EECS710: Information Security and Assurance - Fall 2014
Thursday, 6:10-9:00 PM, 153 Regnier Hall (Course Number: 29810)
Course Web Site:
people.eecs.ku.edu/~saiedian/Teaching
Prerequisites and Expected Audience. This course is intended for graduate and senior students in IT, computer science or computer engineering programs as well as for IT professionals with appropriate professional experience.
Professor Hossein Saiedian
Offices: BEST 250 and Nichols 155
Telephone 785-864-8812
E-Mail: saiedian@eecs.ku.edu
WWW:
people.eecs.ku.edu/~saiedian
Office Hours: Wednesdays and Thursdays, 1:00-4:00 PM (and by appointment)
We will explore and survey important issues related to the provision of information and computer security and will provide an overview of the security problems, fundamental principles, and the technical aspects of computer security as it relates to operating systems, databases, and computer networks. As usual, students are expected to conduct some independent study as described under the "special projects."
Catalog Course Description. Critical information assets, information security, operating systems security, database security, network security, e-commerce security, security risks, encryption and cryptography, security management, security models.
Course topics: Computer Security Concepts (Threats, Attacks, and Assets); Fundamental Security Design Principles; Attack Surfaces and Attack Trees; Cryptography; User Authentication; Access Control Principles; Database and Cloud Security; SQL Injection Attacks; Malicious Software; Denial-of-Service Attacks; Intrusion Detection; Firewalls and Intrusion Prevention Systems; Software Security; Operating System Security; Trusted Computing and Multilevel Security; IT Security Management and Risk Assessment; Internet Authentication Applications
William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 3rd edn, Prentice-Hall, 2015.
Matt Bishop, Introduction to Computer Security, Addison Wesley, 2005 (optional).
Please visit the textbooks' websites for updates and errata.
The order of chapter coverage may be different from the textbook. In addition to the materials from the main textbook, students are responsible for lecture notes, reading assignments, as well as items distributed during the classroom sessions. Important reading materials as well as lecture slides will be placed on the class website.
Students will be evaluated as follows:
Quizzes and Exams: | 60% | |
Assignments: | 20% | |
Special Project: | 20% |
A = | 90%..100% |
B = | 80%..89% |
C = | 70%..79% |
D = | 60%..69% |
The "special project" provides an opportunity for each student to become expert in an area related to the topic of the course. It can include a term paper or a thorough, workshop-like, 120 minute presentation that covers a related topic in-depth. A special project topic will have to be approved.
Those interested in a presentation should have experience in long, lively, and engaging presentations and should begin their preparation immediately. Carefully follow the Guidelines for Making a Presentation. A proposal (workshop topic, justification, list of resources, and the tentative date for the presentation) should be submitted by the third week of the semester.
Those who would like to do a term paper may choose an applied research topic, e.g., an evaluation or comparison of certain methodologies for a real case study (or a reconstruction of a case study reported in literature). Another option is to make an objective evaluation of several research projects tackling the same problem. Other ideas are welcome. Guidelines for Writing a Term Paper have to be strictly followed. The paper decision and the tentative topic should be made by the third week of the semester.
Those interested in weekly paper reading: you'll need to read 10 articles and prepare a two-page summary. The papers you choose should be primarily from the recent issues of the following three journals: Communications of the ACM, IEEE Security and Privacy, and IEEE Computer . The list of the papers should be provided by the third week of the semester.
The following is the weekly semester schedule of lecture topics and all related curricular activities. Some referenced documents may be password-protected. The password will be publicized in class.
Thursday August 28
Thursday September 4
Thursday September 11
Thursday September 18
Thursday September 25
Thursday October 2
Thursday October 9
Thursday October 16
Thursday October 23
Thursday October 30
Thursday November 6
Thursday November 13
Thursday November 20
Thursday November 27: No class (Thanksgiving break)
Thursday December 4
Thursday December 11
Thursday December 18
Attendance is important and required. If a student misses a class session, he or she will be entirely responsible for learning the materials missed without the benefit of a private lecture on the instructor's part. Furthermore, the student will be responsible for finding out what assignments may have been given and when they are due.
