CS 600.443: Security and Privacy in Computing

Grading

Grades will be determined as follows:

Assignments: 30%
Project: 20%
Exam 1: 25% (February 23)
Exam 2: 25% (April 20)

Assignments are due at the beginning of class at 2:30 p.m. on the stated due date. Late assignments will be penalized 5 percentage points per weekday. You must do your own work on assignments. There is no collaboration allowed on assignments or exams. There are no textbooks, notes, or computers allowed during exams. The class project will be done in groups of up to 4 students.

Assignments

The class assignment and project write-ups will be available at the links below on or before the "Out" date listed below them.

Assignment #1, available here
- Out: 1/26
- In: 2/9
Assignment #2, available here
- Out: 2/16
- In: 3/2
Class Project, available here
- Out: 3/2
- In: 4/26

Prerequisites

Students are expected to enter this course with a basic knowledge of operating systems, networking, algorithms, and data structures. It is assumed that students know how to do basic web programming, such as setting up CGI scripts, as well as network programming. Knowledge of socket programming will be very helpful. Students must be familiar with programming in C, as well as using debugging tools.

The assignments will consist of programming projects as well as analytical exercises. Selected assignments will be chosen for presentation to the class. Projects should be done in groups (3-4 people) with presentations to the class. Students must enter the class with well-developed programming experience.

Course Mailing List

All students must sign up for the class mailing list. Send mail to majordomo@cs.jhu.edu with "subscribe cs443" in the message body. Then, to send mail to the class, send it to cs443 at cs.jhu.edu. Important announcements will be maid via the mailing list, and students will be responsible for any information posted to the list.

Office Hours

My office is in Wyman Park, but I will hold my scheduled office hours in B28 in NEB after class on Thursdays, 3:45 p.m. to 4:45 p.m. I can also meet other times by appointment.

TA

The TAs for this class are Sujata Doshi and TBD. You can meet with them by appointment.

Guest Lectures

The following guest lectures are scheduled:

Gary McGraw, Software Security, Date: 2/22
Ari Schwartz, Electronic Surveillance, Date: 3/23
Randy Sabbett, Security and Intellectual Property, date: 4/6

Other special dates:

Feb 8, no class
Date: March 29, MSSI alum and attorney Erika McCallister will provide a special unit on security and privacy policy
April 26-27, student project presentations in class

Lecture Topics

Unit 1

Software security, buffer overflows, secure programming

Unit 2

Network security, firewalls, IPsec
Web security, authentication, SSL, Passport, SSH
Honeypots, Honeynets, Gen 2 Honeynet, Sebek
IDS, Tunneling and VPNs
Botnets: reading: Botnet paper and Potemkin paper.
Viruses and worms

Unit 3

Cryptography
Key Management, PKI, key escrow
Crypto continued, Sensus voting system
Logics of authentication

Suggested Reading: Bruce Schneier's "Applied Cryptography" or Doug Stinson's "Cryptography, Theory and Practice".

Unit 4

Electronic Voting

Suggested Reading: NSF voting paper (pdf), Diebold security analysis, Caltech MIT report (pdf), California report (pdf), California report appendix (pdf), CACM e-voting paper (pdf) Chaum's paper on receipt voting (pdf)

Unit 4

Security and Privacy policy

Reading

Thomas J. Smedinghoff, The New Law of Information Security: What Companies Need to Do Now. November 2005.
Greg Stults, An Overview of Sarbanes-Oxley for the Information Security Professional. May 9, 2004.
Jane Strachan, Cybersecurity Obligations, 20 Main Bar J. 90, Spring 2005.
Trevor Burke, US Government IT Security Rules, SANS Institute 2003.
Maxim May, Federal Computer Crime Laws, SANS Institute 2004.
Text of laws and regulations and other resources

Unit 5

FID
Basic Privacy
P3P
Anonymous routing: Crowds
Publius (paper)
Censorship resistance: Publius, Freenet, Tangler

Suggested Reading: ACM Chaum paper (pdf), Crowds paper (pdf), Umass paper (pdf)

Computer Science Department Academic Integrity Code

The strength of the university depends on academic and personal integrity. In your studies, you must be honest and truthful. Ethical violations include cheating on exams, plagiarism, reuse of assignments, improper use of the Internet and electronic devices, unauthorized collaboration, alteration of graded assignments, forgery and falsification, lying, facilitating academic dishonesty, and unfair competition.

Academic honesty is required in all work you submit to be graded. Except where the instructor specifies group work, you must solve all homework and programming assignments without the help of others. For example, you must not look at any other solutions (including program code) to your homework problems or similar problems. However, you may discuss assignment specifications with others to be sure you understand what is required by the assignment.

*If* your instructor permits using fragments of source code from outside sources, such as your textbook or on-line resources, you must properly cite the source. Not citing it constitutes plagiarism. Similarly, your group projects must list everyone who participated.

Falsifying program output or results is prohibited.

Your instructor is free to override parts of this policy for particular assignments. To protect yourself: (1) Ask the instructor if you are not sure what is permissible. (2) Seek help from the instructor or TA, as you are always encouraged to do, rather than from other students. (3) Cite any questionable sources of help you may have received.

Students who cheat will suffer a serious course grade penalty in addition to being reported to university officials. You must abide by JHU's Ethics Code: Report any violations you witness to the instructor. You may consult the associate dean of students and/or the chairman of the Ethics Board beforehand. For more information, see the guide on Academic Ethics for Undergraduates (http://www.advising.jhu.edu/ethics.html) and the Ethics Board web site (http://ethics.jhu.edu).