Syllabus

[Note: The most recent updates highlighted]

Syllabus for

CS 6030: Advanced Computer and Information Security (ACIS)

Fall 2007

Department of Computer Science, Western Michigan University

Instructor: Dr. Leszek (LEH-shek) Lilien, CEAS B-249, phone: (269) 276-3116 (email preferred)

Email: llilien@cs.wmich.edu – Only messages related to urgent matters and conforming to the following email requirements will be read by me.

Email requirements for CS 6030-F07

a) Messages must be from an address ending with “wmich.edu” (e.g., from “wmich.edu” or “cs.wmich.edu”).

b) Each message must have a descriptive subject, preceded by one of prefixes indicated next:

(b.1) If your message is related to your project, use the following Subject line format:

CS 6030-F07--PT<id>: <subject>

where PT = Project Team, and id is the id of your Project Team.

Examples:

for id = 4: CS 6030-F07--PT4: selected papers

for id = 8A: CS 6030-F07--PT8A: selected paper

IMPORTANT: Any member of a PT sending a message to me _must_ Cc it to all members of this PT (so: (a) all PT members are informed, and (b) I can easily reply to all).

(b.2) If your message is related to your textbook chapter presentation (TCP), use the following Subject line format: CS 6030-F07--TCP<id>: <subject>

Example s:

for Chapter 4: CS 6030-F07--TCP4: our slides

for Chapter 7 part 1: CS 6030-F07--TCP7-1: our slides

IMPORTANT: Any member of a TCP group sending a message to me _must_ Cc it to all members of this TCP (so: (a) all PT members are informed, and (b) I can easily reply to all).

(b.3) For your message related to other CS6030-ACIS topics, use the original Subject line format:

CS 6030-F07--<your last name>: <subject>

Example: CS 6030-F07--Smith: final exam date

NOTE: Don't use "<" and ">" -- they are only elements of format specs)

Attached files must be scanned with up-to-date anti-viral software, and the message including them must contain the following statement:

I have scanned the enclosed file(s) with <name of software, its version>, which was last updated on <date>.

where <date> should be the current date. (You should have the habit of updating your anti-viral software daily!)

Office Hours: T 5:15 pm – 6:15 pm

R 11:45 am – 12:45 pm & 5:15 pm – 6:15 pm

Classes: CEAS C-122, T and R 6:30 pm – 7:45 pm

Class Web Pages:

Syllabus – main page (this page): index.html

Lecture slides and announcements: slides+announcements.html

Prerequisites:

Graduate student status.

Grade B or better in CS 5950/6030: Network Security or CS 5950/6030: Computer Security and Information Assurance or instructor’s permission.

Grade B or better in a course on computer networks, such as CS 5550: Computer Networks.

Texts:

1) Main text:

L. Buttyán and J.-P. Hubaux, Security and Cooperation in Wireless Networks. Thwarting Malicious and Selfish Behavior in the Age of Ubiquitous Computing. To be published by Cambridge University Press in November 2007.

Until published, the book is available at: http://secowinet.epfl.ch/index.php?page=home.html

Publisher’s web page with information about the book:

http://www.cambridge.org/us/catalogue/catalogue.asp?isbn=9780521873710)

2) Supplemental text 1:

S. Frankel, B. Eydt, L. Owens, and K. Scarfone, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i. NIST Special Publication 800-97, February 2007.

