CSI 424/524: Information Security – Fall 2017
1 Course Information
- Title/Credits:
- CSI 424/524: Information Security (3 Credits)
- Semester:
- Fall 2017
- Time/Location:
- Mondays 5:45pm–8:35pm, LC 3C
- Instructor:
- Amir Masoumzadeh (amasoumzadeh@albany.edu)
- Office Hours: Tuesdays 3:00pm-5:00pm (UAB 422), or by appointment
- Teaching Assistant:
- Padmavathi Iyer (riyer2@albany.edu)
- Office Hours: Thursdays 12:15pm–2:15pm (UAB 401)
- Teaching Assistant:
- Subhitsha Suresh (ssuresh@albany.edu)
2 Course Overview
This course covers fundamental issues surrounding computer security and information privacy. You will learn about security policies, models, and mechanisms related to confidentiality, integrity, authentication, identification, and availability issues in computing systems. Other topics that are covered include basics of cryptography (e.g., digital signatures), network security (e.g., firewalls), and information privacy (e.g., data anonymization).
2.1 Learning Goals for Students
Students who complete this course will be able to
- Understand the threats and countermeasure techniques at network and system levels
- Analyze and inspect security and privacy requirements for systems
- Apply basic cryptographic and network security techniques to achieve basic security goals of a system
- Employ mechanisms and technologies to design and build secure systems
2.2 Prerequisites
The prerequisite course for CSI 424 is CSI/CEN 400 or CSI 402. The prerequisite course for CSI 524 is CSI 500.
You are expected to have a general knowledge of discrete math, Linux, and programming. Also, some knowledge of networking can be helpful.
2.3 Readings
- Required Textbook:
- Matt Bishop, "Computer Security: Art & Science," Addison-Wesley Professional, ISBN: 978-0201440997.
- Alternative Textbook:
- Matt Bishop, "Introduction to Computer Security," Addison-Wesley Professional, ISBN: 978-0321247445.
In addition to the textbook, other reading materials will be linked on the course page or posted on Blackboard.
2.4 Communications and Submissions
The course has a web page (https://www.cs.albany.edu/~amir/courses/csi524-f17/) that includes a schedule of the readings and due dates. Please note that the schedule is tentative and will be updated during the semester. It is your responsibility to check the schedule regularly.
Announcements, notes, assignment submissions and feedback will be handled using Blackboard (https://blackboard.albany.edu/).
In order to receive timely answers to your questions, please ask them in the appropriate forum in the Q&A section of the Blackboard site.
3 Assessment and Grading
- Homework Assignments
- You will be assigned to individually solve 6 problem sets related to the topics covered in the class.
- Lab Assignments
- You will be assigned 3 hands-on exercises that may need writing small programs. You will need to run virtual machines on your own computer in order to complete those assignments.
- In-Class Activities and Performance
- A major component of your participation in the course will be involvement in class activities and discussions (both individually and in a team). Because your work in your teams is crucial to your success in this course as well as your teammates, you will be held accountable for your contribution to your team. Your team members will give you feedback on your performance during the semester.
- Exams
- There will be 2 exams during the semester and no exam during the finals week.
- Course Project
- You will work on a course project which includes research/design/implementation, a written component, and an oral presentation. The requirements and the schedule of deadlines will be posted as a separate document on Blackboard.
- Final Grade
Your final grade will be determined as a weighted average of the followings:
- Homework Assignments: 20%
- Lab Assignments: 15%
- In-Class Activities and Participation: 10%
- Exams: 30%
- Course Project: 25%
The numerical grade will be converted to a letter grade based on the following scale:
93–100% (A) 90–92% (A-) 87–89% (B+) 83–86% (B) 80–82% (B-) 77–79% (C+) 73–76% (C) 70–72% (C-) 67–69% (D+) 63–66% (D) 60–62% (D-) 0–59% (E)
4 Policies
- Makeup Policy
- There are generally no makeup opportunities for missed activities and assignments except in extenuating circumstances. Since there will be occasions in your life when missing a class meeting or a deadline is simply unavoidable, this course has a few built-in safety valves.
- You can submit your assignment up to 2 days late subjecting to 10% penalty per day late. No assignment will be accepted after 2 days past the deadline.
- The average of the best 90% of your in-class activities will count towards your grade.
