CS
423/523 Network Security/U of Idaho
Crosslisted
as
Cpt
S 425/525 via WHETS/WSU
Spring
2003
Deborah Frincke
|
9:30 am - 10:45
am |
T |
JEB |
026 | |
|
9:30 am - 10:45
am |
R |
|
| |
Frequently
Visited Links
Homework: Undergraduate
Grading, Graduate
Grading, Schedule,
Kinds
of Assignments
Directory of Course
Notes and Handouts (posted as available)
Directory of Past
Exams and Review Notes (posted as available)
Syllabus
Catalog
description of CS423/523:
Practical topics in network security; policy and mechanism, malicious code;
intrusion detection, prevention, response; cryptographic protocols for privacy
and integrity; emphasis on tradeoffs between risk of misuse, cost of prevention,
and societal issues; concepts implemented in programming assignments.
Additional projects/assignments and permission required for graduate credit
(cs523). Offered yearly.
Prerequisite: CS 341 (undergraduate operating systems
course)
Recommended background:
Junior/Senior or graduate
standing in computer science; completion of CS341/541 or similar operating
systems course with a grade of B or better, some experience in systems level
programming will be useful; strong programming ability in one of these
languages: Java, C, C++, Perl will be helpful in completing
assignments.
Administrative
Aspects of the Course
This section includes information about the
administrative aspects of the class. Some of this will be updated throughout the
semester (particularly assignments and announcements). Most of these changes
will be announced in class or by email, but it is ultimately your own
responsibility to keep informed about deadlines. Hence, you may find it useful
to check the Announcements and Homework sections on lecture days, and to read
your email on a daily basis.
Supplemental online material
Recommended security books for general reading
Center for
Secure and Dependable Systems
Administrative Information
Instructor: Dr. Deborah
Frincke
Address:
JEB 228/230
University of Idaho,
Moscow
83844-1010
Phone: (208)
885-6501 or (208) 885-4114
Fax via Engineering
Outreach-JEB: (208) 885-6165
Fax via Computer Science
Department-JEB: (208) 885-9052
TA Email: cs423ta@csds.uidaho.edu
TA Web Page: http://www.uidaho.edu/~kela3012/cs423TApage.htm
We have five Teaching Assistants
supporting the class. If you wish to ask them questions or set up an
appointment, please send your message to the above email address.
Getting in
touch:
For questions about the class, use the subject line
[CS423] Topic YourLastName . This will make it easier for me to keep
track of ongoing conversations, and help me find your notes on busy days. It will also help others track down
urgent messages that arrive when I travel. If you have an URGENT question,
please include URGENT in your subject line. I read those notes first.
Since there are more Teaching Assistants than instructors, it is likely that
questions sent to the TA email address above will be read faster than those sent
to me J
Announcements
Prior to the start
of class. Subscribe to
cs423-talk@csds.uidaho. All of you are welcome to post to cs423-talk and I’ll be using it for
announcements. Please be considerate of the other
subscribers to the list, and limit your postings to items that are of broad
interest. For example, it is probably not appropriate to email the list asking
when grades will be posted – ask the TA or ask me directly. It is definitely
appropriate to send interesting security articles or to discuss them on the
list.
Homework
Updated 22 Nov
2002
This section describes current and “potential”
assignments for this class. It will be modified throughout the semester to fit
the needs of the class. Be sure to
check regularly for changes in dates or requirements; generally these will also
be announced by email.
A few assignments, such as the required graduate
student papers, have intermediate deadlines for drafts and topic selection, so
be sure to read each assignment description carefully.
Unless otherwise indicated, electronic deliverables
are due by midnight of the due date with a "free extension" until 7am the
following day. You should email all
assignments to the TA, and cc the instructor. Anything turned in after that is
considered late and will not be
accepted unless you use a grace day. Hardcopy will not be required
for this class. Please read the section on "Deadlines and Content" with
particular care if you are an EO or NTU or WSU student. Also, hardcopy
will usually not be required for written and programming assignments; if
hardcopy is needed, that will be mentioned in the assignment itself as one of
the deliverables.