Available at: http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdf

or at: http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97-pdf.zip (the ZIPped version)

3) Supplemental text 2:

T. Karygiannis and L. Owens, Wireless Network Security. 802.11, Bluetooth and Handheld Devices. NIST Special Publication 800-48, November 2002

Available at: http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf

or at: http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.zip (the ZIPped version)

Part I – Introduction

1. Existing Wireless Networks

2. New Wireless Networks and New Challenges

3. Trust

Part II – Thwarting Malicious Behavior

4. Naming and Addressing

5. Establishment of Security Associations

6. Securing Neighbor Discovery

7. Secure Routing in Multi-Hop Wireless Networks

8. Privacy Protection

Part III – Thwarting Selfish Behavior

9. Selfish Behavior at the MAC layer of CSMA/CA

10. Selfishness in Packet Forwarding

11. Cooperation among Operators

12. Secure Protocols for Behavior Enforcement

Appendices

A1. Introduction to Cryptographic Algorithms and Protocols

A2. A Tutorial on Game Theory for Wireless Networks

Optionally, the lecture might also cover other selected areas of advanced research in computer privacy and security, which are of most interest to me. Examples include:

Trust, privacy and security in opportunistic networks.

Privacy-preserving data dissemination.

Trust, privacy and security in pervasive systems, ad hoc networks, embedded networks and sensor networks.

Authentication and privacy, with emphasis on using trust for authorization, and authentication in healthcare systems.

Authentication attacks and controls.

Analysis of computer privacy and security paradigms and development of new ones.

Modeling computer fraud and investigating types of fraudulent user behaviors.

Vulnerability analysis and threat assessment/avoidance in computer systems, esp. in database systems.

Course Requirements for Students:

Work on an own research project (most will be group projects, not individual ones). Projects will be usually chosen from the lecture topics and the optional “selected areas” listed above.

There will be three basic types of projects: survey/overview projects, implementation projects, or simulation projects. All projects will be developed under my close supervision, including regular weekly meetings.

Present in class a publication—a research paper or a book section—used in your project. It will be selected by me, or selected by you and accepted by me. This “long” presentation will probably last 30 minutes plus a 5-minute Q&A period.

Present in class your project results. This “short” presentation will probably last 10 minutes plus a 5-minute Q&A period.

Write a research report summarizing the project work.

Take the final exam.

There might be a few unannounced quizzes covering lectures (including presentations by fellow students) and required readings.

Course Policies:

1. Lecture

- Lecture notes will be available on-line on the “Lecture slides and announcements” page. You should study the slides and read announcements (if any) after/before each lecture.

- Taking notes during classes is highly encouraged. Especially, you should write down anything that is written down using the board or the document projector. You are encouraged to slow me down if you need more time to take notes.

- Attendance is required. If you must miss a lecture, make sure that you don’t miss announcements.

2. Group Projects

- The group projects will be done in Project Teams (PTs) consisting normally of 3-5 students.

- I will propose a set of topics for the project to help students in project selection. PTs are free to propose their own topics for the project but must obtain my buy-in before starting their work.

- The results obtained in the final project will be communicated by the PTs: (a) in written reports submitted to me by the end of the semester, (b) in slides presented in class before the end of the semester. Both technical contents and quality of (written or oral) presentation will be evaluated for the project grade (normally the same for all PT members).

- All projects will be due no later than on the last day of regular classes (December 6, 2007).

- More details about project requirements, including presentation and report requirements, will be provided later.

3. Lecture Material Presentation and Reviewing

- I plan presentations of Chapters or parts of Chapters from the main text by paired Textbook Chapter Presentation Teams (TCPTs). (Possibly, selected research papers might be included in the presentations in addition to presenting textbook material.)

For each presentation, one TCPT in the pair will play the role of Presenters, and another PT—of Reviewers. Reviewers will work with presenters before the in-class presentation to assure the best quality (completeness, clarity, etc.) of presentation (incl. slides). Criteria for reviewing slides and presentations will be provided by me. (More details below.)

- In general, the material selected for presentation by the members of an TCPT will not be related to the group projects of the TCPT members. The material assigned for reviewing to an TCPT should be unrelated to the group projects of the TCPT members. (In this way, if the reviewers understand the presentation, anybody in the class will. J )

- I will work with students to select Chapters or theirs parts for each TCPT for presentation. Reviewing TCPTs have to accept the presenting TCPT’s selection.