We will have both instructor and students' presentations. Students are expected to read assigned articles from the textbook or the reading list. Students are expected to actively participate in classroom discussions, make presentations, and regularly make contributions such as offering comments, asking interesting questions, and responding with good answers.
The textbook is an excellent survey and tutorial resource. Most up-to-date topics on information and computer security can be found in technical journals and recent conference proceedings. Students should develop a habit of regularly browsing such journals as IEEE Software, IEEE Computer, and Communications of the ACM.
E-mail communication is fast, flexible, and effective. You are expected to have an @ku.edu email account and regularly check it. Important classroom notes will be communicated via email.
Do not send email in HTML format; it will not be processed. Unless you are specifically asked to send a document (in PDF format), send text-only emails in text-only format. See the Guidelines for Submitting Electronic Documents.
A number of networking, computer, and information security video discs (mostly from the DoD and NIST) have been obtained to show in the classroom (but only if time allows). Students are expected to take notes during each video presentation.
Students are expected to conduct themselves very professionally, engage in informative discussion, and avoid anything that could cause a distraction either for other students or for the instructor.
Attendance Policy. Attendance is important and required. If a student misses a class session, he or she will be entirely responsible for learning the materials missed without the benefit of a private lecture on the instructor's part. Furthermore, the student will be responsible for finding out what assignments may have been given and when they are due. Exceptions will be made for family emergencies, religious observance, and illnesses.
Cell Phone Policy. Cell phones should be turned off before coming to the classroom.
Laptop Policy. It is OK to use laptops, tablets or similar devices for taking notes but turn off audio and avoid any possible uses (e.g., Web surfing or social media visits) that could cause distraction for others.
Academic Integrity/Dishonesty Policy. The definitions and consequences of institutional academic integrity policies will used. Academic dishonesty "includes giving or receiving of unauthorized aid on examinations or in the preparation of assignments or reports, knowingly misrepresenting the source of any academic work, falsification of research results, and plagiarizing of another's work."
Please take the KU Academic Integrity Quiz.Incomplete Grade Policy. "Incomplete (I) grades are used to note, temporarily, that students have been unable to complete a portion of the required course work during that semester due to circumstances beyond their control. Incomplete work must be completed and assigned an A-F or S/U grade within the time period prescribed by the course instructor. After one calendar year from the original grade due date, an Incomplete (I) grade will automatically convert to a grade of F or U, or the lapsed grade assigned by the course instructor."
Attendance. Attendance is important and
required. Throughout the semester, attendance may randomly be
taken; each three absences (in classroom or lab) will result
in a letter-grade drop (will show when the final grade is
posted). Furthermore, if a student misses a class session,
he or she will be entirely responsible for learning the
materials missed without the benefit of a private lecture
on the instructor's part. Furthermore, the student will be
responsible for finding out what assignments may have been
given and when they are due, any updates to the term project,
schedule or the course syllabus.
Late-work, makeup policy. No late work will be
accepted. No makeup option (for a lab, quiz, or exam) will be
provided.
Exceptions will be made for
.
Verification (documentation) of an excusable absence will be required.
An excusable absence requests must be submitted in
advance and approved by the instructor, unless it is an
emergency. Verification documents must be attached to the
request.
Make-up quizzes and exams for excused absences will have to
be completed before the following session when the quiz/exam
key becomes public.
Technical problems. If you experience technical problems
with your EECS account or the EECS servers or the lab
equipment, please submit a support request help at:
https://tsc.ku.edu/request-support-engineering-tsc.
Inside classroom policy.
Students are expected to come to the class on time, be
attentive and engaged, conduct themselves professionally, and
avoid anything that could cause a distraction or detrimental
either for other students learning or for the instructor's
presentations. Profanity and swearing is not allowed.
