CS513 System Security - Overview and Organization

CS513: System Security - Overview and Organization

Course Overview. This course discusses security for computers, communications networks, and distributed systems. We will cover applications of cryptography as well as abstractions, principles, structuring constructs, and methods for implementing military as well as commercial-grade secure systems.

Understanding public policy, institutional policy, and legal issues are also crucial when building a secure system. Students wishing exposure to that part of the picture are encouraged to co-register in CS515 (Public Policy And Security).

Course URL: http://courses.cs.cornell.edu/cs513/2000sp/

Lecture:Attendance is expected.: 10:10 - 11:25am Tuesday and Thursday. Kimball B11.

Instructor:

Professor Fred B. Schneider (255-9221)
4115C Upson Hall
Office hours: Available most afternoons, Tues - Thurs.
email: fbs@cs.cornell.edu. Please send email only to request an appointment (include days and times that you are available to meet). Other email will not be answered. Email is a painfully ineffective and impersonal way to discuss anything substantive, and Schneider refuses to allow email to replace live student-teacher interaction.

Other Staff:

Benjamin Atkin	(batkin@cs.cornell.edu)
Ali Savino	(as104@cornell.edu)
Mike Frei	(mbf3@cornell.edu)
Manuel Calimlim	(mlc23@cornell.edu)

Office hours for meeting with these folks.

Prerequisites. The course is open to any undergraduate or graduate student who has mastered the material in CS414 (Operating Systems) or CS514 (Distributed Systems) or CS519 (Engineering Computer Networks) or CS601 (Systems Principles) or CS614 (Advanced Systems). Familiarity with the JAVA programming language will be helpful in doing the required programming assignments.

Required Reading:

Charles P. Pfleeger. Security in Computing. Prentice Hall PTR, New Jersey, 1996.
On-line scribed lecture notes.

Recommended References:

Bruce Schneier. Applied Cryptography. Second Edition. Wiley, 1996.
Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security. Private Communication in a Public World. Prentice Hall, 1995.
Dieter Gollmann. Computer Security. Wiley, 1999.

Assignments and Grading. In keeping with the professional (and practical) orientation of this course, assignments are underspecified, open-ended, and motivated by problems that arise in the real world (messy as it is). You will have to think, refine problem specifications, make reasonable and defensible assumptions, and be creative.

Much of your grade is based on a multi-part JAVA group-programming project to design and implement a secure, distributed, banking system.

Final course grades will be computed as follows:

Cryptoanalysis Exercise (15%)
Multi-phase JAVA Programming Project (70%).
Entirely subjective factors, including class participation, possible in-class quizzes, optional written homework assignments attendance, etc. (15%).

All assignments are due on the date stipulated. No late assignments will be accepted.

Students are expected to work in groups of 2 - 3 on the programming projects. Working with other people can lead to a better understanding of the material and will enable you to develop collaboration skills that should prove helpful throughout your career. Each participant in a group, however, must be able to explain the entire content of any submitted solution.