- Example scenario: Each pair of TCPTs participates in two presentation/review rounds, with their roles switched in the second round. Suppose that TCPT3 and TCPT6 are paired with each other.

In Round 1, TCPT3 is selected for presentation and TCPT6 for reviewing of selected material. TCPT3 is responsible for preparing the initial presentation. Then, TCPT6 reviews the presentation (without reading the presented material in the textbook since TCPT6 members must be in a position in which other students will soon be). TCPT6 decides whether to review slides only, or hold an entire mock presentation (at least the TCPT6 review before the in-class presentation of the material should be a mock presentation.) TCPT3 uses the feedback from all reviews by TCPT3 to improve the presentation. A few iterations of the review-improve process might be needed, as determined by TCPT6 (and, maybe, as asked by TCPT3). The final mock presentation by TCPT3 ends with filling a form known as Final Review Report (FiRR), listing shortcomings of the presentation as perceived by TCPT6 (for an ideal presentation the list would be empty). TCPT3 can read and respond to the comments of the report. Both FiRR from TCPT6 and the response by TCPT3 will be submitted to me.

In Round 2, TCPT6 is selected for presentation and TCPT3 for reviewing of another material.

- Presentations will be graded by me as well as by all students in class, who will be asked to fill simple questionnaires. The final score for the presenting TCPT will be based on both inputs. The final score for the reviewing TCPT will additionally use FiRR as the reviewing TCPT’s input.

Exams

- There will be one exam: the final exam. It will be held during the finals week, as scheduled by the Registrar’s Office: 7:15 pm – 9:15 pm on Tuesday, Dec. 11, 2007 (cf. http://www.wmich.edu/registrar/finalexam.html).

- If you miss the exam and are excused, you will be required to take a make-up final exam:

- 12:30 pm – 2:30 pm on Friday, Dec. 14, 2007 (cf. http://www.wmich.edu/registrar/finalexam.html). To be excused, you must prove significant circumstances beyond your control. Generally this will require documentation, such as a doctor’s note in case of an illness. If possible, inform the instructor before the exam if circumstances beyond your control will cause missing the exam.

NOTE: No make-up exams will be given for reasons other than emergency situations completely beyond student’s control. If you know ahead of time that the final exam time conflicts with your plans, do not register for this class. (In particular, early flight reservations are not an acceptable reason for a make-up exam.)

5. Incomplete Grades

- The incomplete grade - I - is intended for a student who has missed a relatively small portion of work due to circumstances beyond the student’s control. In general, performance on work done must be at a level of C or better in order to qualify for an incomplete. An I grade will not be given to replace an otherwise low or failing grade in the class.

6. Other Issues

- By registering in this class you agree that your presentations and term papers will be posted on the publically available web site for the course. No requests to remove your name will be accepted.

Grading:

Grading components:

Group project (incl. initial & final project presentation) 50%

Long textbook material presentation 5%

Reviewing of long textbook material presentation 5%

Final exam 40%

In case material presentations/reviewing are not possible due to time constraints, 5% will be added to Group project and 5% to Final exam.

Standard grading scale (A: 90, BA: 85, B: 80, CB: 75, C: 70, DC: 65, D: 60)

I may curve a very tough exam to improve the letter grades.

Inquiries about grades for midterm exams (if any) or quizzes (if any), etc., must be made within one week after they are handed back. In case of a grading disagreement, written arguments for your claims are required. No arguments, however justifiable, will be considered after the one-week deadline.
I might offer an extra credit for an optional coursework—such as presenting in class a software tool.
In my book, there is the “A+” grade J for extraordinary performance (best in class, etc.). Each student who receives it can get a written statement from me upon request (in case the student needs a strong evidence for a recommendation letter). Of course, WMU transcript will show an “A” only.

Use of Electronic Devices: [text courtesy of Prof. Ajay Gupta and Prof. James Yang]

You are expected to stay alert and pay attention in class. Cellphones, PDAs, and other electronic devices should not be used during the lecture and should be turned off.

