[Please remove <h1>]
| Instructor | Ian Goldberg |
| Office Phone | x36168 |
| Office Location | DC 3518 |
| Office Hours | Thursdays 3:30-4:30, or by appointment |
| iang+ace@cs.uwaterloo.ca | |
| Lecture times | TTh 10:00-11:30, MC 4042 |
Required Text
Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing, 4th edition, Prentice-Hall, 2007, ISBN 0-13-239077-9 http://www.phptr.com/bookstore/product.asp?isbn=0132390779&rl=1
Overview
This course provides an introduction to security and privacy issues in various aspects of computing, including programs, operating systems, networks, databases, and Internet applications. It examines causes of security and privacy breaches, and gives methods to help prevent them.
Students completing this course should be better able to produce programs that can defend against active attacks, and not just against random bugs.
Intended audience
Third or fourth year CS students, or first year CS graduate students
Prerequisites
CS 350 (Operating Systems). Familiarity with C.
Outline
- Introduction to Computer Security and Privacy (1.5 hours)
- The meaning of computer security; comparing security with privacy; types of threats and attacks; methods of defense
- Program Security (6 hours)
- Secure programs; nonmalicious program errors; malicious code; controls against program threats
- Operating System Security (6 hours)
- Methods of protection; access control; user authentication
- Network Security (4.5 hours)
- Network threats; firewalls, intrusion detection systems
- Internet Application Security and Privacy (9 hours)
- Basics of cryptography; security and privacy for Internet applications (email, instant messaging, web browsing); privacy-enhancing technologies
- Database Security and Privacy (4.5 hours)
- Security and privacy requirements; reliability, integrity, and privacy; inference; data mining; k-anonymity
- Non-technical Aspects (4.5 hours)
- Administration of security systems; policies; physical security; economics of security; legal and ethical issues
It is expected that you will have read the appropriate sections of the textbook (as noted in the Calendar section of UW-ACE) before class. Additional readings may be assigned as well, and will appear on the lecture slides page; those readings marked as mandatory contain required material for the course; those marked before class must be read before the date of the corresponding lecture.
Grading Policy
Grades will be calculated as follows:
- midterm exam (20%)
- final exam (30%)
- assignments (45%)
- self-tests (5%)
If the weighted average of your exam marks is below 50%, you cannot pass the course.
Midterm time/location: Monday, 22 October, 7 pm / RCH 110
Final time/location: Thursday, 6 December, 4 pm / RCH 211,212
The midterm and final are closed-book exams. The midterm covers all material presented up to that point in the course. The final exam covers material from the whole term, with emphasis on the second half of the course.
Assignments are to be submitted electonically with the "submit" command, and are due at 11:59 pm Eastern Time on their respective due dates. Late submissions for such assignments (not including self-tests) will be accepted only up to 48 hours after the original due date. Due dates will be posted well in advance in the Calendar section of the UW-ACE course site. It is your responsibility to keep up with all course-related information posted to UW-ACE.
Self-tests are meant to help you keep up with the material, and gauge your grasp of it (at a basic level) on an ongoing basis. The availability and deadline information will be posted on UW-ACE. You can attempt each self-test as often as you like during its availability period; your last grade on each self-test will be the one recorded (although course personnel can see every attempt). No late self-tests will be accepted for any reason.
Reappraisal Policy
Each assignment and the midterm has a Lead TA assigned (see below). If you have an assignment or exam that you would like to have reappraised, please provide the Lead TA with a written request (on paper or by email), including a justification for your claims, and any related material (such as your original assignment). If your appeal is concerned with a simple calculation error, please see the instructor or Lead TA during his respective office hours. The appeals deadline is one week after the respective item is returned.
Communication
Please direct all communication to the appropriate discussion forum in UW-ACE. If there is a good reason not to use the discussion forum (e.g., personal matters, a question that might reveal part of a solution, etc.) contact course personnel directly via UW-ACE email. Please use regular email only as a last resort. Course personnel may decide that an email message is more appropriate for a discussion group and repost it there.
Important course information will generally be posted to UW-ACE, but may also be sent to you via UW-ACE email or your uwaterloo.ca email address. It is your responsibility to monitor all of these channels.
Research Paper (CS 698)
Students registered in CS 698 must write a research survey paper on a topic related to computer security or privacy. Your topic must be approved in advance by the instructor. In writing your paper, you must become familiar with the research literature relevant to your topic. Your paper should be a summary of past and current work on your topic, as well as an overview of known open problems and potential future directions in the area. You should provide a concise summary of work, emphasizing major accomplishments, rather than a detailed accounting of individual pieces of research activity; your paper should not be very lengthy. The research paper will account for 20% of your overall mark with the other 80% following the proportions of the CS 489 formula. You must submit a one-page proposal to the instructor by October 12. It is recommended but not required that you discuss the proposal with the instructor first. Additional milestones for the completion of the paper will be set. The final version is due on December 3.
Teaching Assistants
- Joel Reardon (Lead TA for Assignment 1 and midterm)
- Aniket Kate (Lead TA for Assignments 2 and 3)
Academic Integrity
Students are encouraged to talk to one another, to the TAs, to the instructor, or to anyone else about any of the assignments. Any assistance, though, must be limited to discussion of the problem and sketching general approaches to a solution. Each student must write his or her own solutions, including code and documentation if appropriate, for the assignments. Consulting another student's solution is prohibited, and submitted solutions may not be copied from any source. These and any other forms of collaboration on assignments constitute cheating. If you have any questions about whether some activity constitutes cheating, please ask the instructor. Here is the corresponding Faculty Policy.
The general university policy:
- Students are expected to know what constitutes academic integrity, to avoid committing academic offences, and to take responsibility for their actions. Students who are unsure whether an action constitutes an offence, or who need help in learning how to avoid offences (e.g., plagiarism, cheating) or about 'rules' for group work / collaboration should seek guidance from the course professor, TA, academic advisor, or the Undergraduate Associate Dean.
- For information on categories of offences and types of penalties, students should refer to Policy 71, Student Academic Discipline.
- Students who believe that they have been wrongfully or unjustly penalized have the right to grieve: refer to Policy 70, Student Grievance.
Security Information
In this course, you will be exposed to information about security problems and vulnerabilities with computing systems and networks. To be clear, you are not to use this or any other similar information to test the security of, break into, compromise, or otherwise attack, any system or network without the express consent of the owner. In particular, you will comply with all applicable laws and UW policies, including, but not limited to, the following:
- UW Policy 33, Ethical Behaviour
- Guidelines on Use of UW Computing and Network Resources
- Examples Reflecting the Application of the above Guidelines
- MFCF Account Usage Policy
- CSCF-Specific Policies
Violations will be treated severely, and with zero tolerance.
