CS 458 - Information Security
Spring, 2006
Instructor: Wai Gen Yee (yee@iit)
Time: 3:15 - 4:30pm, Tuesdays and Thursdays
Location: SB 213
Office hours: Tuesdays and Wednesdays, 1-2pm, in SB226c
Class Web page: www.cs.iit.edu/~waigen/classes/cs458spr06/
TA: Jordan Wilberding, by appointment, wilbjor@iit
|
Course News! | Home | Courses
News:
4/28/2006 - Slides of guest speaker, Ray Vaughn, Mississippi State University, posted.
Welcome to the Spring, 2006 edition on CS458. An undergraduate concentration in Information Security has been
established. Please ask for details.
Description:
An introduction to the fundamentals of computer and information security. This course focuses on algorithms and techniques
used to defend against malicious software. Topics include an introduction to encryption systems, operating system security,
database security, network security, system threats, and risk avoidance procedures.
Course Goals:
- Provide an introduction to the security engineering discipline.
- Expose students to contemporary risks and attack procedures.
- To provide students with an appreciation of the historical perspective in information assurance research.
- Describe security engineering processes – particularly those being used in industry.
- Students will be familiar with fundamental encryption algorithms.
- Students will be able to design an architecture to defend a specific system from attack.
- The student will be able to apply standard, accepted security engineering techniques to protect a system with respect to
a specific organizational security policy.
- The student will demonstrate an ability to document their work to an acceptable standard.
Major Topics:
- Security Engineering Perspectives
- Security Historical Perspectives
- Operating System Security
- Database Security Algorithms
- Network Security
- Security Administration
- E-Commerce Security
- Encryption types and techniques
- Prevention, Detection, and Response
- Legal and Ethical Issues
Prerequisites:
CS425 (Database Organization), CS450 (Operating Systems), and a strong programming background. Knowledge of networks is a big
plus.
Course Text:
- Security In Computing - C. Pfleeger and S. Pfleeger, Prentice Hall, 2002.
Course Structure:
Information security is an intense area of research, both in industry and in academia. Students who pass this course should
be able to pursue areas in both. He should be able to recognize security faults and start invesigations into methods of
solving them. To this end, assignments include the implementation of security measures and the conducting of independent study.
Workload consists of two exams (a midterm and a final), several programming assignments, and a research project. The
exams will be in-class, closed-book. The programming assignments involve building security apparatuses. They are cumulative,
and require mature programming skills. They will be assigned at regular intervals during the course.
The research project is of your design, although I can suggest some topics. At the end of the semester each student must
submit an approximately 10-page report on some aspect of information security. This report should reference at least one
academic paper and one industry paper (as well as other sources). The report must be presented in class during a 20-30 minute
time-slot.
To ensure quality projects, there will be subgoals:
- Project description-Tell me what you will study and why it is interesting. I will accept or reject your project at
this point.
- Midterm report-Give me five or so pages of your project. State your discoveries so far and your information sources.
- Final report-Submit to me a copy of your report and your presentation slides.
Policy:
Plagiarism will result in an automatic failure. Late policy is 5% per day, for a maximum of one week. You must do all assignments individually, and take all exams to earn at least a C. If you have any problems following this policy, you must notify me in advance. If you need extensions for some deadline, you have a better chance of leniency if you notify me in advance.
Feel free to demo projects before they are due (during office hours) to get a sense of what I expect. By demoing before the due date, you can know exactly what you will get during the actual demo for a grade.
Grading will primarily be based on six numbers: three exams and three projects. Based on these grades, all students should know how well they are doing in the class. Because there are so many grades, no single grade should kill you, and I should get a good sense of your progress. Note that I am strict, but, I believe, fair.
Finally: Enjoy the class. Participate. Ask questions. Come to office hours. Talking won't hurt your grade (it might even help) and makes the class more fun to attend and teach.
Course Materials:
Besides the text, lecture slides are available. I also encourage students to find their own materials on the Web, as
Information Security is an continually evolving discipline. The links below are good starting points.
4/27/06 - Ray Vaughn lecuture slides.
Project Information:
Projects are due by the beginning of class time on the date they're due. The late penalty will be assessed every 24 hours.
Project topics will be announced.
Important Dates:
February 1: Project proposals due.
March 2: Intermediate report due.
March 9: Midterm.
March 13-18: Spring break.
Last two weeks of class: Student presentations.
May 4: Last day of class, final exam.
Resources for the Student:
Links: