[most recent updates are
highlighted]
Syllabus for
CS 6030: Advanced Computer and Information Security (ACIS) -
Spring 2009
Department of
Computer Science
Instructor:
Dr. Leszek (LEH-shek) Lilien
CEAS B-249, phone: (269) 276-3116 (email preferred)
Classes:
CEAS D-204, T and R, 4:30 pm - 5:45
pm
Office Hours:
T 12:00 pm
– 1 :00 pm and R 6:15 pm – 7 :15 pm
Email:
llilien@cs.wmich.edu – please use for urgent matters only
Only
messages conforming to the following email requirements will be read by
me.
|
Email requirements for CS 6030-ACIS-S09
Only e-mail coming from a WMU account will be read. A “WMU account” is one ending with “wmich.edu” (e.g., “wmich.edu” or “cs.wmich.edu”) — Each message must have a descriptive subject, preceded by one of prefixes indicated next: 2.1) For messages not related to research projects or chapter/paper presentations (see below), use the following Subject line format: CS6030-ACIS-S09--<your last name>: <descriptive subject> Example: CS6030-ACIS-S09--Smith: final exam date 2.2) If your message is related to your chapter/paper presentation, use the following Subject line format: CS6030-ACIS-S09--TCPT<id>: < descriptive subject> where TCPT = Textbook Chapter Presentation Team, and id is the id of your TCPT. Examples: for id = 6: CS6030-ACIS-S09—TCPT6: FiRR for
presentation by TCPT3 for id = 3: CS6030-ACIS-S09—TCPT3: response to
FiRR by TCPT6
IMPORTANT:
Any member of a PT sending a message to me _must_ Cc it to all members of
this TCPT, so: (a) all TCPT members are informed, and (b) I can easily reply
to all. 2.3) If your message is related to your research project, use the following Subject line format: CS6030-ACIS-S09--PT<id>: <subject> where PT = Project Team, and id is the id of your PT. Examples: for id = 4: CS6030-ACIS-S09--PT4: selected papers for id = 8A: CS6030-ACIS-S09--PT8A: selected papers
IMPORTANT:
Any member of a PT sending a message to me _must_ Cc it to all members of
this PT, so: (a) all PT members are informed, and (b) I can easily reply to
all.
NOTE: Don't use "<" and ">" — they are
only elements of format specifications Attached files must be scanned with up-to-date anti-viral software, and the message including them must contain the following statement: I have scanned the enclosed
file(s) with <name of software, its version>, which was
last updated on <date>. where <date> should be the current date. (You
should have the habit of updating your anti-viral software daily!) NOTE: Don't use "<" and ">" — they are
only elements of format specifications |
Class Web Pages:
Lecture
slides and announcements:
Prerequisites:
Graduate student status.
Grade B or better in CS 5950/6030:
Network Security or CS 5950/6030: Computer Security and Information
Assurance or instructor’s permission.
Grade B or better in a course on computer
networks.
Texts:
1) Main text:
L. Buttyán and J.-P.
Hubaux, Security and Cooperation in Wireless Networks. Thwarting Malicious
and Selfish Behavior in the Age of Ubiquitous Computing. Cambridge
University Press, 2008.
The textbook might still be available online (with the
read-only restriction) – check at: http://secowinet.epfl.ch/index.php?page=home.html
Publisher’s web page with information about the book:
http://www.cambridge.org/us/catalogue/catalogue.asp?isbn=9780521873710)
2) Supplemental text 1:
S. Frankel, B. Eydt, L. Owens, and K. Scarfone, Establishing
Wireless Robust Security Networks: A Guide to IEEE 802.11i. NIST
Special Publication 800-97, February 2007.
