CS 600.443: Security and Privacy in Computing

Grading

Grades will be determined as follows: Assignments are due at the beginning of class at 1:30 p.m. on the stated due date. Late assignments will be penalized 5 percentage points per weekday. There is no collaboration allowed on exams. You must do only your own work. There are no textbooks, notes, or computers allowed during exams. Bring only a pencil.

Guest Lectures

There will be several guest lectures throughout the course. Students are responsible for the material covered in the guest lectures, and some of the speakers will provide supplemental reading as well.

Recommended Textbook

Computer Security: Principles and Practice, Prentice Hall, 2007.
By William Stallings and Lawrie Brown, ISBN: 0136004245

Prerequisites

Students are expected to enter this course with a basic knowledge of operating systems, networking, algorithms, and data structures. It is assumed that students know how to do basic web programming, such as setting up CGI scripts, as well as network programming. Knowledge of socket programming will be very helpful.

The course project should be done in groups (3-4 people) with presentations to the class. Students must enter the class with well-developed programming experience.

Office Hours

I will hold my scheduled office hours at my office in 404 Wyman Park after class on Thursdays, 3:45 a.m. to 5:00 p.m. When needed, I will have hours there on Fridays as well. I can also meet other times by appointment.

TA

TBD

Course project

Lecture Topics

Unit 1

Software security, buffer overflows, secure programming

Suggested Reading:

Unit 2

Randomness Network security, firewalls, IPsec
Web security, authentication, SSL, Passport, SSH
Honeypots, Honeynets, Gen 2 Honeynet, Sebek
IDS, Tunneling and VPNs
Botnets: reading: Botnet paper and Potemkin paper.
Viruses and worms

Unit 3

Encryption, signatures
Key Management, PKI, key escrow
Crypto continued, Sensus voting system
Logics of authentication

Suggested Reading: Bruce Schneier's "Applied Cryptography" or Doug Stinson's "Cryptography, Theory and Practice".

Unit 4

Electronic Voting

Suggested Reading: NSF voting paper (pdf), Diebold security analysis, Caltech MIT report (pdf), California report (pdf), California report appendix (pdf), CACM e-voting paper (pdf) Chaum's paper on receipt voting (pdf)

Unit 5

Security and Privacy policy

Reading

Unit 5

RFID
Basic Privacy
P3P
Anonymous routing: Crowds
Publius (paper)
Censorship resistance: Publius, Freenet, Tangler

Suggested Reading: ACM Chaum paper (pdf), Crowds paper (pdf), Umass paper (pdf)


Computer Science Department Academic Integrity Code

The strength of the university depends on academic and personal integrity. In your studies, you must be honest and truthful. Ethical violations include cheating on exams, plagiarism, reuse of assignments, improper use of the Internet and electronic devices, unauthorized collaboration, alteration of graded assignments, forgery and falsification, lying, facilitating academic dishonesty, and unfair competition.

Academic honesty is required in all work you submit to be graded. Except where the instructor specifies group work, you must solve all homework and programming assignments without the help of others. For example, you must not look at any other solutions (including program code) to your homework problems or similar problems. However, you may discuss assignment specifications with others to be sure you understand what is required by the assignment.

*If* your instructor permits using fragments of source code from outside sources, such as your textbook or on-line resources, you must properly cite the source. Not citing it constitutes plagiarism. Similarly, your group projects must list everyone who participated.

Falsifying program output or results is prohibited.

Your instructor is free to override parts of this policy for particular assignments. To protect yourself: (1) Ask the instructor if you are not sure what is permissible. (2) Seek help from the instructor or TA, as you are always encouraged to do, rather than from other students. (3) Cite any questionable sources of help you may have received.

Students who cheat will suffer a serious course grade penalty in addition to being reported to university officials. You must abide by JHU's Ethics Code: Report any violations you witness to the instructor. You may consult the associate dean of students and/or the chairman of the Ethics Board beforehand. For more information, see the guide on Academic Ethics for Undergraduates (http://www.advising.jhu.edu/ethics.html) and the Ethics Board web site (http://ethics.jhu.edu).