CS 457/557 EE 410/510
Computer and Network Security
 
 
Recommended Textbooks
 

Ross Anderson. Security Engineering.
John Wiley & Sons, ISBN 0-471-38922-6,
http://ross-anderson.com/.

Matt Bishop. Introduction to Computer Security.
Addison-Wesley, ISBN 0-321-24744-2,
http://nob.cs.ucdavis.edu/book-intro/.

Greg Hoglund and Gary McGraw. Exploiting Software : How to Break Code.
Addison-Wesley, ISBN 0-201-78695-8,
Sample Chpater: Reverse Engineering and Program Understanding

Jeanna Matthews. Computer Networking: Internet Protocols In Action.
Specifically Exercises 6.1 - 6.3,
John Wiley and Sons , ISBN 0-471-66186-4
http://www.wiley.com/college/matthews.

Description
Attacks on networked computer systems are an increasingly important problem. This course covers the types of vulnerabilities that are present in modern computer systems and the types of malicious software that exploit these vulnerabilities. It also covers best practices for preventing, detecting and responding to such attacks including anti-virus software, defensive programming techniques, intrusion detection systems, honeypots and firewalls. Given when needed (typically every other spring).
Prerequisites

A general course in computer networking such as CS 455/555 or EE 407/507.
Programming experience to the level of CS 142 or EE 361CS 344

Objectives
  • Expose student to major classifications of malware.
  • Investigate and understand the weaknesses in our software and network protocols that allow attacks.
  • Provide students with tools and strategies for diagnosing infected machines.
  • Enable students to proactively secure computer systems.
  • Expose students to how anti-virus materials are produced.
  • Encourage students to propose and investigate innovations that can reduce risk of infection or damage from infection.

Outcomes
  • Students will be able to characterize and distinguish between major types of malicious software or malware including for example viruses, Trojan Horses, worms and spyware.
  • Students will be able to diagnose systems that have been compromised by malware using tools such as intrusion detection systems and network protocol analyzers.
  • Students will use databases of credible information on specific attacks such as Symantec Security Response and Computer Emergency Response Team (CERT).
  • Students will be familiar with best practices for preventing and recovering from attacks including closing unused network ports, keeping software up-to-date and regular system back-ups.
  • Students will understand how defenses against new attacks are developed and distributed.
  • Students will think critically about the state of art in computer and network security including weaknesses in our response to new attack codes and weaknesses in systems that automatically update software.

Grading
  Tentative grade breakdown:
  • 40% Quizzes
  • 20% Technical Project
  • 20% Ethical Debate Essay
  • 20% Homework Assignments; Class/Lab Participation
Late Policy
I do no plan on accepting late work for credit. If you complete an assignment late, you may submit it with a written note explaining the circumstances. If I have not completed the grading, I will grade your work, but the score will be recorded as a zero.

I will however keep a special folder with the explanatory notes you have written and possibly the score that would have been assigned if the work was submitted on time. At the end of the semester, before assigning final grades, I will read through all the notes in the folder one more time and consider reinstating or dropping the score for that assignment if it was an isolated incident and if it would indeed have changed the final grade.

Academic Integrity
All work you submit must be your own individual work unless explictly indicated. In particular, work taken from books, the Internet, other students or any other source may not be submitted as your own. You are always better to err on the side of acknowledging sources and collaborations!!!

Additional information about rights, obligations and procedures related to academic integrity can be found in Section IV of Clarkson's official regulations.

 
 
Questions? Contact Jeanna Matthews