CS 423/523 Network Security/U of Idaho

Crosslisted as Cpt S 425/525 via WHETS/WSU
Spring 2003

Deborah Frincke

9:30 am - 10:45 am	T	JEB	026
9:30 am - 10:45 am	R

Frequently Visited Links

Class Syllabus

Frequently Asked Questions

Administrative Items

Especially for Video Students

Homework: Undergraduate Grading, Graduate Grading, Schedule, Kinds of Assignments

Announcements

Directory of Course Notes and Handouts (posted as available)

Directory of Past Exams and Review Notes (posted as available)

Syllabus

Catalog description of CS423/523: Practical topics in network security; policy and mechanism, malicious code; intrusion detection, prevention, response; cryptographic protocols for privacy and integrity; emphasis on tradeoffs between risk of misuse, cost of prevention, and societal issues; concepts implemented in programming assignments. Additional projects/assignments and permission required for graduate credit (cs523). Offered yearly. Prerequisite: CS 341 (undergraduate operating systems course)

Recommended background:

Junior/Senior or graduate standing in computer science; completion of CS341/541 or similar operating systems course with a grade of B or better, some experience in systems level programming will be useful; strong programming ability in one of these languages: Java, C, C++, Perl will be helpful in completing assignments.

Administrative Aspects of the Course
This section includes information about the administrative aspects of the class. Some of this will be updated throughout the semester (particularly assignments and announcements). Most of these changes will be announced in class or by email, but it is ultimately your own responsibility to keep informed about deadlines. Hence, you may find it useful to check the Announcements and Homework sections on lecture days, and to read your email on a daily basis.

Supplemental online material

Recommended security books for general reading

Center for Secure and Dependable Systems

Administrative Information

Instructor: Dr. Deborah Frincke

frincke@cs.uidaho.edu

Address:

JEB 228/230

University of Idaho, Moscow

83844-1010
Phone: (208) 885-6501 or (208) 885-4114

Fax via Engineering Outreach-JEB: (208) 885-6165

Fax via Computer Science Department-JEB: (208) 885-9052

TA Email: cs423ta@csds.uidaho.edu

TA Web Page: http://www.uidaho.edu/~kela3012/cs423TApage.htm

We have five Teaching Assistants supporting the class. If you wish to ask them questions or set up an appointment, please send your message to the above email address.

Getting in touch:

For questions about the class, use the subject line [CS423] Topic YourLastName . This will make it easier for me to keep track of ongoing conversations, and help me find your notes on busy days. It will also help others track down urgent messages that arrive when I travel. If you have an URGENT question, please include URGENT in your subject line. I read those notes first. Since there are more Teaching Assistants than instructors, it is likely that questions sent to the TA email address above will be read faster than those sent to me J

Announcements

Prior to the start of class. Subscribe to cs423-talk@csds.uidaho. All of you are welcome to post to cs423-talk and I’ll be using it for announcements. Please be considerate of the other subscribers to the list, and limit your postings to items that are of broad interest. For example, it is probably not appropriate to email the list asking when grades will be posted – ask the TA or ask me directly. It is definitely appropriate to send interesting security articles or to discuss them on the list.

Homework

Updated 22 Nov 2002

This section describes current and “potential” assignments for this class. It will be modified throughout the semester to fit the needs of the class. Be sure to check regularly for changes in dates or requirements; generally these will also be announced by email.

A few assignments, such as the required graduate student papers, have intermediate deadlines for drafts and topic selection, so be sure to read each assignment description carefully.

Unless otherwise indicated, electronic deliverables are due by midnight of the due date with a "free extension" until 7am the following day. You should email all assignments to the TA, and cc the instructor. Anything turned in after that is considered late and will not be accepted unless you use a grace day. Hardcopy will not be required for this class. Please read the section on "Deadlines and Content" with particular care if you are an EO or NTU or WSU student. Also, hardcopy will usually not be required for written and programming assignments; if hardcopy is needed, that will be mentioned in the assignment itself as one of the deliverables.