If available, you may bring your laptop to the class. Your laptop speakers must be turned off. Web-surfing of material other than lecture slides or another material indicated by the instructor is not permitted during the class. You may surf the web only when specifically told to do so. In order to maintain the integrity of the classroom and if I feel it is distracting you or others, I may ask you to turn off your laptop.

Other Notes:

Many topics build upon one another. Therefore, be systematic in your study and avoid being lost. You are encouraged to ask questions in class if you do not understand the material.
Since email and telephone limit interactions, please see me during my office hours or after classes in case you have questions. (In justified cases, a special appointment can be made.)
No questions will be answered on the date of a quiz/exam. No office hours will be held on the days of the exams.

Academic Integrity:

Academic Honesty Statement (WMU Policy)

You are responsible for making yourself aware of and understanding the policies and procedures in the Undergraduate and Graduate Catalogs that pertain to Academic Honesty. These policies include cheating, fabrication, falsification and forgery, multiple submission, plagiarism, complicity and computer misuse. [The policies can be found at www.www.wmich.edu/catalog under Academic Policies, Student Rights and Responsibilities.] If there is reason to believe you have been involved in academic dishonesty, you will be referred to the Office of Student Conduct. You will be given the opportunity to review the charge(s). If you believe you are not responsible, you will have the opportunity for a hearing. You should consult with me if you are uncertain about an issue of academic honesty prior to the submission of an assignment or test.

(The Code of Honor passed by the Faculty Senate in November 2004 and administration in December 2004, can also be found at www.www.wmich.edu/catalog.)

Note: This is a course for honest and ethical students only!

I will not tolerate any breaches of academic integrity, including abuses of a lab (if used), lab procedures, or projects.

Anybody found responsible for violation of academic honesty in the course, will receive a penalty up to and including an E grade in the class. Additional disciplinary actions can be taken by the Department, the College, and the University.

In addition, due to the nature of this course, a course on security, should a student use any information learned or any facilities provided by the course in an unethical way, I will ask the Office of Student Conduct for the harshest penalties applicable. This applies to acts committed both during and after the course (for example, if I hear about an incident in a faculty meeting).

[Based on text courtesy of Prof. Ajay Gupta and Prof. James Yang.]

Submission of another person’s work in part or whole is not permitted. Learning can certainly occur with discussion of class material and assignments with other students, but at all times ensure that you don’t represent the work of another person as your own.

· If you are copying another’s work in part or whole, either by hand or electronically, without giving credits due (see below) you are going too far

· If two or more people or teams are working so closely together that the outcomes, particularly on significant portions of project reports or computer programs, are essentially the same in the logical structure, they are going too far.

· You should not give your completed work to someone else or accept another’s completed work to “review or look at” in either hardcopy or electronic form. This too easily facilitates copying.

Easy availability of information, material, source codes, lecture notes, etc., on the Internet may make it possible to find text useful for your report, slides, etc. It is permitted (even required for your projects) to refer to those, understand them and use them to enhance your solutions, generate your own ideas, etc. However, you must give proper and full credit to original authors of the work if you include their ideas or solutions (complete references and/or indication of quoted material, as specified below, are required).

In particular, remember the following requirements for avoiding any accusations of plagiarism:

· If you rephrase ideas presented by others in your text, you must provide a reference in this text, and then list full bibliographic information for the reference at the end of your report, slide presentation, etc.

· Any quotes (as opposed to references) must be clearly indicated in at least two ways: (a) with a clear phrase or sentence (e.g. “Quoting Smith et al.:”), and (b) with a different form of the text (e.g., written in italics, boxed, etc.) visible in black-and-white documents.

· Sharing information between Project Teams is encouraged. A PT using rephrased ideas from another PT must give a full reference to the “source PT.” A PT quoting text from another PT must clearly indicate the quotes and give a full reference.