CS 600.443: Security and Privacy in Computing
Grades will be determined as follows:
Assignments are due at the beginning of class at 2:30 p.m.
on the stated due date. Late assignments will be penalized 5 percentage
points per weekday. You must do your own work on assignments.
There is no collaboration allowed on assignments or exams.
There are no textbooks, notes, or computers allowed during exams.
The class project will be done in groups of up to 4 students.
- Assignments: 30%
- Project: 20%
- Exam 1: 25% (February 23)
- Exam 2: 25% (April 20)
The class assignment and project write-ups will be available at the links below on or before the "Out" date listed below them.
- Assignment #1, available here
- Assignment #2, available here
- Class Project, available here
Students are expected to enter this course with a basic knowledge of
operating systems, networking, algorithms, and data structures. It is assumed that students
know how to do basic web programming, such as setting up CGI scripts, as well
as network programming. Knowledge of socket programming will be very helpful.
Students must be familiar with programming in C, as well as using debugging tools.
The assignments will consist of programming projects as well as analytical exercises.
Selected assignments will be chosen for presentation to the class.
Projects should be done in groups (3-4 people) with
presentations to the class. Students must enter the class with well-developed programming
Course Mailing List
All students must sign up for the class mailing list. Send mail
with "subscribe cs443"
in the message body. Then, to send mail to the class,
send it to cs443 at cs.jhu.edu.
Important announcements will be maid via the mailing list, and students
will be responsible for any information posted to the list.
My office is in Wyman Park, but I will hold my scheduled office hours in B28 in NEB after class on Thursdays, 3:45 p.m. to 4:45 p.m. I can also meet other times by appointment.
The TAs for this class are Sujata Doshi and TBD.
You can meet with them by appointment.
The following guest lectures are scheduled:
Other special dates:
- Gary McGraw, Software Security, Date: 2/22
- Ari Schwartz, Electronic Surveillance, Date: 3/23
- Randy Sabbett, Security and Intellectual Property, date: 4/6
- Feb 8, no class
- Date: March 29, MSSI alum and attorney Erika McCallister will
- April 26-27, student project presentations in class
Software security, buffer overflows, secure programming
Network security, firewalls, IPsec
Web security, authentication, SSL, Passport, SSH
Gen 2 Honeynet,
IDS, Tunneling and VPNs
Botnets: reading: Botnet paper and Potemkin paper.
Viruses and worms
Key Management, PKI, key escrow
Crypto continued, Sensus voting system
Logics of authentication
Suggested Reading: Bruce Schneier's "Applied Cryptography" or
Doug Stinson's "Cryptography, Theory and Practice".
Suggested Reading: NSF voting paper (pdf),
Diebold security analysis,
Caltech MIT report (pdf),
California report (pdf),
California report appendix (pdf),
CACM e-voting paper (pdf)
Chaum's paper on receipt voting
- Thomas J. Smedinghoff, The New Law of Information Security: What Companies Need to Do Now. November 2005.
- Greg Stults, An Overview of Sarbanes-Oxley for the Information Security Professional. May 9, 2004.
- Jane Strachan, Cybersecurity Obligations, 20 Main Bar J. 90, Spring 2005.
- Trevor Burke, US Government IT Security Rules, SANS Institute 2003.
- Maxim May, Federal Computer Crime Laws, SANS Institute 2004.
- Text of laws and regulations and other resources
Anonymous routing: Crowds
Censorship resistance: Publius, Freenet, Tangler
Suggested Reading: ACM Chaum paper (pdf),
Crowds paper (pdf),
Umass paper (pdf)
Computer Science Department Academic Integrity Code
The strength of the university depends on academic and personal
integrity. In your studies, you must be honest and truthful. Ethical
violations include cheating on exams, plagiarism, reuse of
assignments, improper use of the Internet and electronic devices,
unauthorized collaboration, alteration of graded assignments, forgery
and falsification, lying, facilitating academic dishonesty, and unfair
Academic honesty is required in all work you submit to be graded.
Except where the instructor specifies group work, you must solve all
homework and programming assignments without the help of others. For
example, you must not look at any other solutions (including program
code) to your homework problems or similar problems. However, you may
discuss assignment specifications with others to be sure you
understand what is required by the assignment.
*If* your instructor permits using fragments of source code from
outside sources, such as your textbook or on-line resources, you must
properly cite the source. Not citing it constitutes plagiarism.
Similarly, your group projects must list everyone who participated.
Falsifying program output or results is prohibited.
Your instructor is free to override parts of this policy for
particular assignments. To protect yourself: (1) Ask the instructor
if you are not sure what is permissible. (2) Seek help from the
instructor or TA, as you are always encouraged to do, rather than from
other students. (3) Cite any questionable sources of help you may
Students who cheat will suffer a serious course grade penalty in addition
to being reported to university officials. You must abide by JHU's Ethics
Code: Report any violations you witness to the instructor. You may consult
the associate dean of students and/or the chairman of the Ethics Board
beforehand. For more information, see the guide on Academic
Ethics for Undergraduates (http://www.advising.jhu.edu/ethics.html)
and the Ethics Board web site (http://ethics.jhu.edu).