Categories of Homework Assignments

Papers – graduate students only

Written Assignments – graduates and undergraduates

Programming Assignments – graduates and undergraduates

Undergraduate Project – undergraduates only

Course Schedule

Important dates: see also http://www.uidaho.edu/registrar/calendar02

15 Jan 03: semester starts

23 Jan 03: last day to add/change online

12 Feb 03: last day to avoid add/drop fee and “w” for drop

17 Feb 03: Holiday, UI closed

15 Mar 03 -- 23 Mar 03: Spring break

05 May 03 -- 09 May 03: No-exam week

12 May 03 -- 16 May 03: Finals week

17 May 03: Commencement

19 May 03: Grades due

Assignment	Due
Read the Syllabus and complete items under announcements	January 16
Written 1	January 16
Program 1	January 31
First Paper: Survey Article	Graduate students only Topic: Jan 23 Outline: Jan 30 Final version: Feb 26 Peer review of final version: March 23 – all on campus grad students
Written 2	February 12
FIRST EXAM	*CHANGED to February 27* Note that the instructor will be out of town during most of this exam week, so ask questions early! Material covered on the exam is the same as that prior to the date change: through the end of the lecture on February 18. Exam review scheduled: February 18.
Undergraduate project topic due to instructor	February 25 – undergraduates only
Second Paper: Research Paper	Graduate students only Note date changes Topic: Mar 25 Outline: April 4 Near-final draft given to peer reviewers: April 1-18 *** Unless reassigned, peer reviewers will be the same as for paper 1. Inform the Teaching Assistants prior to April 4 if you prefer alternate reviewers. It is the mutual responsibility of reviewer/writer to organize the exchange of information. Peer reviews back to author: April 23 In-class presentation scheduled late April after second exam – see below. Final version: May 5
Reviews of First paper due	March 23 – all on campus grad students (see also above under First paper)
Spring Break	March 17-21
Program 2 http://www.cs.uidaho.edu/~frincke/classes/classes-02-03/CS423NetSec/Assignments/Program2Virus.htm	March 29
Instructor Out (alternate arrangements for lecture made):	April 1,2
Written 3 The key and the graded homework for written 3 will not be returned prior to exam 2 because of the short time period; be sure to keep a copy of your answers if you wish to bring them with you to the exam.	Posted April 16; due April 30 for on-campus students.
Instructor Out (alternate arrangements for lecture TBA):	April 16-19
Written 4 * This assignment will not be available until shortly after the exam; use it as a reference to be sure you understand the questions. The key and the graded homework for written 4 will not be returned prior to the final; be sure to read through the questions before the second exam.	Due the Monday of Finals week for Moscow Campus. Not a good choice for WSU students due to their shorter semester.
Reviews of Second paper due	April 23 (see also above under Second paper)
SECOND EXAM	April 24
Graduate Research Paper Presentations	Waived due to large class size.
Program 3 * You may turn in the Virus Program (Program 2) but be sure to use the second suite of Unknown Viruses rather than the first suite. Virus test suites will be posted on the TA page.	April 26
OPTIONAL Program 4 * This was added to assist those students who skipped program 1; hence, it is only available to students who turned in the virus detection program for program 2 and hence couldn’t use it for program 3 (ie, you can’t use this option if you are just behind with turning in programs)	May 12
Undergraduate Project	May 5 undergraduates only
“No Exam” Week	May 5 - 9
Optional Comprehensive THIRD EXAM	U of Idaho regularly scheduled final exam time: May 12, Monday 7:30-9:30am WSU Students: You may take the exam either during the regular WSU time, or else take it with the Moscow campus students. Be sure to keep me, and your TA, informed of your decision, which should be made by May 5.

Depending on the abilities of the class, the number and timing of assignments may vary.

If variations occur, it will not change the relative weighting of the categories with regard to grading.

Grade Computation for Undergraduates: CS 423 and Cpt S 425 (last modified March 23, 2003)

Activity	Percent
Exams 2 out of 3	25%
Programs 2 out of 3	25%
Written 2 out of 4	25%
Paper Reviews Two sets	5%
Undergraduate Project	15%
Class Participation (discussion and email) and In-Class Assignments Best 3 plus participation	5%
Bonus	Up to 8%

Graduate Grades (CS523 and Cpt S 525) will be computed as follows: (last modified March 23, 2003)

Activity	Percent
Exams Best 2 out of 3	25%
Programs 1 out of 3	20%
Written 2 out of 4	20%
Survey Paper	10%
Research Paper and In-Class Presentation	15%
Paper Reviews Two sets	5%
Class Participation and In-Class Assignments Best 3 plus participation	5%
Bonus	Up to 8%

Class Curve and Your Score

When I compute the final grades for this class, I will be examining the class curve (including extra credit). I will not be computing the class curve until the end of the semester. You can use the following table as the minimum level of effort required to achieve each letter grade. I may "lower the bar" if the class overall performance warrants it, but I will not raise the bar – I’d love to give all As if everyone earns them!

