CMPS 122: Computer Security

Computer Science Department
University of California, Santa Cruz

Syllabus

Time: MWF 11 AM–12:10 PM
Location: Porter 144
Instructor: Professor Ethan Miller (elm at ucsc dot edu)
Office & hours: Mon 1:30–2:30 PM, Wed 3:00–4:00 PM in Baskin 229
TA: Sung Kim (hunkim at soe dot ucsc.edu)
TA office & hours: Tue 3:00–4:00 PM, Thu 4:00–5:00 PM in Baskin 354I
Prerequisites:
Required text: Cryptography and Network Security: Principles and Practice, 3/e, Stallings
Optional texts: Secrets and Lies, Schneier
Applied Cryptography: 2/e, Schneier
Home page: http://www.soe.ucsc.edu/classes/cmps122/Spring04/

Course objectives

The goal for students in this course is to learn the fundamentals of computer security, including

Where possible and appropriate, we will use examples from Linux and other modern operating systems as well as current events to illustrate concepts covered in class.

Prerequisites

The formal prerequisite for this class is CMPS 111. Students should also be familiar with basic probability and statistics, and knowledge of network protocols, though not required, is also helpful. In addition to the class prerequisites, each students must have his/her own CATS account. Because assignments will be turned in on the CATS system, you must have your own CATS account by the end of the first week of classes. You may not borrow a roommate's / friend's / co-worker's / spouse's account. Doing so is a violation of the CATS user policy, and will be reported.

Texts

The required text is Cryptography and Network Security: Principles and Practice: 3/e. If you want much more on the theory behind cryptography, please consider Applied Cryptography, Bruce Schneier's classic on cryptography. I also recommend that you read Secrets and Lies, a mostly non-technical book, because it provides an excellent overview of many of the issues in computer security that we will explore in more depth in class.

Web pages

Most of the information for the class will be distributed via the Internet. The class home page is at http://www.soe.ucsc.edu/classes/cmps122/Spring04/, and is the starting point for lots of information about the class including assignments and announcements. Access to some of the class web pages, particularly those containing solutions, may require a password that will be distributed in class. Redistributing these pages will constitute cheating and will be treated accordingly. Pages not password-protected may be redistributed, though I ask that you distribute a URL rather than the page itself so that others will get the most recent pages.

Homework

Assignments will be posted on the web, and will be accessible from any domain on the Internet. It is likely that some assignments will be posted before they are officially assigned; however, you should not assume that an assignment on the web is in final form until the date it is assigned. In other words, assignments are subject to change before the date that they are officially assigned. Due dates for all assignments will be listed on the class schedule, as well as on the assignment itself.

There will be 4–6 homework assignments, one every week or two, assigned over the course of the quarter. The assignments may require some programming, which may be done in any language you want. Homeworks will be graded. Homeworks are due on the date listed on the assignment, typically at 10:00 AM. Homework must be turned electronically using the submit system on unix.ic. Late homework will not be accepted. Graded homework will be returned as soon as possible, usually within one week.

Term project

There is a required term project on a topic related to computer security. The project may be a programming project or a survey of papers on a particular area of computer security. There will be checkpoints throughout the quarter to ensure that you are making progress on your project. Checkpoints will not be graded separately.

Getting help

You're strongly encouraged to seek help if you need it. You can do this by going to office hours, reading the course newsgroup, or by email. Office hours are optional, but highly recommended if you're having any difficulty understanding the material, doing the homework assignments, or working on the term project. You're welcome to use the course newsgroup and send email whenever you want, but please arrange any meetings outside of office hours in advance.

The newsgroup for this course is ucsc.class.cmps122. I strongly encourage you to read the newsgroup and post if you have general questions. Asking things like "how does this concept work" or "what does this algorithm do" are fine. Questions such as "what's the answer to Problem #3 for this week's homework?" are not acceptable. Please ask such questions during office hours (preferable) or via email.

Email to the course staff (cmps122-staff@cats.ucsc.edu) will be answered if possible. The best kinds of questions to ask via email are those that require short answers. Questions like "why doesn't my program work?" and "please explain this concept to me" are much more difficult to answer via email, and are best asked and answered in person at office hours. If you have a question that must be answered by a specific person, please send it directly to that person's email address. However, questions that can be answered by anyone should be sent to cmps122-staff@cats.ucsc.edu; sending them to a particular person may mean a delay in getting an answer.

Attendance

Class attendance is mandatory, though attendance won't be taken (except as needed for UCSC administration). Most of the course material, including assignments and lecture notes, will be posted on the class web pages. However, things may get said in class that aren't in the online notes. You're responsible for all material covered in class, whether or not it appeared on the Web site—I suggest you ask either a fellow student, the TA, or the professor to fill in any material you may have missed.

Grades

Your grades will be determined as follows:

You must take both exams and turn in a final project to pass the class. You need not turn in every homework , but homework is graded, and a missing homework counts as a zero (0). If your homework or exam average is below 50%, you will fail the class regardless of your overall average.

Grades will be available online during the quarter. You can use a program on unix.ic to generate the password you need to access your grades. Attempts to subvert this system will be considered computer breakin attempts and be dealt with appropriately.

Academic Honesty: Collaboration vs. Cheating

This is a class on computer security, so ethics are of the utmost importance. Do not attempt to break into computer systems. Do not plagiarize. Do not cheat. Period. If you are caught doing any of these things, there will be very serious consequences.

You are expected to conduct yourself as a person of integrity—you are expected to adhere to the highest standards of academic integrity. This means that plagiarism in any form is completely unacceptable. You are a (soon-to-be) computing professional; I encourage you to consult the code of ethics appropriate to your discipline (the ACM, IEEE, and IEEE Computer Society).

Plagiarism will be assumed, until disproved, on work that is essentially the same as that of other students. This includes identically incorrect, off-the-wall, and highly unusual duplicate answers where the probability of a sheer coincidence is extremely unlikely. All parties to this unacceptable collaboration will receive the same (zero) score. In the case of programs, reordering routines, renaming files, and simply renaming variables does not make two programs different. Remember—a zero score on either exam or on the term project is grounds for failing the course. Those caught cheating will, in addition to a zero score on the assignment or exam, have a letter sent to their department, the School of Engineering, and their college provost and academic preceptor. I reserve the right to take stronger action, such as assigning a class grade of F, should the situation warrant it.

You may discuss homework with your friends, but you are expected to abide by the Gilligan's Island rule—the only thing you may bring to such a discussion is you, and no written notes may be taken away from the meeting. You may discuss concepts covered in class or assigned in the homework, but you may not discuss details of the homework. Looking at, modifying, or copying each other's files or solutions is strictly forbidden. If you are unsure of what is and is not allowed by this policy, please talk to me before doing something that might be considered cheating.

The Gilligan's Island rule states that following any class-related discussion, you must take a break for at least half an hour before doing further class work. Watching something inane like Gilligan's Island (or better fare such as The Simpsons, Futurama, or Animaniacs) on television satisfies this rule. Reading something (inane or otherwise) unrelated to CMPS 122 also qualifies. See me if you'd like some suggestions for non-computer science reading material.

If all of this doesn't convince you of the folly of using others' work, consider the following Foxtrot comic (Bill Amend, September 28, 2002):

Last updated 30 Mar 2004 by Ethan L. Miller (elm at ucsc d0t edu)
Don't follow me!
Protected by wpoison