CSCI-4650 Computer Security

Saint Louis University

Overview

Basic Information

If you wish, you may download a printable version of the original syllabus. However, all of that information is also on this web page and the web page will be updated as the course proceeds, whereas the printed syllabus will not.

Course Description

Fundamental introduction to the broad area of computer security. Topics will include access control, security policy design, network security, cryptography, securing systems, and common vulnerabilities in computer systems.

Prerequisites

CSCI 2100: Data structures. CSCI 3500: Operating Systems and Phil 3410/CSCI 2050: Computer Ethics are recommended but not required.

Course Outcomes

The following are a list of some expected course outcomes.

  1. Students have an understanding of security policy design.

  2. Students are familiar with network security designs which are commonly used in organizations.

  3. Students are familiar with fundamentals of cryptography, including public and private key cryptography.

  4. Students are familiar with network security threats and countermeasures, including common attacks and defensive strategies.

  5. Students can recognize common vulnerabilities on various operating systems and can compare and contrast various features provided on popular operating systems such as windows and linux.

  6. Students can use standard tools such as tcpdump, iptables, and other applications.

  7. Students can explain common vulnerabilities in programs, such as buffer overflows, lack of input sanitization, etc.

  8. Students can compare and contrast types of malicious code, including worms, Trojan horses, and viruses.

Instructor

* Flavio Esposito

Office: Ritter Hall (RTH) 217
Email: espositof AT slu DOT edu
Phone: 314-977-2334
Homepage: http://www.cs.slu.edu/~esposito

Lectures

Time and Days: Mon/Wed/Fri 2:10pm - 3:00 pm

Where: Ritter Hall 202 (Campus Map)

Date Range: Jan 17, 2017 - May 16, 2017

Though attendance in class is not explicitly required, it is certainly expected. Lectures are designed to be interactive and class participation is most welcome. These meetings will offer learning opportunities that cannot be recreated purely from readings.

I will depart from the textbook and its flow to explain more modern notions of security currently under active research, or more details on more standard topics. I may not always provide backup lecture notes on such additional details. That said, for those who miss a lecture, information on the lecture topic can often be found on the course schedule web page.

Office Hours

Wed and Thu: 1:00pm - 2:00pm or by appointment
Room: RTH-217

Course Materials and Resources

This class uses online resources, handouts and the following textbook:
Computer Security: Principles and Practice, by Stallings and Brown. The book is recommended but not required.

Computer security is a fast moving area, and I will heavily use internet resources, so a number of successful students have opted to not purchase the text and done fine. However, if you would like an extra resource or anticipate missing any class, this book is the one that I base many of my lectures on, although I deviate heavily from it in order to pull in additional information.

Grading Criteria

There will be one midterm exam and one final exam. Both exams will be closed books and notes. Also, there will be a few written assignments, and a few programming assignments. Final grades will be approximately based on the following criteria:

  • Written and Lab Assignments: 50%
    Written homework assignments can cover essays or questions similar to those that you may find at the end of each chapter in a textbook. Essays will be over papers assigned in class. In addition to written homework assignments, there will be several hands on labs on computer security. Some (or all of them) will be done on the DETER testbed, a remote cluster where you can reserve virtual machines to run your lab in an isolated environment with sudo access. Each lab will be self contained, and must be done individually. Stay tuned for more information on the DETER system as well as on our assignments

  • Midterm Exam: 20%

  • Final Exam: 30%

Letter Grades

Student percentage above 93% will result in a grade of A or better.
Student percentage above 90% will result in a grade of A- or better.
Student percentage above 87% will result in a grade of B+ or better.
Student percentage above 83% will result in a grade of B or better.
Student percentage above 80% will result in a grade of B- or better.
Student percentage above 77% will result in a grade of C+ or better.
Student percentage above 73% will result in a grade of C or better.
Student percentage above 70% will result in a grade of C- or better.
Student percentage above 67% will result in a grade of D or better.
Student percentage below 67% will result in a grade of F.

Late submission policy

Assignments submitted late will have a score reduced of 20% per day for the first 2 days after the deadline. No submissions will be accepted after the second day. Upon request to the Dean of Students (http://www.slu.edu/dean-of-students-office), students shall be given up to five (5) consecutive days (not including weekends or holidays) of excused absence for bereavement.

Technology in class

  • Cell phones are allowed in vibration mode during class. If you have a personal emergency, feel free to step out quietly from the classroom and take the call. Cell phones are not allowed during exams. Recording audio or video (frames) during class is not recommended. Learning how to take notes effectively is useful: train for that.

Computers will be an integral part of this course, both inside and outside of class. However, out of courtesy to both the instructor and other students, please do not use the lab computers for non-class related activity. In particular, you do not need to be using a computer unless an exercise or in class activity requiring them is in progress.