Grade Minimum

A Cutoff: 89%

B Cutoff: 79%

C Cutoff: 69%

Submission Guidelines and Assignment Overview
The primary types of assignment for this class will be papers, examinations, written (problem-solving and essay), traditional programming challenges, class participation, and a “discussion leadership” activity. All assignments are expected to be individual efforts unless otherwise noted, although students are welcome to discuss issues with classmates. Be sure to read through the sections on Policy and turning in assignments, and grace days.

Cheating and computer misuse

Usually this does not occur in my classes. My policy for handling cheating or computer misuse is shown below. You are responsible for understanding this policy – feel free to ask if you are puzzled by anything mentioned.

For those who cheat/misuse a computer, but think better of their error, and notify me before I catch it:

a reduction of a letter grade in the class, and

a zero for the full assignment in question, and

loss of all bonus points

For those students I catch:

immediate failure in the class

I usually also officially notify all relevant campus agencies

Cheating includes: plagiarism of all kinds, copying, misrepresentation, misuse of computers … all activities which violate traditional academic ethical standards.

Some students are confused about what constitutes cheating. If you are not sure whether a certain form of collaboration is cheating (say, someone helps you find a good algorithm to use), please contact me or one of my assistants in advance. We will discuss guidelines for proving proper citations/writing practices to avoid inadvertent plagiarism.

As a rule of thumb, if you obtain significant help from any outside source, you should include a citation. For instance: if a friend helps you identify an algorithm, put a note in the source code. If you find a paragraph in an article you read to be especially helpful in forming your notes, cite the article. Avoid direct quotes or near-original wording.

Computer misuse is a felony in the State of Idaho. We will cooperate fully with the FBI, campus IT staff, and local law enforcement if the need arises.

Turning In Assignments

For all assignments involving email deliverables, you will have a specific format for this class. In the subject line of your email, you should include the following:

[CS423] Yourlastname KEYWORD

For instance, if I were submitting a copy of my first written assignment, I would look up the required keyword (Written1) and send my email this way:

[CS423] Frincke Written1

Please note that these instructions are CASE SENSITIVE – you should not use [cs423] frincke written1, for instance. This will cut down on the time we have to spend moving email around, help us find email you submit more rapidly, and in general reduce paperwork and speed up our interactions. Note that many assignments require you to turn in an electronic version for a timestamp only. This semester we are not requiring hardcopy. You will receive email on a regular basis indicating which assignments we’ve received, and you are responsible for notifying us and replacing any assignment not marked as “received” by the deadline.

Deadlines and Content

I have learned by past experience with the complexity involved in making combined video/campus courses work under the above circumstances that it is best to give all dates with respect to the local calendar, and provide a grace period for EO students.

EO students attending by compressed video (so far Boise and Idaho Falls), or any NTU students watching the course live by satellite should use the local deadlines for all electronic deliverables.

EO students attending by taped lectures (video tape) and NTU students watching by videotape should add up to ten working days to local U of Idaho electronic deadlines.

Sometimes I slip and say, "send me this assignment next class period" rather than give a date. That appears to cause more panic in video students than anything else that occurs throughout the semester J I’d like to avoid that this year. So, students attending by taped lecture should assume that "today" is the actual day you heard or watched the videotape, "next lecture" is three working days after you watched the videotape, "next week" is five working days after you watched the videotape, and "in a week and a half" means seven working days after you watched the videotape (working days are Mon/Tues/Wed/Thurs/Fri in traditional USA slang). I am going to trust you to be accurate as to when you are watching the videotapes …

When your assignment is returned to you depends on several factors. Our goal for local students is to have all exams graded by the next lecture day and all homework graded and returned within one week of submission. Our goal for off campus students is to have homework graded and placed in the outgoing campus mailbox within six working days of receipt if it is graded by a U of Idaho TA and within ten working days of receipt if it graded by the WSU TA (to allow for transport time between campuses). I have found that mail between WSU and UI can take 1-4 days, and mail between EO and campus can take between 2-5 days each way. Holidays increase the delay by up to a week. If you have your proctor send your exam by FAX it will speed things considerably, as can faxed hardcopy (if it is SHORT). Please keep these real world constraints in mind.

