CS 590-I:
Introduction to Information Security

Spring 2000

 

Directory of Topics

  • Course description
  • Course schedule
  • Course details
  • Instructor
  • Grad Assistant
  • Prerequisites
  • Grading
  • Texts and readings
  • Web-based resources
  • Homework
  • Research paper
  • Miscellaneous information
  • Class policies

    • Course Description

    This course is intended as a complement to CS 555, Data Security and Cryptography. It is an intro course in basic concepts in information security and management. It is not an in-depth course in cryptographic techniques or algorithms. Eventually, this course will become CS 526.

    Catalog description: Basic notions of confidentiality, integrity, availability. Authentication models. Protection models. Security kernels. Audit. Intrusion detection. Operational security issues. Physical security issues. Personnel security. Policy formation and enforcement. Legal aspects. Identification and authentication in local and distributed systems. Classification and trust modeling. Risk assessment.

    Course Schedule and Topics

    The following is a schedule of topics by week. This is approximate, and may change based on class interest, availability of outside speakers, and other factors.

    Schedule is approximate and subject to revision.

    Date

    Topic

    Readings

    Jan 10-19

    Introduction

    Book, chapter 1
    Reading #1, #2, #3

    Jan 17
    MLK Birthday -- No class

    Jan 21-26

    Intro to Cryptography I

    Book, chapter 2

    Jan 28-Feb 11

    Intro to Cryptography II

    Book, chapter 3 & 4
    Reading #10

    Feb 14-25

    Applications security

    Book, chapter 5
    Reading #4, #5, #7, #8

    Feb 24-Mar 10

    OS Security

    Book, chapter 6
    Reading #6

    Mar 11-19
    Spring Break

    Mar 20

    Review and Catch-up

    Mar 22
    Midterm

    Mar 24-Apr 7

    Trusted systems

    Book, chapter 7
    Reading #11

    Apr 10-14

    Network security

    Book, chapter 9
    Reading #9

    April 17-19

    Administering security

    Book, chapter 10
    Reading #12, #13, #14

    April 21

    Legal & Ethical concerns

    Book, chapter 11

    Apr 24

    Incident response, intrusion detection

    Apr 26

    Computer crime investigation

    Apr 28

    Review and conclusion

    Monday, May 1
    Final Exam

    7-9pm in GRIS 280

    Course Details

    Credit

    3 class hours, 3 credit hours

    Scheduling

    Spring 2000, MWF 11:30-12:20

    No classes on Jan 17 (MLK Birthday), March 11-19 (Spring break).

    Midterm is in class on March 10. Final exam is during the week of May1.

    Location

    REC 122

    Instructor

    Gene Spafford

    Office

    REC 216-C (inside 217)

    Office Hours

    M 10-11, Th 1-3
    Also by appointment (arrange with <walls@cerias.purdue.edu>)

    Phone

    49-47825

    E-mail

    <spaf@cerias.purdue.edu>

    Assistant

    Kaichuan He

    Offices

    CS G18

    Office Hours

    T 2:30-5:30
    F 2:30-5:30

    Phone

    x4-7848

    E-Mail

    <hek@cs.purdue.edu>

    Prerequisites

    CS 503 (Operating Systems)

    Grading

    The final grade in this course will be based on exams, projects, and homework. The following is approximately how I will calculate the final grade -- I reserve the right to adjust these percentages slightly for the final grade.

    Item

    Percentage

    Homeworks

    10-15

    Midterm

    25

    Final exam

    40-45

    Project

    20-25

    Texts & Readings

    Eventually, these will be placed on reserve in the Math/Science library (MATH).
    Reading list to be augmented as the semester progresses

    Textbook

    Security in Computing (2nd Edition), by Charles P. Pfleeger, Prentice-Hall, 1997.

    Auxiliary Texts

    Intranet Security, by Linda McCarthy, Prentice-Hall, 1997.

    Applied Cryptography, by Bruce Schneier, John Wiley & Sons, 1995.

    Practical Unix & Internet Security, Simson Garfinkel and Gene Spafford, O'Reilly, 1996.

    @ Large: The Strange Case of the World's Biggest Internet Invasion, by David H. Freedman and Charles C. Mann, Simon & Schuster, 1997.

    Web-based Readings

    1. Chapter 27 of Practical Unix & Intenet Security, Garfinkel & Spafford
    2. PFIRES Technical Report, CERIAS
    3. Reflections on Trusting Trust, Ken Thompson, from CACM,Vol. 27, No. 8, August 1984.
    4. The Internet Worm Program: An Analysis; ACM Computer Communication Review; ACM Press, New York, NY; 19(1), pp. 17-57, Jan 1989.
    5. An Analysis of the Internet Worm; Proceedings of the European Software Engineering Conference 1989; Springer-Verlag, Berlin, Germany; pp. 446-468, Sep 1989.
    6. A Simple Scheme to Make Passwords Based on One-Way Functions Harder to Crack;University of Arizona Technical Report TR94-34; 1994.
    7. The Design of a System Integrity Monitor: Tripwire; Gene Kim and Eugene H. Spafford; COAST TR 93-01; 1993.
    8. Writing, Supporting, and Evaluating Tripwire: A Publically Available Security Tool; Gene Kim and Eugene H. Spafford; COAST TR 94-04; 1994.
    9. CIAC description of denial of service attacks; DoE CIAC; 2000.
    10. Here is some information on the Beale Ciphers. Here is the text of the original pamphlet from 1885 describing the ciphers.
    11. Here is Presidential Executive Order 12958 on the policies for classification of government documents.
    12. A report (and associated appendix) on the security problems at DoE National Laboratories (e.g., Los Alamos).
    13. The report on John Deutch's misuse of classified systems. Sometimes the enemy of security is the person in charge of protecting it!
    14. Yet another GAO report on the problems with security in government systems because of no high-level support or accountability.

    Web-based Resources

    The CERIAS Hotlist

    Homework

    These may be updated or augmented later in the semester, but never within one week of the due date. Check back here for updates nearer the due date for each assignment.

    Due date

    Assignment

    Friday, Feb 4

    1.1, 1.5, 1.6, 1.10, 1.12, 2.2, 2.5, 2.9, 2.11, 2.17, 2.20, 2.23, 2.26

    Monday, Feb 14

    3.4, 3.5, 3.10, 3.11, 3.18, 3.19, 3.20, 4.7, 4.11, 4.18, 4.28, 4.30

    Friday, March 3

    5.2, 5.3, 5.8, 5.12, 5.13, 6.1, 6.2, 6.4, 6.12, 6.14, 6.17, 6.24

    Friday, April 14

    7.4, 7.5, 7.7, 7.11, 7.14, 7.18

    Monday, April 17

    Project proposals

    Monday, April 24

    9.3, 9.6, 9.11, 9.21, 10.1, 10.2, 10.4, 10.5

    Research Project

    A research project will be announced later in the semester. This will be due during the last week of classes.

    Miscellaneous Information

    Students are encouraged to attend the weekly security seminar.

    Course Policies

    All of my courses operate under the same general policies and standards. My students are expected to study and understand these policies. Potential students are encouraged to check these out before signing up for one of my classes.

     

    Gene Spafford
    spaf@cerias.purdue.edu
    Date Last Modified:1/23/00