CS 325 SyllabusAdvanced Topics in SecuritySpring 2011CIS DepartmentSaint Vincent CollegeGeneral Information
DescriptionThis course concentrates on the following advanced topics in computer and network security: secure coding, computer forensics, malware analysis, and penetration testing. Several other general topics in computer security will be covered in the text and discussed so as to round out the coverage. Students will be asked to be more independent in this class than in CS 225, and will have to figure out on their own how to make certain software, exploits, etc. to work. There will be more class presentations and other occasions to actively participate. There will be less lecturing. Some of the projects will be of your own design. Students will also have the opportunity to determine, in part, what activities they will do to fulfill the course requirements. Why Take This Course?This course is an elective for most CIS majors (but required for those in the computer security concentration) and a possible course for CIS minors and others interested in this topic. At a time when attacks are increasing in sophistication, the study of computer security is of considerable importance. Computer security professionals are also in demand, both by the government and industry, as there are too few such professionals to go around. This course is also more open-ended than most CIS courses and allows students (within reason) to investigate particular aspects of the topics at hand that are of interest to them. The PrerequisitesCS 111 is listed as a prerequisite since some programming background is needed to understand secure coding techniques. CS 225 is not an essential prerequisite, but it would make this course easier to have had CS 225 first. The TextThe text was chosen mostly to provide a broad background in computer security. This is useful for everyone, but especially for those who have not had CS 225. (The sections on basic networking, for example, are a good resource for those who don't yet know this area.) The text does provide some material on this course's areas of concentration. In particular, there are chapters on secure software development and computer forensics. The book will be supplemented with the more specialized reference books listed at the top of this syllabus, as well as by the use of other materials supplied by both the instructor and the students. Core GoalsThis course contributes especially toward the following core curriculum goals, listed in order of emphasis:
CIS Department GoalsThis course contributes to the following departmental goals, listed in order of emphasis.
Course Goals and Means of Assessment
EthicsIn taking this course, the student agrees to use the tools appropriately. In particular, the student promises to only use attack tools against the systems explicitly labeled as targets in the course labs. No attacks of any type are to be launched against other systems or networks, unless clear permission has been obtained from the administrators of those systems and networks. Many of these tools can be dangerous or cause alarm if used inappropriately. In this course, all activity that is worrisome will be conducted on a test LAN that is isolated from all other networks. Students who want to test their own computers for security flaws should exercise similar caution. Students who fail to follow this promise risk disciplinary action by the college, law enforcement, etc. Any apparent breaches of this ethics promise will be reported to the administration for appropriate action. See the CIS Department Policies page for general guidelines on computer ethics. Grading and Course Policies
Each lab will require you to turn in a lab report of some type. Most or all of the labs will use the small test LAN in Br. David's office. Students will have to sign up for times to use this test LAN. Presentations (10 minute or 30 minute) must be accompanied by a well-written outline to be handed out to the class. Quiz and test answers are expected to be written using good English. These items will be graded not just on the correctness of the answers, but also on the clarity of the presentation. This is intended to help the student to develop good written communications skills. Letter grades will be assigned according to the scheme found in the current College Bulletin. Exams will be announced in advance and will be closed-book in nature. Quizzes could be given at any time. Calculators may be used on the exams and quizzes. Cell phones and pagers should be turned off and put away during exams. On a test, students may only use the test itself, calculators, pens, pencils, and erasers. Calculators may not be passed between students. No laptops or other computers may be used on an exam or quiz.
Tests and quizzes will ask critical thinking questions that often require a paragraph of analysis, explanation, and conclusions. A few multiple choice, true/false, and other short answer questions may also be included. Labs involve a lot of hands-on activity to try out a certain security situation, investigate what occurs, gather data, etc. Besides reporting the raw data, students will usually be required to write several paragraphs of explanation and conclusions based on that data. Both the instructor and students are expected to do their best to produce a good class and to treat each other with respect. This includes many factors, such as listening when someone else is speaking, trying to understand what others are saying, being of assistance to others, etc. It definitely does NOT include making fun of others. On a practical level, do your best to improve your grade: read the text, attend class, do the labs and projects, ask questions, and try to answer questions. CS courses requires active participation and repeated practice. If you begin to feel lost, see the instructor or work through the difficulties with the help of another student in the course. Do not let yourself get behind. Note in particular that attendance is expected. Student performance is bound to deteriorate when classes are missed. In order to emphasize the importance of attendance, the policies outlined right after this paragraph will be used.
Intellectual honesty is important at Saint Vincent College. Attempts to pass off the work of another as one's own, or group work as one's individual work, will result in action appropriate to the seriousness of the situation. All cases of apparent intellectual dishonesty are referred to the college administration. In this course, students are expected especially to do entirely their own work on the exams and quizzes. Projects and labs can be done together in groups of two if desired. Note that one group should not be using the results created by another group. Some students learn better when working mostly alone. Others do better when working together. However, never simply copy someone else's work as that does little to help you to learn the material. Remember that you are responsible for knowing how to solve the course's security problems and that you will have to face the test questions on your own. Be sure to read and follow the CIS Department Policies, available under the main CIS Department Web Page. This statement covers especially the proper use of departmental computing facilities, policies concerning web pages, etc.) In addition, read the Regulations section of the College Bulletin (which covers such things as grading, academic honesty, etc.) and the Student Handbook (which covers academic honesty, classroom etiquette, etc.). Students with disabilities who may be eligible for academic accommodations and support services should please contact the Associate Dean of Studies, Mrs. Sandy Quinlivan, by phone (724-805-2371), email (sandy.quinlivan@email.stvincent.edu) or by appointment (Academic Affairs-Headmaster Hall). Reasonable accommodations do not alter the essential elements of any course, program or activity. If the instructor needs to cancel class, every effort will be made to send an email message to students' Saint Vincent email accounts and to post the class cancellation on the college website as well as the course webpage. |