Categories of Homework Assignments
Papers
– graduate students only
Written
Assignments – graduates and undergraduates
Programming
Assignments – graduates and undergraduates
Undergraduate
Project – undergraduates only
Course Schedule
Important dates: see also http://www.uidaho.edu/registrar/calendar02
|
15 Jan 03: semester
starts |
|
23 Jan 03: last day to add/change
online |
|
12 Feb 03: last day to avoid add/drop fee and
“w” for drop |
|
17 Feb 03: Holiday, UI
closed |
|
15 Mar 03 -- 23 Mar 03: Spring
break |
|
05 May 03 -- 09 May 03: No-exam
week |
|
12 May 03 -- 16 May 03: Finals
week |
|
17 May
03: Commencement |
|
19 May
03: Grades due |
|
Assignment |
Due |
|
Read the Syllabus and complete items under announcements |
January 16 |
|
Written 1
|
January 16 |
|
January 31 | |
|
Survey Article
|
Graduate students
only Topic: Jan 23 Outline: Jan
30 Final version: Feb
26 Peer review of final version:
March 23 – all on campus grad students |
|
February 12 | |
|
FIRST EXAM |
CHANGED to
February 27 Note that the instructor will be
out of town during most of this exam week, so ask questions
early! Material covered on the exam is
the same as that prior to the date change: through the end of the lecture
on February 18. Exam review scheduled: February
18. |
|
Undergraduate project topic due to
instructor |
February 25 – undergraduates
only |
|
Research Paper
|
Graduate students
only Note date
changes Topic: Mar 25 Outline: April
4 Near-final draft given to peer
reviewers: April 1-18 *** Unless
reassigned, peer reviewers will be the same as for paper 1. Inform the
Teaching Assistants prior to April 4 if you prefer alternate reviewers. It
is the mutual responsibility of reviewer/writer to organize the exchange
of information. Peer reviews back to author: April
23 In-class presentation scheduled late
April after second exam – see below. Final version: May 5 |
|
Reviews of First paper
due |
March 23 – all on campus grad
students (see also above under First
paper) |
|
Spring
Break |
March
17-21 |
|
Program 2 http://www.cs.uidaho.edu/~frincke/classes/classes-02-03/CS423NetSec/Assignments/Program2Virus.htm |
March 29 |
|
Instructor Out
(alternate arrangements for lecture made): |
April
1,2 |
|
The key and the graded homework for written 3 will not be returned prior to exam 2 because of the short time period; be sure to keep a copy of your answers if you wish to bring them with you to the exam. |
Posted April 16; due April 30 for on-campus students. |
|
Instructor Out
(alternate arrangements for lecture TBA): |
April
16-19 |
|
Written
4 * This assignment will not be available until shortly after the
exam; use it as a reference to be sure you understand the
questions. The key and the graded homework for
written 4 will not be returned prior to the final; be sure to read
through the questions before the second exam. |
Due the Monday of Finals week for
Moscow Campus. Not a good choice for WSU students
due to their shorter semester. |
|
Reviews of Second paper
due |
April 23
(see also above under Second
paper) |
|
SECOND EXAM |
April 24 |
|
Graduate Research Paper
Presentations |
Waived due to large
class size. |
|
Program 3 * You may turn in the Virus Program
(Program 2) but be sure to use the second suite of Unknown Viruses rather
than the first suite. Virus test suites will be posted on the TA
page. |
April 26 |
|
OPTIONAL Program
4 * This was added to assist those
students who skipped program 1; hence, it is only available to students
who turned in the virus detection program for program 2 and hence couldn’t
use it for program 3 (ie, you can’t use this option if you are just behind
with turning in programs) |
May 12 |
|
May 5 undergraduates only | |
|
“No Exam”
Week |
May 5 -
9 |
|
Optional Comprehensive THIRD EXAM
|
U of Idaho regularly scheduled final
exam time: May 12, Monday 7:30-9:30am WSU Students: You
may take the exam either during the regular WSU time, or else take it with
the Moscow campus students. Be sure to keep me, and your TA, informed of
your decision, which should be made by May 5. |
Depending on the abilities of
the class, the number and timing of assignments may vary.
If variations occur, it will
not change the relative weighting of the categories with regard to grading.
Grade Computation for Undergraduates: CS 423 and Cpt S 425 (last modified March 23, 2003)
|
Activity |
Percent |
|
Exams 2 out of 3 |
25% |
|
Programs 2 out of 3 |
25% |
|
Written 2 out of 4 |
25% |
|
Paper Reviews Two sets |
5% |
|
Undergraduate Project |
15% |
|
Class Participation (discussion and
email) and In-Class
Assignments Best 3 plus
participation |
5% |
|
Bonus |
Up to
8% |
Graduate Grades (CS523 and Cpt S 525) will be computed as follows: (last modified March 23, 2003)
|
Activity |
Percent |
|
Exams Best 2 out of 3 |
25% |
|
Programs 1 out of 3 |
20% |
|
Written 2 out of 4 |
20% |
|
Survey Paper |
10% |
|
Research Paper and In-Class
Presentation |
15% |
|
Paper Reviews Two sets |
5% |
|
Class Participation and In-Class
Assignments Best 3 plus
participation |
5% |
|
Bonus |
Up to
8% |
Class Curve and
Your Score
When I compute the final grades for this class, I
will be examining the class curve (including extra credit). I will not be
computing the class curve until the end of the semester. You can use the
following table as the minimum level of effort required to achieve each letter
grade. I may "lower the bar" if the class overall performance warrants it, but I
will not raise the bar – I’d love to give all As if everyone earns them!