Students are expected to actively participate in all classroom
presentations and discussions, ask questions, and regularly
make contributions such as offering comments, responding with
good answers, and providing feedback.
Canvas announcements.
Announcements is a Canvas tool to post important
information and updates to all members of a course. It is your
responsibility to regularly check your Canvas account for such
announcements (students may also receive an email notification
when a new announcement is posted).
Email communications
E-mail communication is fast, flexible, and effective. You have an
@ku.edu email account and you are expected to regularly check
it. Important information will also be communicated via email.
You are a student registered in a course offered by
the School of Engineering at the University of Kansas, a top regional
and a nationally ranked institution. Your communications, especially
written communications (composition, grammar, spelling, punctuation,
etc), must reflect that status.
Please follow these email guidelines and etiquettes.
Send text-only emails in text-only format. All classroom
assignments, labs, or projects should be typeset and submitted
on Canvas.
Other documents (e.g., documents for an excusable
absence) shoud be emailed in PDF or a well-known image format (e.g.,
JPG or PNG). See the Guidelines for submitting electronic documents.
Grade and absence clarification or correction.
If you believe your grades on an assignment, lab, quiz, or
exam are incorrect, you should formally submit a grade appeal
via email to the instructor within one week of receiving the
graded work. Similarly, if you have an excusable absence, and
you did not provide documentation prior to the absence, submit
relevant documentation within one week of the absence. Failure
to address concerns within these timeframes will result in
the decision becoming final. This timeline ensures timely
resolution and fairness for all parties involved.
Late exam-taking policy. If a
student will have to take an exam or a quiz at a later time
(due to an excused and verified absence), he or she
will be asked to make the following statement:
I understand that I have been granted the opportunity to take
this exam or quiz on [date of rescheduled exam] due to an excused
absence from the original exam on [date of original exam]. In
making this arrangement, I affirm that I did not and will
not, by any means (in writing, speaking, or through digital
communications), obtain any information about the exam content
or details from anyone who has taken it at the original time. I
understand that violating this pledge may result in disciplinary
action, including receiving a failing grade on the exam.
Cell phone policy. Cell phones
should be turned off before coming to the classroom.
Cell phone use for the purposes of texting, email
or other social media should be avoided. Earphones
for music are OK during lab work or individualized
problem solving, as long as the volume allows you to
hear announcements. Also cell phone or other cameras
may be used to photograph projects and the whiteboard
but avoid shots that include the presenter or other students. Laptop/electronic device policy. The use of laptops,
tablets or similar devices is common for taking notes
but turn off audio and avoid any possible uses
that could cause distraction for others
(e.g., Web surfing or social media visits).
Incomplete grade policy. "Incomplete
(I) grades are used to note, temporarily, that students
have been unable to complete a portion of the required
course work during that semester due to circumstances
beyond their control. Incomplete work must be completed
and assigned an A-F or S/U grade within the time
period prescribed by the course instructor. After
one calendar year from the original grade due date,
an Incomplete (I) grade will automatically convert
to a grade of F or U, or the lapsed grade assigned by
the course instructor." Accommodations for students with disabilities.
The University of Kansas is committed to providing
equal opportunity for participation in all programs,
services and activities. Requests for special
accommodations may be made thru the
KU Student Access Services.
KU's diversity policy statement. As a
premier international research university, the University of
Kansas is committed to an open, diverse and inclusive learning
and working environment that nurtures the growth and development
of all. KU holds steadfast in the belief that an array of
values, interests, experiences, and intellectual and cultural
viewpoints enrich learning and our workplace. The promotion
of and support for a diverse and inclusive community of mutual
respect require the engagement of the entire university.
The University of Kansas prohibits discrimination on the
basis of race, color, ethnicity, religion, sex, national
origin, age, ancestry, disability, status as a veteran,
sexual orientation, marital status, parental status, gender
identity, gender expression, and genetic information in the
University's programs and activities. Retaliation is also
prohibited by University policy. If you have questions about
filing a report of discrimination, contact the Office of Civil
Rights and Title IX at civilrights@ku.edu.