General Course Policy

Grace Days

You will be given two "grace days" that may each be used to extend these deadlines by one class period. Grace days may be used either for programming or written assignments, but not for group assignments. Grace days are intended to help students handle personal emergencies and/or system problems that may arise during the semester. NO OTHER EXTENSIONS WILL BE GIVEN, so use these grace days sparingly. Unused grace days may usually be used as extra credit at the end of the semester at the rate of 1% in the class each (so, if you have earned 87% overall – a B -- in the class, but have two grace days unused, this would raise you to an A even if you have not done any extra credit assignments. See individual course grading guidelines for details. Of course, exams may not be postponed with grade days :) One grace day is equivalent to permitting:

... An assignment with a Monday or a Tuesday deadline to be turned in on Thursday
… An assignment with a Wednesday deadline to be turned in on Friday
… An assignment with a Thursday or Friday deadline to be turned in on Tuesday

General Policy

No late assignments will be accepted (see Grace Days).
Assignments will be typed (diagrams may be handwritten neatly)
The exams will be given only at the scheduled times.
Students may confer with each other about general approaches to assignments, but all work turned in must be entirely that student's own work, or the work of the team.
Students are encouraged to reuse code from outside sources for their class project; however, such code must be clearly marked.
NO INCOMPLETES will be given. Student grades will be based on the work submitted.
Cheating on exams or homework will be heavily penalized.
Remember, misuse of computers and files is a felony in the state of Idaho!

VIDEO STUDENTS ESPECIALLY should be very careful about using any of the security related scans and techniques on their own systems. ALWAYS ASK your local system administrator if you plan to use corporate resources (which I advise against, by the way). I suggest informing both your boss and your sysadmin that you are in the class and finding out what your corporate policy is before even the most harmless-seeming experiment. Our local systems also have security policies, so always obtain permission for tests, experiments, and the examination of security-relevant information when using those systems as well.

For the skeptics among you: One student in 1999 only followed my requirements on the above reluctantly, more to humor his instructor than anything else. It seems he felt that a friendly network scan would be okay because it would not damage his local system and he was not planning to use the results illegally. Fortunately he decided that following instructions wouldn’t hurt, and asked for permission … only to learn from his boss that, if he HAD proceeded as he’d planned, he would have been fired if/when discovered. We found an alternate assignment for this student.

PS: If you made it all the way here, then send me an email with EASTEREGG in the subject and explain how you will be computing the deadline for Program 1 in the body … and don’t tell your classmates! I am curious as to who follows instructions. You will receive 5 bonus points for the email if it arrives by the end of the day January 17 (local). Remember to continue reading through the part below on "Policy", though.

Especially For Video Students

Welcome!

In my experience I have found that video students are tend to be exceptionally hard working people with substantial real life obligations. I have a few tips and comments I’d like to share with you in hopes that it will improve your EO experience.

Video students often feel isolated and sometimes a bit lost, particularly if they are not used to video courses. It is a strange feeling to be alone in a room watching a television screen if you are used to being surrounded by peers. This is a normal reaction. There are things we can do to improve the experience, and Engineering Outreach has suggestions as well. One technique that is often successful is to "buddy up" with one or more other video students, and if you are interested in making contact with your video colleagues my assistants and I can help you do that. Just email us and let us know. Another activity that will help is for you to send periodic emails my way – for instance, when you think of a question during a tape, and you want to ask it but find that the pixels on the screen aren’t answering it, send email! If you have had an experience you’d like to share with your peers, tell me and I’ll pass it along! Also, if you can touch base by phone at least once during the semester it will help you feel more of a part of the class.

The other emotions you may feel from time to time are: impatience about deliverables, wondering if you are being ignored, and confusion about your class standing. Unfortunately the former is almost inevitable, because of the time delay between when you send in your efforts and when you hear back. In this case, patience and communication are the best responses. If I’m unavailable, my assistants (and the CSDS office staff!) can tell you. That will usually explain why I haven’t written back within a day or so. Look at the Deadlines section above and keep those in mind when you are wondering WHERE that returned assignment is (and do send email if it seems we should have gotten paperwork back to you; things do get lost from time to time). My assistants can be of great help here as well – they are the best people to ask if you are wondering when an assignment will be returned, or if we even received it. We’ll be keeping you informed about your class standing by email on a regular basis; feel free to ask in between times.