|
Grade Minimum |
|
A Cutoff: 89% |
|
B Cutoff: 79% |
|
C Cutoff: 69% |
Submission
Guidelines and Assignment Overview
The primary types of assignment for this class
will be papers, examinations, written (problem-solving and essay), traditional
programming challenges, class participation, and a “discussion leadership”
activity. All assignments are expected to be individual efforts unless otherwise
noted, although students are welcome to discuss issues with classmates. Be sure
to read through the sections on Policy
and turning
in assignments, and grace
days.
Cheating
and computer misuse
Usually this does not occur in my classes. My
policy for handling cheating or computer misuse is shown below. You are
responsible for understanding this policy – feel free to ask if you are puzzled
by anything mentioned.
For those who cheat/misuse a computer, but think
better of their error, and notify me before I catch it:
a
reduction of a letter grade in the class, and
a zero
for the full assignment in question, and
loss
of all bonus points
OR
For
those students I catch:
immediate failure in the
class
I usually also officially
notify all relevant campus agencies
Cheating includes: plagiarism of all kinds,
copying, misrepresentation, misuse of computers … all activities which violate
traditional academic ethical standards.
Some students are confused about what constitutes
cheating. If you are not sure whether a certain form of collaboration is
cheating (say, someone helps you find a good algorithm to use), please contact
me or one of my assistants in advance. We will discuss guidelines for proving
proper citations/writing practices to avoid inadvertent
plagiarism.
As a
rule of thumb, if you obtain significant help from any outside source, you
should include a citation. For
instance: if a friend helps you identify an algorithm, put a note in the source
code. If you find a paragraph in an article you read to be especially helpful in
forming your notes, cite the article. Avoid direct quotes or near-original
wording.
Computer misuse is a felony in the State of Idaho. We will
cooperate fully with the FBI, campus IT staff, and local law enforcement if the
need arises.
Turning In Assignments
For all assignments involving email deliverables,
you will have a specific format for this class. In the subject line of your
email, you should include the following:
[CS423] Yourlastname
KEYWORD
For instance, if I were submitting a copy of my
first written assignment, I would look up the required keyword (Written1) and
send my email this way:
[CS423] Frincke Written1
Please note that these instructions are CASE
SENSITIVE – you should not use [cs423] frincke written1, for instance.
This will cut down on the time we have to spend moving email around, help us
find email you submit more rapidly, and in general reduce paperwork and speed up
our interactions. Note that many assignments require you to turn in an
electronic version for a timestamp only. This semester we are not requiring
hardcopy. You will receive email on a regular basis indicating which assignments
we’ve received, and you are responsible for notifying us and replacing any
assignment not marked as “received” by the deadline.
Deadlines and Content
I have learned by past experience with the
complexity involved in making combined video/campus courses work under the above
circumstances that it is best to give all dates with respect to the local
calendar, and provide a grace period for EO students.
EO students attending by compressed video (so far
Boise and Idaho Falls), or any NTU students watching the course live by
satellite should use the local
deadlines for all electronic deliverables.
EO students attending by taped lectures (video
tape) and NTU students watching by videotape should add up to ten working days to local U
of Idaho electronic deadlines.
Sometimes I slip and say, "send me this assignment next class
period" rather than give a date. That appears to cause more panic in video
students than anything else that occurs throughout the semester J I’d
like to avoid that this year. So, students attending by taped lecture should
assume that "today" is the actual day you heard or watched the videotape, "next
lecture" is three working days after you watched the videotape, "next week" is
five working days after you watched the videotape, and "in a week and a half"
means seven working days after you watched the videotape (working days are
Mon/Tues/Wed/Thurs/Fri in traditional USA slang). I am going to trust you to be
accurate as to when you are watching the videotapes …
When your assignment is returned to
you depends on several factors.
Our goal for local students is to have all exams graded by the next lecture day
and all homework graded and returned within one week of submission. Our goal for
off campus students is to have homework graded and placed in the outgoing campus
mailbox within six working days of receipt if it is graded by a U of Idaho TA
and within ten working days of receipt if it graded by the WSU TA (to allow for
transport time between campuses). I have found that mail between WSU and UI can
take 1-4 days, and mail between EO and campus can take between 2-5 days each
way. Holidays increase the delay by up to a week. If you have your proctor
send your exam by FAX it will speed things considerably, as can faxed hardcopy
(if it is SHORT). Please keep these real world constraints in mind.