KU's sexual harassment policy.
The University of Kansas prohibits sexual harassment and is
committed to preventing, correcting, and disciplining incidents
of unlawful harassment, including sexual harassment and sexual
assault. Sexual harassment, sexual violence, and a hostile
environment because of sex are forms of sex discrimination and
should be reported. (“Sexual Harassment” means behavior,
including physical contact, advances, and comments in person,
through an intermediary, and/or via phone, text message, email,
social media, or other electronic medium, that is unwelcome;
based on sex or gender stereotypes; and is so severe, pervasive
and objectively offensive that it has the purpose or effect
of substantially interfering with a person’s academic
performance, employment or equal opportunity to participate
in or benefit from University programs or activities or by
creating an intimidating, hostile or offensive working or
educational environment.)
Under Title IX of the Education Amendments of 1972, harassment
based on sex, including sexual assault, stalking, domestic
and dating violence, and harassment or discrimination based
on the individual’s sexual orientation, gender identity,
gender expression, and pregnancy or related conditions, is
prohibited. If a student would like to file a complaint for
Title IX discrimination or has any questions, please contact
KU’s Title IX Coordinator (Lauren Jones McKown, Associate
Vice Chancellor for Civil Rights and Title IX, Dole Human
Development Center, 1000 Sunnyside Ave, Suite 1082, Lawrence,
KS 66045, civilrights@ku.edu, 785.864.6414).
Mandatory reporter statement.
The University of Kansas has decided that all employees, with
few exceptions, are responsible employees or mandatory reporters
who must report incidents of discrimination, harassment, and
sexual violence that they learn of in their employment at KU
to the Office of Civil Rights and Title IX. This includes
faculty members. As such, if you share information about
discrimination, harassment, or sexual violence with me, I
will have to relay that information to the Office of Civil
Rights and Title IX. I truly value your trust in me to share
that information and I want to be upfront about my requirement
as a mandatory reporter. If you are interested in contacting
KU’s confidential resources (those who do not have to make
disclosures to OCRTIX), there are: the Care Coordinator,
Melissa Foree; CAPS therapists; Watkins Health Care Providers;
and the Ombuds Office.
Commercial note-taking ventures.
Pursuant to the University of Kansas’ Policy
on Commercial Note-Taking Ventures, commercial
note-taking is not permitted in this course. Lecture
notes and course materials may be taken for personal
use, for the purpose of mastering the course material,
and may not be sold to any person or entity in any
form. Any student engaged in or contributing to the
commercial exchange of notes or course materials
will be subject to discipline, including academic
misconduct charges, in accordance with University
policy. Please note: note-taking provided by a
student volunteer for a student with a disability,
as a reasonable accommodation under the ADA, is not
the same as commercial note-taking and is not covered
under this policy.
In fact, we often have students needing help with note taking (including
this very course). If you are able to take well-organized and detailed
notes, have legible handwriting, and regularly attend the class, your
help will be greatly appreciated and will be recognized with a a KU
certificate. Please visit with me.
Concealed handguns.
Individuals who choose to carry concealed handguns are solely responsible to do
so in a safe and secure manner in strict conformity with state and federal laws
and KU weapons policy. Safety measures outlined in the KU weapons policy
specify that a concealed handgun:
Suggested readings
Textbooks are excellent survey and tutorial resources. Most
up-to-date topics on topics discussed in class can be found in
technical journals and recent conference proceedings. Students
should develop a habit of regularly browsing
IEEE Software,
IEEE Computer,
Communications of the ACM,
IEEE Security & Privacy,
IEEE Network,
IEEE IT Professional,
IEEE Cloud Computing,
and similar magazines.
Common policies
Professor Hossein Saiedian
Electrical Engineering & Computer Science
Eaton Hall 3012
University of Kansas
1520 W 15th St
Lawrence, KS 66045-7621
+1 785 864-8812
saiedian at eecs.ku.edu