CS 600.443: Security and Privacy in Computing
Grades will be determined as follows:
Assignments are due at the beginning of class at 2:30 p.m.
on the stated due date. Late assignments will be penalized 5 percentage
points per weekday. There is no collaboration allowed on exams. You must do only
your own work. There are no textbooks, notes, or computers allowed
during exams. Bring only a pencil.
- Course Project: 50%
- Exam 1: 25% (October 19)
- Exam 2: 25% (December 7)
There will be several guest lectures throughout the course. Students are responsible for the material
covered in the guest lectures, and some of the speakers will provide supplemental reading as well.
Computer Security: Principles and Practice, Prentice Hall, 2007.
By William Stallings and Lawrie Brown, ISBN: 0136004245
Students are expected to enter this course with a basic knowledge of
operating systems, networking, algorithms, and data structures. It is assumed that students
know how to do basic web programming, such as setting up CGI scripts, as well
as network programming. Knowledge of socket programming will be very helpful.
The course project should be done in groups (3-4 people) with presentations to the class.
Students must enter the class with well-developed programming experience.
Course Mailing List
All students must sign up for the class mailing list. Send mail
with "subscribe cs443"
in the message body. Then, to send mail to the class,
send it to cs443 at cs.jhu.edu.
Important announcements will be maid via the mailing list, and students
will be responsible for any information posted to the list.
I will hold my scheduled office hours at my office in 404 Wyman Park after class
on Thursdays, 3:45 a.m. to 5:00 p.m. When needed, I will have hours there on Fridays as well.
I can also meet other times by appointment.
The TAs for this class are Sujata Garera (firstname.lastname@example.org) and Ryan Gardner (email@example.com).
You can meet with them by appointment.
- The course project assignment is available here.
Software security, buffer overflows, secure programming
Network security, firewalls, IPsec
Web security, authentication, SSL, Passport, SSH
Gen 2 Honeynet,
IDS, Tunneling and VPNs
Botnets: reading: Botnet paper and Potemkin paper.
Viruses and worms
Key Management, PKI, key escrow
Crypto continued, Sensus voting system
Logics of authentication
Suggested Reading: Bruce Schneier's "Applied Cryptography" or
Doug Stinson's "Cryptography, Theory and Practice".
Suggested Reading: NSF voting paper (pdf),
Diebold security analysis,
Caltech MIT report (pdf),
California report (pdf),
California report appendix (pdf),
CACM e-voting paper (pdf)
Chaum's paper on receipt voting
- Thomas J. Smedinghoff, The New Law of Information Security: What Companies Need to Do Now. November 2005.
- Greg Stults, An Overview of Sarbanes-Oxley for the Information Security Professional. May 9, 2004.
- Jane Strachan, Cybersecurity Obligations, 20 Main Bar J. 90, Spring 2005.
- Trevor Burke, US Government IT Security Rules, SANS Institute 2003.
- Maxim May, Federal Computer Crime Laws, SANS Institute 2004.
- Text of laws and regulations and other resources
Anonymous routing: Crowds
Censorship resistance: Publius, Freenet, Tangler
Suggested Reading: ACM Chaum paper (pdf),
Crowds paper (pdf),
Umass paper (pdf)
Computer Science Department Academic Integrity Code
The strength of the university depends on academic and personal
integrity. In your studies, you must be honest and truthful. Ethical
violations include cheating on exams, plagiarism, reuse of
assignments, improper use of the Internet and electronic devices,
unauthorized collaboration, alteration of graded assignments, forgery
and falsification, lying, facilitating academic dishonesty, and unfair
Academic honesty is required in all work you submit to be graded.
Except where the instructor specifies group work, you must solve all
homework and programming assignments without the help of others. For
example, you must not look at any other solutions (including program
code) to your homework problems or similar problems. However, you may
discuss assignment specifications with others to be sure you
understand what is required by the assignment.
*If* your instructor permits using fragments of source code from
outside sources, such as your textbook or on-line resources, you must
properly cite the source. Not citing it constitutes plagiarism.
Similarly, your group projects must list everyone who participated.
Falsifying program output or results is prohibited.
Your instructor is free to override parts of this policy for
particular assignments. To protect yourself: (1) Ask the instructor
if you are not sure what is permissible. (2) Seek help from the
instructor or TA, as you are always encouraged to do, rather than from
other students. (3) Cite any questionable sources of help you may
Students who cheat will suffer a serious course grade penalty in addition
to being reported to university officials. You must abide by JHU's Ethics
Code: Report any violations you witness to the instructor. You may consult
the associate dean of students and/or the chairman of the Ethics Board
beforehand. For more information, see the guide on Academic
Ethics for Undergraduates (http://www.advising.jhu.edu/ethics.html)
and the Ethics Board web site (http://ethics.jhu.edu).