- If you become seriously ill during the semester, or become derailed by unforeseeable life problems, and have to miss so many assignments that it will ruin your grade, schedule a meeting with me in order to make arrangements for you to drop the course to save your grade point average. Do not wait until it is too late to see me when you get in trouble.
- Use of Electronic Devices
- Computers or other electronic devices may be only used during class for note-taking or other class-related activities. You are not allowed to perform any unrelated task during class.
- Academic Integrity
- It is every student’s responsibility to become familiar with the standards of academic integrity at the University. Claims of ignorance, of unintentional error, or of academic or personal pressures are not sufficient reasons for violations of academic integrity (See http://www.albany.edu/studentconduct/standards_of_academic_integrity.php). Any incident of academic dishonesty can result in (i) no credit for the affected assignment, (ii) report to the appropriate University authorities (e.g., (e.g., Dean of Undergraduate Education or Graduate Studies), and/or (iii) a failing grade (E) for the course. For all assignments and papers, make sure to do your own work, except where collaboration is explicitly permitted or required. Also, make sure that you properly cite any resource from which you borrow ideas and that you clearly distinguish them from your contributions.
- Students with Disabilities
- Reasonable accommodation will be provided for students with documented disabilities. If you believe you have a disability requiring accommodation in this class, please notify the Disability Resource Center (BA 120, 518-442-5490). That office will provide me with verification of your disability, and will recommend appropriate accommodations. In general, it is your responsibility to contact me at least one week before the relevant activity to make arrangements.
5 Schedule
The following schedule is tentative and will be regularly updated. Refer to the course page for the most up-to-date version. You are expected to read the book chapters and other assigned readings for a session before coming to the class.
| Date | Topic/Readings | Assignments |
|---|---|---|
| 8/28 | Overview of informaion security | |
| Security design principles | ||
| Readings: Chapters 1, 13 | ||
| 9/4 | No Class - Labor Day | HW1 due 9/8 |
| 9/11 | Access Control Matrix | |
| Foundational Results | ||
| Readings: Chapters 2, 3 (3.1-2) | ||
| 9/18 | Security Policies | HW2 due 9/22 |
| Confidentiality Policies: BLP Model | ||
| Readings: Chapters 4 (4.1-4), 5 (5.1, 5.2.1-2, 5.3) | ||
| 9/25 | Integrity Policies: Biba, Lipner Models | Lab1 due 9/25 |
| Hybrid Policies: Chinese Wall, Role-Based Access Control | ||
| Readings: - Chapters 6 (6.1-3), 7 (7.1, 7.3-4) | ||
| - R. Sandhu, D. Ferraiolo, and R. Kuhn, “The NIST Model for Role-Based Access Control: Towards A Unified Standard” | ||
| 10/2 | Hybrid Policies: Attribute-Based Access Control, Relationship-Based Access Control | |
| Readings: | HW3 due 10/6 | |
| - V. C. Hu et al., “Guide to Attribute Based Access Control (ABAC) Definition and Considerations.” Section 2 (required) (Sec. 3: optional) | ||
| - A. Masoumzadeh and J. Joshi, “OSNAC: An Ontology-based Access Control Model for Social Networking Systems.” (optional) | ||
| 10/9 | Cryptography Basics | |
| Readings: Chapter 9 | ||
| 10/16 | Exam 1 | Project Proposal due 10/19 |
| 10/23 | Cryptography Basics (cont) | Project Meeting by 10/27 |
| Readings: Chapter 9 | (email to schedule) | |
| 10/30 | Key Management | HW4 due 11/3 |
| Readings: Chapter 10 | ||
| 11/6 | Cipher Techniques | Lab2 due 11/10 |
| Readings: Chapters 11 | ||
| 11/13 | Cipher Techniques (cont.) | Project Progress due 11/17 |
| Authentication | HW5 due 11/17 | |
| Readings: Chapters 12 | ||
| 11/20 | Identity | |
| Software Security | ||
| Readings: Chapter 14 | ||
| - J. Nelliben, Buffer Overflow for dummies, SANS Institute white paper (req: Sec. 7) | ||
| 11/27 | Information Privacy | HW6 due 12/1 (optional) |
| Readings: | Lab3 due 12/1 (optional) | |
| - OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (req: Part 2) | ||
| - L. Sweeney, “k-anonymity: a model for protecting privacy” | ||
| 12/4 | Exam 2 | |
| 12/11 | Project Presentations | Final Project due 12/15 |