Available at: http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdf
or at: http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97-pdf.zip
(the ZIPped version)
3) Supplemental text 2:
T. Karygiannis and L. Owens, Wireless Network
Security. 802.11, Bluetooth and Handheld Devices. NIST Special Publication
800-48, November 2002
Available at: http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf
or at: http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.zip
(the ZIPped version)
Other readings:
Papers,
book chapters, etc., for individual lectures. When needed, they will be
announced on the linked page with lecture slides and announcements (slides+announcements.html).
Course
Overview:
This is an advanced course for graduate students only.
The course will be research-oriented, with both “more theoretical” and “more
practical” research projects in the areas of computer privacy and
security. Topics for the projects will be suggested by me, or proposed by
students and accepted by me. Depending on class size, each project will involve
1-3 students.
Each student will present in class a research paper and/or a section of a
textbook (probably from Part II or Part III – see below) strongly related to
the student’s project. It will be selected by me, or proposed by the student
and accepted by me.
Lecture
will cover the topics from the main textbook. Its Table of Contents lists the following issues:
1. Existing
Wireless Networks
2. New Wireless
Networks and New Challenges
3. Trust
4. Naming and
Addressing
5.
Establishment of Security Associations
6. Securing
Neighbor Discovery
7. Secure
Routing in Multi-Hop Wireless Networks
8. Privacy
Protection
9. Selfish
Behavior at the MAC layer of CSMA/CA
10.
11.
Cooperation among Operators
12. Secure
Protocols for Behavior Enforcement
A1.
Introduction to Cryptographic Algorithms and Protocols
A2. A
Tutorial on Game Theory for Wireless Networks
Trust, privacy and security in
opportunistic networks.
Privacy-preserving data dissemination
Trust, privacy and security in pervasive
systems, ad hoc networks, embedded networks and sensor networks.
Authentication and privacy, with emphasis on using trust for authorization, and authentication in healthcare systems
Authentication attacks and controls.
Analysis of computer privacy and security
paradigms and development of new ones
Modeling computer fraud and investigating
types of fraudulent user behaviors.
Vulnerability analysis and threat
assessment/avoidance in computer systems, esp. in database systems
Course Requirements
for Students:
Work on an own research project (1-3 students per project depending on
class size). Projects will be usually chosen from the lecture topics and the
optional “selected areas” listed above.
There will be three basic types of projects: survey/overview projects,
implementation projects, or simulation projects. All projects will be developed
under my supervision, which might include regular weekly meetings.
Present in class a
publication—a research paper
or a book section. It will be selected by me, or selected by you and accepted
by me. This “long” presentation might last 30 minutes plus a 5-minute Q&A
period.
Possibly, present in
class your project results. This “short” presentation will
probably last 10 minutes plus a 5-minute Q&A period.
Write a research report describing results of your project.
Take the final exam.
There might be a few unannounced quizzes covering lectures (including presentations by fellow students) and required readings.
Course Policies:
1. Lecture
Lecture and presentation slides as well as
announcements will be emailed to students (they might also be available on-line
on the “slides and announcements” page). You should study the notes and read
announcements (if any) after/before each lecture.
Taking notes during classes is highly
encouraged. Especially, you should write down anything that is written
down using the board or the document projector. You are encouraged to slow me
down if you need more time to take notes.
Attendance is required. If you must miss a lecture,
make sure that you don’t miss announcements.
2. Group Projects
The group projects will be done in Project Teams
(PTs) consisting normally of 1-3 students.
The instructor will propose a set of topics for the
projects to help students in project selection. PTs are free to propose their
own topics for the project but must obtain instructor’s buy-in before starting
their work.
The results obtained in the final project will be
communicated by the PTs: (a) in written reports submitted to me by the end of
the semester, (b) if time allows, in slides presented in class before the end
of the semester.
All projects will be due no later than on the last day
of regular classes.
More details about project requirements, including
presentation and report requirements, will be provided later.
3. . Lecture
Material or Research Paper Presentation and Reviewing
Students, organized into Textbook
Chapter Presentation Teams (TCPTs), will prepare and deliver
presentations of Chapters (or their parts) from the main text. Also selected
research papers might be included in the presentations in addition to
presenting textbook material.
