This course is an extensive survey of network security. The course materials cover threats to information confidentiality, integrity, and availability in different Internet layers, and defense mechanisms that control these threats. The course also provides a necessary foundation on network security, such as cryptographic, primitives/protocols, authentication, authorization and access control technologies; and hands-on experiences through programming assignments and course projects.
The vast majority of the readings will be from Computer Security: Principles and Practice (3rd Edition)
In addition to the courses, the University has an excellent Speaker Series, including those from Computer Science, Informatics, LIS, and CACR. When speakers are visiting, a few minutes of class time will be used to identify the speaker, and how the topic fits into the course. This will allow you to easily catch the presentations on topics that engage you the most.
Video and audio recording of the course is not allowed. The class time includes discussion. Asking a question is difficult for some people, being recorded increases the burden of asking. I expect the class participants, as graduate students, to be able to answer the questions and engage fully in classroom exercises. This means that there will be moments of disagreement, and even intellectual struggle or conflict. Experience indicates and research does not contradict the assertion that recording hinders discussion and the education that requires it. A violation of this class policy will be treated as a violation of academic integrity.
If you have a particular need to record you may do so unobtrusively and under a confidentiality agreement that respects the expectations of other students. Please talk to me privately about this.
The class has a set of basic topics, and each topic will be explored and examined according to the interest of the students. Thus, if the class wants to focus an additional day on a topic, other topics can be compressed. What is important is to meet the goals of the class.
Foundational Security Vocabulary
This is the breadth component of the course. You should leave this course with an understanding of security and privacy concepts, practices, and how these interrelate. The readings from the textbook and some supplementary readings help meet that goal.
You should be able to use the tools discussed in class and show some mastery of basic security technologies. The hands-on labs are intended to meet this goal.
There is no question that it is fun to look at live attacks from Norse. Not only will supplemental readings and lectures address applicable past attacks, real time security events will be part of the discussion. This will inevitably result in some jumping around, but (un)luckily there are usually applicable attacks for most topics in a timely manner. A major security event (e.g., on the scale of Heartbleed) will result in some changes in the schedule as needed.
Introduction to Human and Economic Factors in Security
A minimal exposure to interdisciplinary approaches to security. This is the focus of the last two weeks.
Mastery of One Component of Security
Any topic in this course is worthy of a course unto itself. This is a core of the depth component of the course.The ability to effectively summarize one core component of the course is the goal of the presentation. By selecting one topic, researching it, and presenting it you show a deeper understanding that topic.
The grading guidelines correspond to the goals of the course.
|10%||Class participation||The AI will be tracking contributions in class so this is applied fairly.|
|40%||Laboratory exercises||Each lab is worth 4 pts.||30%||Final exam||The final exam is comprehensive.|
|20%||Final presentation||This assignment has the four following components.|
|5%||Final resentation topic||Due by the fourth week of class.|
|5%||Final presentation topic abstract||Due by the sixth week of the semester|
|5%||Final presentation bibliography||Due by the tenth week of the semester|
|5%||Final in-class presentation||In the final weeks of class|
Laboratory Exercises: There are ten laboratory sessions. Combined these illustrate your mastery of the application of the concepts presented in class and as part of the readings.
Final Exam: The final exam is comprehensive. This means it covers the reading, as well as additional meterial provided in class. In addition, the materials from the labs may be included.
Final Presentation: These are the steps to research a topic. By the end of the semester, you should understand it enought to explain it and answer questions. Depending on time constraints, I expect these presentations to extend to Friday lab sessions. Despite the fact that these are presented in class, none of these topics will be on the (otherwise comprehensive) exam. These presentations are the sole exception to the otherwise comprehensive nature of the exam.