boston, Mass. 2002.
Bruce Schneier. Applied Cryptography. Second Edition. Wiley, 1996.
Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security. Private Communication in a Public World. Prentice Hall, 1995.

Lecture notes from prior offerings of the lectures can be found on-line. The contents of the lectures change from year to year (and the on-line notes don't get updated in a timely way), so these on-line notes are a poor substitute for attending class.

Assignments and Grading. In keeping with the professional (and practical) orientation of this course, assignments are deliberately underspecified, open-ended, and motivated by problems that arise in the real world (messy as it is). You will have to think on your own, build tools, refine problem specifications, make reasonable and defensible assumptions, and be creative. Success in this course depends heavily on you figuring out what's important and concentrating on that.

Undergraduate courses give explicit reading assignments and define homework problems closely tied to that reading. CS513 is not an undergraduate course. Students in CS513 are themselves responsible for identifying and reading the relevant sections of the textbook and on-line lecture notes after material has been covered in lecture. Moreover, assignments in CS513 may well take a student far beyond that material to other readings.

Much of the final course grade is based on four programming projects, as follows.

Projects 1-4: Electronic voting system (60%)
In-class quizzes/exams (which encourage attendance and reward those who stay current with the reading) plus required written homework assignments (30%)
Entirely subjective factors, including attendance, class participation, and completing optional homework assignments, etc. (10%).

In the past, students who have attended all of the lectures, submitted all of the required and optional homeworks, and made a good faith effort to get their projects completed on time, have received a final course grade of B or better. The portion of the grade earmarked for "subjective factors" has typically allowed a handful of students to be raised 1/2 letter grade over what they would otherwise have received.

All assignments are due on the date stipulated so that correct answers can be freely discussed after the due date. Late submissions are not accepted without prior approval from the instructor.

Students are expected to work in groups of 2 - 3 on the programming projects (only). Working with other people leads to a better understanding of the material and will enable you to develop collaboration skills that should prove helpful throughout your career. Each participant in a group, however, must be able to explain the entire content of any submitted solution. All members of a group will receive the same grade for each project phase they submit together.

Students are expected to work alone on all other course work. Violations of this academic integrity code will be prosecuted aggressively.

Students are expected to be familiar with the University's and the CS Department's various policies on appropriate use of computers.