General Course
Policy
Grace Days
You will be given two "grace days" that may each be
used to extend these deadlines by one class period. Grace days may be used
either for programming or written assignments, but not for group assignments.
Grace days are intended to help students handle personal emergencies and/or
system problems that may arise during the semester. NO OTHER EXTENSIONS WILL
BE GIVEN, so use these grace days sparingly. Unused grace days may usually
be used as extra credit at the end of the semester at the rate of 1% in the
class each (so, if you have earned 87% overall – a B -- in the class, but have
two grace days unused, this would raise you to an A even if you have not done
any extra credit assignments. See individual course grading guidelines for
details. Of course, exams may not be postponed with grade days :) One grace day
is equivalent to permitting:
- ... An assignment with a Monday or a
Tuesday deadline to be turned in on Thursday
- … An assignment with a Wednesday
deadline to be turned in on Friday
- … An assignment with a Thursday or
Friday deadline to be turned in on Tuesday
General Policy
- No late assignments will be accepted (see
Grace Days).
- Assignments will be typed (diagrams may be
handwritten neatly)
- The exams will be given only at the scheduled
times.
- Students may confer with each other about general
approaches to assignments, but all work turned in must be entirely that
student's own work, or the work of the team.
- Students are encouraged to reuse code from
outside sources for their class project; however, such code must be clearly
marked.
- NO INCOMPLETES will be given. Student grades will
be based on the work submitted.
- Cheating on exams or homework will be heavily
penalized.
- Remember, misuse of computers and files is a
felony in the state of Idaho!
VIDEO STUDENTS ESPECIALLY should be very careful
about using any of the security related scans and techniques on their own
systems. ALWAYS ASK your local system administrator if you plan to use corporate
resources (which I advise against, by the way). I suggest informing both your
boss and your sysadmin that you are in the class and finding out what your
corporate policy is before even the most harmless-seeming experiment. Our local
systems also have security policies, so always obtain permission for tests,
experiments, and the examination of security-relevant information when using
those systems as well.
For the skeptics among you: One student in 1999
only followed my requirements on the above reluctantly, more to humor his
instructor than anything else. It seems he felt that a friendly network scan
would be okay because it would not damage his local system and he was not
planning to use the results illegally. Fortunately he decided that following
instructions wouldn’t hurt, and asked for permission … only to learn from his
boss that, if he HAD proceeded as he’d planned, he would have been fired if/when
discovered. We found an alternate assignment for this
student.
PS: If you made it all the way here, then send me
an email with EASTEREGG in the subject and explain how you will be computing the
deadline for Program 1 in the body … and don’t tell your classmates! I am
curious as to who follows instructions. You will receive 5 bonus points for the
email if it arrives by the end of the day January 17 (local). Remember to
continue reading through the part below on "Policy", though.
Especially For Video Students
Welcome!
In my experience I have found that video students
are tend to be exceptionally hard working people with substantial real life
obligations. I have a few tips and comments I’d like to share with you in hopes
that it will improve your EO experience.
Video students often feel isolated and sometimes a
bit lost, particularly if they are not used to video courses. It is a strange
feeling to be alone in a room watching a television screen if you are used to
being surrounded by peers. This is a normal reaction. There are things we can do
to improve the experience, and Engineering Outreach has suggestions as well. One
technique that is often successful is to "buddy up" with one or more other video
students, and if you are interested in making contact with your video colleagues
my assistants and I can help you do that. Just email us and let us know. Another
activity that will help is for you to send periodic emails my way – for
instance, when you think of a question during a tape, and you want to ask it but
find that the pixels on the screen aren’t answering it, send email! If you have
had an experience you’d like to share with your peers, tell me and I’ll pass it
along! Also, if you can touch base by phone at least once during the semester it
will help you feel more of a part of the class.
The other emotions you may feel from time to time
are: impatience about deliverables, wondering if you are being ignored, and
confusion about your class standing. Unfortunately the former is almost
inevitable, because of the time delay between when you send in your efforts and
when you hear back. In this case, patience and communication are the best
responses. If I’m unavailable, my assistants (and the CSDS office staff!) can
tell you. That will usually explain why I haven’t written back within a day or
so. Look at the Deadlines section above and keep those in mind when you are
wondering WHERE that returned assignment is (and do send email if it seems we
should have gotten paperwork back to you; things do get lost from time to time).
