CSE409/509: (Intro to) System Security (Fall 2012)

Course description: In this course we plan on having fun by studying computer security from a systems point of view. The course is composed of two parts: in the first part we do a bit of applied crypto and network security. In the second part we do more or less of the following: "Principles and practice of computer system security: Operating system security, Authentication and access control, Capabilities, Information flow, Program security, Database security, Cryptographic key management, Auditing, Assurance, Vulnerability analysis and intrusion detection." Course objectives are found here.

Likely to be included in the first part (not necessarily in this order): a bit of crypto (hash functions, single-key crypto, public key crypto, signatures, IND-CPA/CCA), protocols (key exchange, secret sharing/splitting, all kinds of signatures, mental poker, interactive zero knowledge proofs, oblivious transfer, certified mail, secure elections, SMC, digital cash)

We are not using any specific textbook. However, as a reference please feel free to look at any of the following:
Times: 10:00-11:20 TUTH
Place: CSE 2120
Office Hours: 11:30-12:30 THU (CSE 1210) or by email appointment
Contact Info: cse509instructor @ cs (course-related questions are only answered through this account)
TA: Mirza Basim Baig (cse509ta@gmail.com) (project related questions go here)
TA Office Hours: WED 3-4pm (CSE 1210)
Mailing List: cse509@ cs

Evaluation and Schedule (this is orientative and these are subject to change): optional homeworks, quizzes, 2 projects, a midterm and a final. Grading criteria (subject to potentially significant changes): midterm (30%), final (40%), projects (25%) activity and quizzes (5%). I expect you to mostly come to class.

Note on undergraduate section: The undergraduate section follows the same material but will be given a different project, and will also be graded separately.

Important note on projects: Unless specified otherwise, projects are to be done in groups of 3 (very few exceptions for good reasons can be made). It is your responsibility to schedule a time-slot to show the project to the TA. Before the deadline, you are entitled to a no more than 15 minutes demo slot per project in which you have to show your working project. To encourage you to work on the projects early on and make good progress, any working project submitted before deadline is adding to your grade a number of percentage points (up to a max of 10% per project) proportional to the number of remaining weeks from the submission time to the actual deadline (bonus is computed as min(10,[deadline-today]/7) -- it can be fractional).

Approximate summary of lectures:

Policy on seeing graded Exams/Homeworks: You can request to see a graded exam/homework only up to two weeks after it was graded. You should not come for re-grades at the end of the semester for homeworks graded in the beginning of the semester.

Policy on Missing Exams or Homeworks: Missing an exam/homework/project implies a grade of zero in that exam/homework/project, unless there is a properly documented reason (e.g., medical with documentation). Examples of non-valid reasons include oversleeping, forgetting, discretionary travel (travel whose timing is under your control, such as an interview trip), and a host of others. Such policy precedents are difficult for an instructor to deviate from without running the risk of being accused of "treating people unequally" ... etc, so I hope none of you will put me in that situation.

Note: If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, please contact the staff in the Disabled Student Services office (DSS), Room 133, Humanities, 632-6748v/TDD. DSS will review your concerns and determine with you what accommodations are necessary and appropriate. All information and documentation of disability are confidential.

 (C) 2012. All Rights Reserved.