Link to Blackboard Learn login page
This course is an introduction to the elements of information security and protection. It covers issues for systems and networks, including policy, design, operation, incident detection and response, and more.
Catalog description: Basic notions of confidentiality, integrity, availability; authentication models; protection models; security kernels; secure programming; audit; intrusion detection and response; operational security issues; physical security issues; personnel security; policy formation and enforcement; access controls; information flow; legal and social issues; identification and authentication in local and distributed systems; classification and trust modeling; and risk assessment. Typically offered Fall.
3 class hours, 3 credit hours
CS 50300 -or- permission of instructor
Although not required, having had CS 35500, CS 55500, or equivalent be helpful.
All of my courses operate under the same general policies and standards . My students are expected to study and understand all of these policies. Potential students are encouraged to check these out before signing up for one of my classes.
T Thr in HAAS G-066, 10:30am ‐ 11:45am
Tentatively scheduled for October 12, in class
No books or notes. NO electronic devices.
8am -- 10am, Friday December 15 in LWSN B155
Comprehrensive. No books or notes. NO electronic devices.
Eugene H. Spafford (Spaf)
Some classes will be taught by other faculty when Spaf is out of town.
For office hours, telephone/email, etc., see Spaf's homepage .
Kyriakos Ispoglou (ispo)
Office hours:
M W 10am ‐ 2pm, or by appointment
office:
HAAS G-50
email:
<
kispoglo@purdue.edu
>
There will be a course email list used for high-priority announcements. This will use your registered @purdue.edu email address; make sure this is forwarded to an account you read on a regular basis.
Some announcements may be posted in Blackboard, so be sure to check that at least once each week.
This informational page will be updated over the course of the semester! Be sure to check it regularly.
Blackboard will be used to distribute assignments and collect your responses. Grades will only be available there.
The final grade in the class will be based on assignments, a midterm exam, a final paper, and a comprehensive final exam. Classroom and discussion participation may be used to adjust final grades. In-class quizzes may be given without advance notice.
The determination of final scores will be approximately 5% for homeworks, 25% for the term paper, 30% for the midterm, and 40% for the final exam.
I have adopted this 10 point scale for assignments, originally described by Professor Clifton for grading all non-test items:
10 | Exceptional work. So good that it makes up for substandard work elsewhere in the course. These will be rare, and for many homeworks/problems a perfect score will correspond to an 8. |
8 | What I'd expect of a Ph.D. candidate or outstanding MS student. This corresponds to an A grade. |
6 | Average Master's degree student work, but not what I'd like to see for a Ph.D. candidate. This corresponds to a B grade. |
4 | Okay for a Master's candidate who does extremely well in other courses. This corresponds to a C grade. |
2 | Not good enough for a graduate student. But something. |
0 | Missing work, or so bad that you needn't have bothered. |
The following shows an approximate week-by-week list of topics and readings (readings will be fleshed out as the semester advances). The actual presentation of some of these topics may change, subject to availability of guest lecturers and additional resources.
Week / Dates | Topics | Readings & Notes |
1 / Aug 21 |
Class introduction & policies and overview of class.
Basic definitions: risk, vulnerability, trust Basic cryptography |
|
2 / Aug 28 |
Basics of Physical Security
Basics of Personnel Security |
|
3 / Sep 4 | Authentication |
|
4 / Sep 11 | OS architecture & security |
|
5 / Sep 18 | Access control |
|
6 / Sep 25 |
Software security
Flaws & testing |
|
7 / Oct 2 |
Network threats & attacks
Network defenses |
|
8 / Oct 9 |
Fall Break!
Midterm |
|
9 / Oct 16 |
Network security (firewalls, etc)
Cloud security
Intrusion detection |
|
10 / Oct 23 | Malware and defenses |
|
11 / Oct 30 | Web security issues |
|
12 / Nov 6 | Models, including multilevel security |
|
13 / Nov 13 |
Privacy
Supply chain issues OPSEC |
|
14 / Nov 20 |
Incident response
Turkey response ‐ Thanksgiving! |
|
15 / Nov 27 |
Law & ethics
Certifications, economics |
|
16 / Dec 4 |
E-voting, Cyberwar
Catch-up & review |
|
Finals / Dec 11 |
|
This book does not present items at the depth and rigor we'd normally like, but there are no books that provide the breadth we need for the course.
I suggest you get the latest printing of the textbook; earlier printings had more typos. Also get the appropriate Errata pages .
I maintain a Tumblr blog i try to keep updated with current news about information security. You should monitor the blog and read the items I link in so as to get a sense of current security incidents. The blog is available at http://blog.spaf.us
Some students have found primary material in the research literature easier to understand than the (condensed) treatment in the textbook. The text contains extensive references (over 1000); you are encouraged to go to these for material with which you have difficulty.
Two recommended books for additional reference (or your bookshelf, if you intend to do more work in this area) are:
Readings will be added to the above table as the semester progresses. However , as this is a graduate class, students should be seeking out readings on their own to augment the material presented in the lectures. This is especially critical for students planning to take quals in this subject.
I have a (outdated) list of general recommended readings for my security courses. This will be augmented with other suggestions and recommendations over time.
Students are encouraged to attend the weekly security seminar or to view the podcasts online.
Other information, handouts, assignments, etc will all be on the class page in Blackboard and eventually linked in here.