CS 600.443: Security and Privacy in Computing
Grading
Grades will be determined as follows:
- Assignments: 35%
- Exam 1: 20% (March 3)
- Exam 2: 20% (April 8)
- Final Exam: 25% (Date: May 12)
Assignments are due at the beginning of class at 2:30 p.m.
on the stated due date. Late assignments will be penalized 5 percentage
points per weekday. Except for assignments that are designated as
group assignments, all work must be done on your own.
There is no collaboration allowed on exams. You must do only
your own work. There are no textbooks, notes, or computers allowed
during exams.
Recommended Textbooks
Firewalls and Internet security (second edition), Addison Wesley, 2003.
By Bill Cheswick, Steve Bellovin, Avi Rubin, ISBN: 020163466X
Cryptography and Network Security: Principles and Practice (3rd Edition), Prentice Hall, 2002.
by William Stallings, ISBN: 0130914290
Prerequisites
Students are expected to enter this course with a basic knowledge of
operating systems, networking, algorithms, and data structures. It is assumed that students
know how to do basic web programming, such as setting up CGI scripts, as well
as network programming. Knowledge of socket programming will be very helpful.
The assignments will consist of programming projects as well as analytical exercises.
There will be individual programming projects as well as a group assignment (3-4 people) with
presentations to the class. Students must enter the class with well-developed programming
experience.
Course Mailing List
All students must sign up for the class mailing list. Send mail
to majordomo@cs.jhu.edu
with "subscribe cs443"
in the message body. Then, to send mail to the class,
send it to cs443 at cs.jhu.edu.
Important announcements will be maid via the mailing list, and students
will be responsible for any information posted to the list.
Office Hours
I will hold my scheduled office hours at 314 NEB after class
on Thursdays, 3:45 a.m. to 5:00 p.m. When needed, I will have hours there on Fridays as well.
I can also meet other times by appointment.
TA
The TAs for this class are Matt Green (mgreen@jhu.edu) and Steve Bono (sbono1@jhu.edu).
You can meet with Matt or Steve by appointment.
Guest Lectures
The following guest lectures are scheduled:
- Randy Sabbett, March 31
- Gary McGraw, April 15
- Ari Schwartz, April 28
Other special dates:
- April 22, no class due to Passover
- April 5 & 6 Student project presentations in class
Assignments
- Assignment 1 is available here.
- Assignment 2 is available here.
Lecture Topics
Unit 1
Network security, firewalls, IPsec
Web security, authentication, SSL, Passport, SSH
Honeypots,
Honeynets,
Gen 2 Honeynet,
Sebek
IDS, Tunneling and VPNs
Viruses and worms
Unit 2
Reading: NSF voting paper (pdf),
Diebold security analysis,
Caltech MIT report (pdf),
California report (pdf),
California report appendix (pdf),
CACM e-voting paper (pdf)
Chaum's paper on receipt voting
(pdf)
Electronic Voting
Alternative authentication technologies
Unit 3
Reading: Bruce Schneier's "Applied Cryptography" or
Doug Stinson's "Cryptography, Theory and Practice".
Cryptography
Key Management, PKI, key escrow
Crypto continued, Sensus voting system
Logics of authentication
Unit 4
Reading: William Arbaugh, David Farber, Jonathan Smith,
A Secure and Reliable Bootstrap Architecture, 1997 IEEE
Security and Privacy Symposium.
Ross Anderson's Trusted Computing FAQ.
Digital Rights Management
Trusted Computing, NGSCB, TCPA
Unit 5
Reading: ACM Chaum paper (pdf),
Crowds paper (pdf),
Umass paper (pdf)
RFID
Basic Privacy
P3P
Anonymous routing: Crowds
Publius (paper)
Censorship resistance: Publius, Freenet, Tangler
Final exam Date: Thursday, May 12, 2005 Time: 2-5 pm
Here are some old exams: Spring '03 and
Spring '04.
Computer Science Department Academic Integrity Code
The strength of the university depends on academic and personal
integrity. In your studies, you must be honest and truthful. Ethical
violations include cheating on exams, plagiarism, reuse of
assignments, improper use of the Internet and electronic devices,
unauthorized collaboration, alteration of graded assignments, forgery
and falsification, lying, facilitating academic dishonesty, and unfair
competition.
Academic honesty is required in all work you submit to be graded.
Except where the instructor specifies group work, you must solve all
homework and programming assignments without the help of others. For
example, you must not look at any other solutions (including program
code) to your homework problems or similar problems. However, you may
discuss assignment specifications with others to be sure you
understand what is required by the assignment.
*If* your instructor permits using fragments of source code from
outside sources, such as your textbook or on-line resources, you must
properly cite the source. Not citing it constitutes plagiarism.
Similarly, your group projects must list everyone who participated.
Falsifying program output or results is prohibited.
Your instructor is free to override parts of this policy for
particular assignments. To protect yourself: (1) Ask the instructor
if you are not sure what is permissible. (2) Seek help from the
instructor or TA, as you are always encouraged to do, rather than from
other students. (3) Cite any questionable sources of help you may
have received.
Students who cheat will suffer a serious course grade penalty in addition
to being reported to university officials. You must abide by JHU's Ethics
Code: Report any violations you witness to the instructor. You may consult
the associate dean of students and/or the chairman of the Ethics Board
beforehand. For more information, see the guide on Academic
Ethics for Undergraduates (http://www.advising.jhu.edu/ethics.html)
and the Ethics Board web site (http://ethics.jhu.edu).