For each presentation, one TCPT in the
pair will play the role of Presenters, and another TCPT—of Reviewers.
Reviewers will work with presenters before the in-class presentation to
assure the best quality (completeness, clarity, etc.) of presentation (incl.
slides). Criteria for reviewing slides and presentations will be provided by
the instructor. (More details below.)
The material selected for presentation
by the members of a presenting TCPT may (but does not have to) be related to
the group projects of the TCPT members. The material assigned for reviewing
to a reviewing TCPT should be unrelated to the group projects of the
reviewing TCPT members. (In this way, if the reviewers understand the
presentation, anybody in the class will. J )
The instructor will work with students to
assist in selecting Chapters or theirs parts for each TCPT for
presentation. Reviewing TCPTs have to accept the presenting TCPT’s
selection.
Example scenario: Each pair of TCPTs participates in two
presentation/review rounds, with their roles switched in the second round.
Suppose that TCPT3 and TCPT6 are paired with each other.
In Round 1, TCPT3 is
selected for presentation and TCPT6 for reviewing of selected material. TCPT3
is responsible for preparing the initial presentation.
Then, TCPT6 reviews the presentation
(without reading the presented material in the textbook or papers since
TCPT6 members must be in a position in which other students will soon be).
TCPT6 decides whether to review slides only, or request TCPT3 for an
entire mock presentation (at least the last TCPT6 review before the in-class
presentation of the material should be a mock presentation.)
TCPT3 uses the feedback from all reviews
by TCPT6 to improve the presentation. A few iterations of the review-improve
process might be needed, as determined by TCPT6 (and, maybe, as requested by
TCPT3).
The final mock presentation by TCPT3 ends
with filling a form known as Final Review Report (FiRR),
listing both strength and shortcomings of the presentation as perceived by
TCPT6. TCPT3 can read and respond to the comments of the report.
Both FiRR from TCPT6 and the response by
TCPT3 must be submitted to the instructor (both email, with a proper header
including “FiRR,” and a hard copy are required.
In Round 2, TCPT6 is
selected for presentation, and TCPT3 for reviewing of material presented by
TCPT6.
Presentations will be graded by the
instructor with the feedback from all students in class, who will be asked to
fill simple Presentation Evaluation questionnaires. The final score for the
presenting TCPT will be based on both inputs. The final score for the reviewing
TCPT will additionally use FiRR as an important output produced by of the
reviewing TCPT.
There
will be one exam: the final exam. It will be held during the
finals week, as scheduled by the Registrar’s Office (cf. http://www.wmich.edu/registrar/finalexam.html):
“All Tuesday 4 -5:29 pm classes [have final exam on] Tuesday, April 21, 5
- 7 pm”
If you miss the exam and are excused, you will be required
to take a make-up final exam as scheduled by the Registrar’s Office (cf.
the same web page). To be excused, you must prove significant
circumstances beyond your control. Generally this will require
documentation, such as a doctor’s note in case of an illness.
NOTE: No make-up exams will be given for reasons other
than emergency situations completely beyond student’s control. If you know ahead of time that the final exam time
conflicts with your plans, do not register for this class. (In
particular, early flight reservations are not an acceptable reason for a
make-up exam.)
5. Incomplete Grades
The incomplete grade - I - is
intended for a student who has missed a relatively small portion of work due to
circumstances beyond the student’s control. In general, performance on
work done must be at a level of C or better in order to qualify for an
incomplete. An I grade will not be given to replace an
otherwise low or failing grade in the class.
Grading:
Team project (incl. final project
presentation)
50%
Chapter or research paper presentation by
PT
5%
Review of
paired PT
presentation
5%
Final exam
40%
In case chapter or paper presentations/reviews are not
possible (e.g., due to time constraints), 5% will be added to Team project and
5% to Final exam.