My assistants can be of great help here as well – they are the best people to
ask if you are wondering when an assignment will be returned, or if we even
received it. We’ll be keeping you informed about your class standing by email on
a regular basis; feel free to ask in between times.
Procrastination is a problem for video students,
even more than it is for the locals. You are more likely to have unexpected
situations arise that will prevent you from finishing on time with a
heroic-effort-at-the-last-minute strategy. So, I suggest that you attempt to
turn all assignments in a few days early … and that you start your paper
immediately (some of the programs, too). This will reduce your stress levels
substantially when the boss calls with that big promotion or your company goes
public right before a deadline.
If you do have a major life event occur, and the
grace days aren’t enough to help out … CONTACT ME RIGHT AWAY. Arrangements can
sometimes be made regarding deadlines. I also recommend that you avoid falling
into the “always have an incomplete class to make up” trap that catches many
outreach students. The “I always have an incomplete class to make up” scenario
usually starts with a student who has an interruption due to a work or life
related issue … gets an incomplete … doesn’t quite finish the incomplete before
the next semester starts … starts on one/two new classes anyway so as not to get
behind, but now has to juggle the incomplete … finishes the incomplete but finds
that s/he now can’t quite get the current class done … requests and obtains
another incomplete … and the cycle continues. This is very hard on you. You
need breaks between semesters more than our local students do, and you’ll
never get that break if you fall into this “incomplete” cycle. My
recommendation: if you find that you have incompletes two semesters or more in a
row, plan to spend one full semester catching up. That will let you start
fresh during semester four. Your grades – and family/friends – will thank you
J
Finally, the most important thing for you to
realize is that I do understand the difference between taking classes
live and by tape. I’ve been working with Engineering Outreach since 1993. I’ve
worked with numerous masters students entirely through EO, and had one PhD
student finish up that way. I’ve had students successfully complete classes
despite moving two and three times in a semester (one moved 17 times in a year).
I’ve had students who had to delay exams because the fighter jet they flew ran
out of gas in overseas and couldn’t be refueled (fact). I’ve had students who
contacted me with questions via spouses because their job involved time on a
secret base and they were sequestered during my office hours, and email was out
because their computer was in a military vehicle somewhere between the east and
west coast. I’ve had students who had to fly to Europe on an afternoon’s notice
because their company’s branch there was going out of business and they were
assigned to turn them into fiscal successes rather than flops.
These things do not happen to my on-campus students
as a general rule J
What I’ve found is this. As long as the
communication lines are open, everyone is honest about time commitments, we all
put out our best effort to make things work, and we remain both FLEXIBLE and
professional in our dealings, taking classes by EO will be a pleasant and
rewarding experience. So, good luck, keep in touch, and welcome to CS 504.
n Deb.
Frequently Asked Questions for Spring 2003
Created: November 2003
Updated:
November 2003
Question
1: Will the class be offered in 2004?
Normally
the class is offered every Spring.
If we are able to continue to do so, it will depend on two things: (A) Ability of the department to include
it in the schedule, and (B) Demand for the class.
Question
2: May I take this course at the 500 level even if I am an undergraduate?
Yes
… but you’ll be expected to meet the UI’s criteria for undergraduates, and to
maintain the same standards I set for the graduate students.
Question
3: The wait list is pretty long – will I get in?
That
depends. I will make every effort to include as many students as possible.
Priorities will be students who are participants in the SFS program (since they
are required to take a security-oriented curriculum as part of their
scholarship) and students doing research in this area. If the department is able
to assist in terms of grading resources, we should be able to accommodate
everyone.
Question
4: How will EO students be assigned participation points and present their
research papers?
We’re
going to solve this by being flexible J
Some EO students may be able to participate by videotaping a presentation;
others by finding an on-campus student to help them with their power point
slides and joining us by phone to
lead the discussion. Others might be asked to lead an “e-discussion” or hold
“e-office hours”. Still other
participation opportunities will involve sending in comments on the in-class
work of others. Participation can always be shown by emailing in questions,
answers, and being active on the cs423-talk list, as appropriate. I used all of
these techniques quite successfully during fall 03; we all benefited by closer
contact between the Moscow campus and the offcampus students.
Question
5: How will the participation of WSU students change the course?
This course is crosslisted on the WSU campus. Depending on the level of enrollment at WSU, some of the course lectures may be delivered from that site and sent to Moscow, rather than delivered from Moscow to WSU. WSU is supplying me with a TA who will hold office hours at WSU and assist with general grading for the course. I will also periodically hold office hours at WSU.