This course is an extensive survey of network security. The course materials cover threats to information confidentiality, integrity, and availability in different Internet layers, and defense mechanisms that control these threats. The course also provides a necessary foundation on network security, such as cryptographic, primitives/protocols, authentication, authorization and access control technologies; and hands-on experiences through programming assignments and course projects.

In addition to the courses, the University has an excellent Speaker Series, including those from Computer Science, Informatics, LIS, and CACR. When speakers are visiting, a few minutes of class time will be used to identify the speaker, and how the topic fits into the course. This will allow you to easily catch the presentations on topics that engage you the most.

Policies

Video and audio recording of the course is not allowed. The class time includes discussion. Asking a question is difficult for some people, being recorded increases the burden of asking. I expect the class participants, as graduate students, to be able to answer the questions and engage fully in classroom exercises.  This means that there will be moments of disagreement, and even intellectual struggle or conflict.  Experience indicates and research does not contradict the assertion that recording hinders discussion and the education that requires it. A violation of this class policy will be treated as a violation of academic integrity.

If you have a particular need to record you may do so unobtrusively and under a confidentiality agreement that respects the expectations of other students. Please talk to me privately about this.

The class has a set of basic topics, and each topic will be explored and examined according to the interest of the students. Thus, if the class wants to focus an additional day on a topic, other topics can be compressed. What is important is to meet the goals of the class.

Course Goals

Foundational Security Vocabulary
This is the breadth component of the course. You should leave this course with an understanding of security and privacy concepts, practices, and how these interrelate. The readings from the textbook and some supplementary readings help meet that goal.

Applied Security
You should be able to use the tools discussed in class and show some mastery of basic security technologies. The hands-on labs are intended to meet this goal.

Security Threats
There is no question that it is fun to look at live attacks from Norse. Not only will supplemental readings and lectures address applicable past attacks, real time security events will be part of the discussion. This will inevitably result in some jumping around, but (un)luckily there are usually applicable attacks for most topics in a timely manner. A major security event (e.g., on the scale of Heartbleed) will result in some changes in the schedule as needed.

Introduction to Human and Economic Factors in Security
A minimal exposure to interdisciplinary approaches to security. This is the focus of the last two weeks.

Mastery of One Component of Security
Any topic in this course is worthy of a course unto itself. This is a core of the depth component of the course.The ability to effectively summarize one core component of the course is the goal of the presentation. By selecting one topic, researching it, and presenting it you show a deeper understanding that topic.

The grading guidelines correspond to the goals of the course.

Course Grade Components and Weights

Descriptions of Course Grade Components

Laboratory Exercises: There are ten laboratory sessions. Combined these illustrate your mastery of the application of the concepts presented in class and as part of the readings.

 Final Exam: The final exam is comprehensive. This means it covers the reading, as well as additional meterial provided in class. In addition, the materials from the labs may be included.

Final Presentation: These are the steps to research a topic. By the end of the semester, you should understand it enought to explain it and answer questions. Depending on time constraints, I expect these presentations to extend to Friday lab sessions. Despite the fact that these are presented in class, none of these topics will be on the (otherwise comprehensive) exam. These presentations are the sole exception to the otherwise comprehensive nature of the exam.

• Presentation topic: What is the larger area that interests you? What kind of threats or attacks? Why? What conclusion is expected? In this short assignment you will begin to meet the goal of understanding a topic well enough to explain it.
• Presentation abstract: This is one or two pages describing the presentation focus and highlights.
• Presentation bibliography: The bibliography should be roughly complete by the middle of the semester, but of course there will be other material added as the semester progresses. This bibliography will serve as the foundation for your presentation.
• In-class presentation: Students with successful, accepted submissions to an approved conference will receive an "A" on the presentation component, even if this requires a change from my initial grade. If you complete the presentation and believe your grade is incorrect, then polish the work and submit it. Given that the goal of this is effective presentation; you will receive an "A" grade. Because the final goal is a presentation, the appropriate level of submission is a poster. The School provides travel funds for graduate students with publications, so you should be able to present.