You are expected to stay alert and pay attention in
class. Cellphones, PDAs, and other electronic devices should not be used
during the lecture and should be turned off.
If available, you may bring your laptop to the class.
It is a common courtesy to prevent your cellphone from
ringing when in the classroom.
Other Notes:
Academic
Integrity:
Academic Honesty
Statement (WMU Policy)
The
following statement has been approved and distributed by the Western Michigan
University Faculty Senate:
You are responsible for making yourself aware of and understanding the
policies and procedures in the Undergraduate and Graduate Catalogs that pertain
to Academic Honesty. These policies include cheating, fabrication,
falsification and forgery, multiple submission, plagiarism, complicity and
computer misuse. [The policies can be found at http://catalog.wmich.edu
under Academic Policies, Student Rights and Responsibilities.] If there
is reason to believe you have been involved in academic dishonesty, you will be
referred to the Office of Student Conduct. You will be given the opportunity to
review the charge(s). If you believe you are not responsible, you will have the
opportunity for a hearing. You should consult with me if you are uncertain
about an issue of academic honesty prior to the submission of an assignment or
test.
You are also encouraged to browse http://osc.wmich.edu and
www.wmich.edu/registrar
to access the Code of Honor and general academic policies on such issues as
diversity, religious observance, student disabilities, etc.
Note:
This is a course for honest and ethical students
only!
I will not tolerate any
breaches of academic integrity, including abuses of a lab (if used), lab
procedures, or projects.
.
In addition, due to the nature of this course, should a student use any
information learned or any facilities provided by the course in an unethical
way, I will ask the Office of Student Conduct for the harshest penalties
applicable. This applies to acts committed both during and after the course
(for example, if I hear about an incident in a faculty meeting).
[Based on text courtesy of Prof. Ajay Gupta and Prof.
James Yang.]
Submission of another person’s work in part or whole
is not permitted. Learning can certainly occur with discussion of class
material and assignments with other students, but at all times ensure that you
don’t represent the work of another person as your own. In particular,
remember the following:
If you rephrase ideas presented by others in
your text, you must provide a reference in this text, and then list full
bibliographic information for the reference at the end of your report, slides,
etc.
Any quotes (as opposed to references) must be
clearly indicated in at least two ways: (a) with a clear phrase or sentence
(e.g. “Quoting Smith et al.:”), and (b) with a different form of the text
(e.g., written in italics, boxed, etc.).
Easy availability of information, material, source
codes, lecture notes, etc., on the Internet may make it possible to find text
useful for your report, slides, etc. It is okay (even required for your
projects) to refer to those, understand them and use them to enhance your
solutions, generate your own ideas, etc. However, you must give proper and full
credit to original authors of the work if you include their ideas or solutions
(complete references and/or indication of quoted material are required).
Sharing information between PTs is encouraged. A PT
using rephrased ideas from another PT must give a full reference to the
“source PT.” A PT quoting text from another PT must clearly indicate the
quotes and give a full reference.
Anybody found responsible for violation of
academic honesty in the course, will receive a course penalty up to and
including an E grade in the class.
Students Rights and Responsibilities:
You are also encouraged to familiarize yourself
with University policies on human rights, diversity issues, and students with
disabilities. (They can also be found at www.wmich.edu/catalog;
cf. “Students Rights and Responsibilities.”)
01/09/09
- Last day to add/drop/change (100% refund)
01/16/09 - Last day to drop a
class (50% refund)
01/15/09 - Last Day to receive a 90% Tuition Refund (for a
complete withdrawal)
01/16/09 - Last Day to receive a 50% Tuition Refund (for a
partial withdrawal)
01/19/09 - No classes, MLK Day
03/02/09 - 03/08/09 - Spring Break
03/16/09 - Last day to withdraw (no refund, W recorded on the
transcript)
04/20/09 - Final examination week starts.
© 2007-2009 by Leszek T.
Lilien
Last updated on 1/8/09