Procrastination is a problem for video students, even more than it is for the locals. You are more likely to have unexpected situations arise that will prevent you from finishing on time with a heroic-effort-at-the-last-minute strategy. So, I suggest that you attempt to turn all assignments in a few days early … and that you start your paper immediately (some of the programs, too). This will reduce your stress levels substantially when the boss calls with that big promotion or your company goes public right before a deadline.

If you do have a major life event occur, and the grace days aren’t enough to help out … CONTACT ME RIGHT AWAY. Arrangements can sometimes be made regarding deadlines. I also recommend that you avoid falling into the “always have an incomplete class to make up” trap that catches many outreach students. The “I always have an incomplete class to make up” scenario usually starts with a student who has an interruption due to a work or life related issue … gets an incomplete … doesn’t quite finish the incomplete before the next semester starts … starts on one/two new classes anyway so as not to get behind, but now has to juggle the incomplete … finishes the incomplete but finds that s/he now can’t quite get the current class done … requests and obtains another incomplete … and the cycle continues. This is very hard on you. You need breaks between semesters more than our local students do, and you’ll never get that break if you fall into this “incomplete” cycle. My recommendation: if you find that you have incompletes two semesters or more in a row, plan to spend one full semester catching up. That will let you start fresh during semester four. Your grades – and family/friends – will thank you J

Finally, the most important thing for you to realize is that I do understand the difference between taking classes live and by tape. I’ve been working with Engineering Outreach since 1993. I’ve worked with numerous masters students entirely through EO, and had one PhD student finish up that way. I’ve had students successfully complete classes despite moving two and three times in a semester (one moved 17 times in a year). I’ve had students who had to delay exams because the fighter jet they flew ran out of gas in overseas and couldn’t be refueled (fact). I’ve had students who contacted me with questions via spouses because their job involved time on a secret base and they were sequestered during my office hours, and email was out because their computer was in a military vehicle somewhere between the east and west coast. I’ve had students who had to fly to Europe on an afternoon’s notice because their company’s branch there was going out of business and they were assigned to turn them into fiscal successes rather than flops.

These things do not happen to my on-campus students as a general rule J

What I’ve found is this. As long as the communication lines are open, everyone is honest about time commitments, we all put out our best effort to make things work, and we remain both FLEXIBLE and professional in our dealings, taking classes by EO will be a pleasant and rewarding experience. So, good luck, keep in touch, and welcome to CS 504.

n Deb.

Frequently Asked Questions for Spring 2003

Created: November 2003

Updated: November 2003

Question 1: Will the class be offered in 2004?

Normally the class is offered every Spring. If we are able to continue to do so, it will depend on two things: (A) Ability of the department to include it in the schedule, and (B) Demand for the class.

Question 2: May I take this course at the 500 level even if I am an undergraduate?

Yes … but you’ll be expected to meet the UI’s criteria for undergraduates, and to maintain the same standards I set for the graduate students.

Question 3: The wait list is pretty long – will I get in?

That depends. I will make every effort to include as many students as possible. Priorities will be students who are participants in the SFS program (since they are required to take a security-oriented curriculum as part of their scholarship) and students doing research in this area. If the department is able to assist in terms of grading resources, we should be able to accommodate everyone.

Question 4: How will EO students be assigned participation points and present their research papers?

We’re going to solve this by being flexible J Some EO students may be able to participate by videotaping a presentation; others by finding an on-campus student to help them with their power point slides and joining us by phone to lead the discussion. Others might be asked to lead an “e-discussion” or hold “e-office hours”. Still other participation opportunities will involve sending in comments on the in-class work of others. Participation can always be shown by emailing in questions, answers, and being active on the cs423-talk list, as appropriate. I used all of these techniques quite successfully during fall 03; we all benefited by closer contact between the Moscow campus and the offcampus students.

Question 5: How will the participation of WSU students change the course?

This course is crosslisted on the WSU campus. Depending on the level of enrollment at WSU, some of the course lectures may be delivered from that site and sent to Moscow, rather than delivered from Moscow to WSU. WSU is supplying me with a TA who will hold office hours at WSU and assist with general grading for the course. I will also periodically hold office hours at WSU.