Student Success Center

In recognition that people learn in a variety of ways and that learning is influenced by multiple factors (e.g., prior experience, study skills, learning disability), resources to support student success are available on campus. The Student Success Center assists students with academic and career related services, and is located in the Busch Student Center (Suite, 331) and the School of Nursing (Suite, 114). Students can visit www.slu.edu/success to learn more about:

  • Course-level support (e.g., faculty member, departmental resources, etc.) by asking your course instructor.

  • University-level support (e.g., tutoring services, university writing services, disability services, academic coaching, career services, and/or facets of curriculum planning).

University Writing Services Support

We encourage you to take advantage of university writing services in the Student Success Center; getting feedback benefits writers at all skill levels. Trained writing consultants can help with writing projects, multimedia projects, and oral presentations. University Writing Services offers one-on-one consultations that address everything from brainstorming and developing ideas to crafting strong sentences and documenting sources. For more information, call 314-977-3484 or visit http://bit.ly/1gAKC9H.

Disability Services Academic Accommodations

Students with a documented disability who wish to request academic accommodations must contact Disability Services to discuss accommodation requests and eligibility requirements. Once successfully registered, the student also must notify the course instructor that they wish to access accommodations in the course.

Please contact Disability Services, located within the Student Success Center, at Disability_services@slu.edu or 314.977.3484 to schedule an appointment. Confidentiality will be observed in all inquiries. Once approved, information about the student’s eligibility for academic accommodations will be shared with course instructors via email from Disability Services and viewed within Banner via the instructor’s course roster.  

Note: Students who do not have a documented disability but who think they may have one are encouraged to contact to Disability Services.

Title IX

Saint Louis University and its faculty are committed to supporting our students and seeking an environment that is free of bias, discrimination, and harassment. If you have encountered any form of sexual misconduct (e.g. sexual assault, sexual harassment, stalking, domestic or dating violence), we encourage you to report this to the University. If you speak with a faculty member about an incident of misconduct, that faculty member must notify SLU’s Title IX coordinator, Anna R. Kratky (DuBourg Hall, room 36; akratky@slu.edu; 314-977-3886) and share the basic facts of your experience with her. The Title IX coordinator will then be available to assist you in understanding all of your options and in connecting you with all possible resources on and off campus.   If you wish to speak with a confidential source, you may contact the counselors at the University Counseling Center at 314-977-TALK. To view SLU’s sexual misconduct policy and for resources, please visit the following web addresses: http://www.slu.edu/general-counsel-home/office-of-institutional-equity-and-diversity/sexual-misconduct-policy and www.slu.edu/here4you.

Academic Integrity

Academic integrity is honesty, truthful and responsible conduct in all academic endeavors. The mission of Saint Louis University is “the pursuit of truth for the greater glory of God and for the service of humanity.” Accordingly, all acts of falsehood demean and compromise the corporate endeavors of teaching, research, health care, and community service via which SLU embodies its mission. The University strives to prepare students for lives of personal and professional integrity, and therefore regards all breaches of academic integrity as matters of serious concern.

The governing University-level Academic Integrity Policy can be accessed on the Provost's Office website. A more detailed policy statement is given by the College of Arts & Science, also applying to this course.

In addition to those general statements, we wish to discuss our policy in the context of this course. When it comes to learning and understanding the general course material, you may certainly use other reference materials and you may have discussions with other students in this class or other people from outside of this class. This openness pertains to material from the text, practice problems, general syntax and use of any language or other computing tools.

However, when it comes to work that is submitted for this course, you are not to use or to search for any direct or indirect assistance from unauthorized sources, including but not limited to:

  • other students in this class

  • past students, whether from this school or other schools

  • other acquaintances

  • other texts or books

  • online information other than that referenced by course materials

Acceptable sources of information include consultations with the instructor, or members of organized tutoring centers on campus, as well as any materials explicitly authorized for a project description. Even in these cases, if you receive significant help you should make sure to document both the source of the help as well as the extent.

On certain assignment, the instructor may explicitly allow students to work in pairs or in groups. In this case, conversations between partners is both permissible and required. Furthermore, all students are expected to contribute significantly to the development of the submitted work. It is unethical to allow a partner to “sign on” to a submission if that partner did not significantly contribute to the work.

Any violations of these policies will be dealt with seriously. Penalties will apply as well to a student who is aiding another student. Any such violations will result in a minimum penalty of a zero on the given assignment that cannot be dropped, and severe or repeated violations will result in an immediate failing grade in the course. Furthermore all incidents will be reported in writing to the Department and/or the Dean, as per the College procedure.