Fall 2018

Section 1: TTh 3:00pm 2113 JKB

Syllabus

This course covers fundamental principles of computer security. The course consists of three parts:

Part 1: Cryptography: We will study and experiment with basic cryptographic primitives (symmetric encryption, asymmetric encryption, MAC, and cryptographic hash functions). We will learn how these primitives are used to achieve certain security properties.

Part 2: Systems: We will study systems that use cryptography, including HTTPS and secure email, to see how cryptographic primitives are used in practice on the Internet.

Part 3: Software Security: We will learn about some of the most common errors that software developers make that attackers then exploit. We will learn how to avoid or prevent these mistakes.

The learning outcomes for this course are:

  • Have a breadth of knowledge in computer security

    • Understand basic security terminology and use it accurately in technical discussions

    • Understand the kinds of threats facing people and systems and the technology to address those threats

    • Understand the limitations of technology in creating a secure system

  • Understand the basic principles of cryptography and how cryptographic building blocks can be assembled to provide security services

    • Build a system: Implement a cryptographic algorithm from a standards specification.

    • Remove the mystery of cryptography and replace it with knowledge of basic principles

    • Understand the use of cryptography in existing security protocols

    • Be able to explain how a protocol meets a given set of security requirements

  • Understand the basic principles of secure software design

    • Break and fix a system: Demonstrate how attackers compromise real-world systems, and then show how to prevent these attacks.

    • Avoid common design and development errors

    • Understand basic usage of standard cryptographic primitives

  • Demonstrate leadership skills

    • Be able to make sound technical decisions in the design and acquisition of security technology

    • Have technical and communication skills needed for leadership roles

    • Be ready to conduct security research in industry or graduate school

  • Promote a code of ethics that is compliant with the law and in accordance with gospel principles

The prerequisite for the course is CS 324 Systems Programming.

Textbooks

For the lecture material, we will use

Information Security: Principles and Practices, second edition, by Mark Stamp, Wiley ISBN-10: 0470626399, ISBN-13: 978-0470626399

I encourage you to read the assigned material in the book ahead of class.

Assignments and Grading Policy

The assignments for this class will consist of homework, labs, and exams.

Homework

Homework is due on Tuesday at the beginning of class. Submit it online in LearningSuite before it is due. Submitted homework must be a PDF.

Each homework is worth 25 points

Late Homework Policy: If it is submitted by the following class period after it is due, you can receive a maximum of 15 points. If it is submitted before the next exam, you can receive a maximum of 10 points.

Projects

Each week that a project is assigned, it is due before midnight on Friday. Students are encouraged to meet project deadlines. I want to see all students complete every lab by the end of the semester. Code can be submitted as .zip or .tar.gz, but please make sure that when files are unzipped or untarred that they are inside of a directory instead of placed in the current directory.

Late Project Policy: As an incentive to help you stay current, we will record late days and early days (maximum of 5) for each project (weekends and university holidays excluded). You will get a total of five (5) free early days for the semester. At the end of the semester, you will receive a penalty if your late day balance exceeds your early day balance. Your overall project points may be penalized up to 2% for each late day on your final balance. If all projects are completed, the penalty for late days will be capped at 10% so that your grade is reduced by a maximum of one letter grade.

Project Pass-off Policies: Projects may be written in the language of your choice unless instructed otherwise. Projects must be passed off by the TA in person, unless instructed otherwise. You may pass off a project after the deadline for full credit, and without using late days, provided you email a SHA-1 checksum of all files associated with your project to the TA before the deadline. You can generate the checksum again at passoff to convince the TA that your assignment was completed on time. You can generate a checksum on linux using openssl (e.g., >openssl dgst -sha1 [filename] ). Search online for how to do this on other systems.

Your final grade will be computed by weighting all scores as follows:

Homework 10%

Projects 45%

Exams 45%

Collaboration Policy

All assignments must be completed individually. You are encouraged to collaborate as much as possible, including discussing solutions and solving problems together. For homeworks, write up your own answer individually (e.g. do not copy someone else's solution directly). For projects, you are encouraged to discuss solving the projects and any programming problems you encounter generally, but you must write your own code and should not view any other student's code.

Exceptions

If you have a serious medical or personal issue, please see the instructor to make arrangements for late work. I am happy to make accommodations for a learning disability if you turn in an accommodations letter to me. No work can be turned in after the university's last day of instruction.

Exams must be taken on the scheduled day. Medical exceptions are available, but please notify the instructor in advance or as soon as possible. Non-medical exceptions (e.g. traveling to a job interview) can be made in advance with sufficient notice.

Educational Policies

Honor Code Standards

In keeping with the principles of the BYU Honor Code, students are expected to be honest in all of their academic work. Academic honesty means, most fundamentally, that any work you present as your own must in fact be your own work and not that of another. Violations of this principle may result in a failing grade in the course and additional disciplinary action by the university.

Policy on Harassment

Harassment of any kind is inappropriate at BYU. Specifically, BYU's policy against sexual harassment extends not only to employees of the university but to students as well. If you encounter sexual harassment, gender-based discrimination, or other inappropriate behavior, please talk to your professor, contact the Equal Employment Office at 422-5895 or 367-5689, or contact the Honor Code Office at 422-2847.

Students with Disabilities

BYU is committed to providing reasonable accommodation to qualified persons with disabilities. If you have any disability that may adversely affect your success in this course, please contact the University Accessibility Center at 422-2767. Services deemed appropriate will be coordinated with the student and instructor by that office.