CS 433/533         Computer & Network Security

Course Description

As both a science and an art, computer and network security has become one of those must-learn disciplines. This course will be comprehensive, covering both fundamental security topics and practical solutions. Yet, it is designed to be manageable for effective learning. Twenty lectures over ten weeks are designed for this class. Here are sample topics (each with a sample question):

• Elementary cryptography (what is the difference between classic cryptography and public-key cryptography?)
• Program security (why virus/worm/Trojan horses are rampant on computer and networks?)
• Protection in general-purpose operating systems (what is access control of memory/address/file/user account?)
• Designing trusted operating systems (can virtualization or layered design help secure an OS?)
• Security in networks (can a firewall deal with all network security threats?)
• Privacy (Is your email or web visits protected with good privacy?)
• Administering security (how to conduct risk analysis and design your security policies?)
• Legal and ethical issues in computer security (now that we catch an attacker, so what?)

Instructor

Jun Li, lijun@cs.uoregon.edu

Lectures and Labs

Prerequisites

• CS 415 - Operating Systems

Textbooks and Readings

• (Required)Security in Computing, 6th edition, by Charles P. Pfleeger, Shari Lawrence Pfleeger and Lizzie Coles-Kemp. ISBN-10: 0137891210.

Major Topics

• Syllabus and introduction: 1 lecture
• Authentication and access control: 1 lecture
• Elementary cryptography and use of encryption: 2 lectures
• Program security: 2 lectures
• Operating systems security: 2 lectures
• Network security: 4 lectures
• Cloud security: 1 lecture
• Incidents, risk, legal issues and ethics: 1 lecture
• Privacy: 1 lecture
• Emerging topics: 1 lecture

Expected Learning Outcomes

Upon successful completion of the course, students will be able to:

• Understand basic concepts of cryptography, including classic and public key cryptography and use of encryption;
• Understand fundamental concepts and issues with program security, including buffer overflow, computer viruses, and countermeasures against program threats;
• Become familiar with security methods of ordinary operating systems (OS) and concepts and methods for trusted OS;
• Become aware of threats in networks and become familiar with common methods in securing networks and communications, including firewalls and security protocols;
• Understand basic concepts with cloud computing security;
• Grasp essential concepts with security administration, legal and ethical security issues, and privacy; and
• Developed experience in working on a term-long class project, including skills ranging from identifying a topic, developing a plan, and executing the plan. CS 433 students will also accumulate team work experience.

Acquired Skills

Upon successful completion of the course, students will have acquired the following skills:

• Identifying an interesting security project topic and developing a plan for carrying out the project;
• Exercising a systematic approach to a security problem;
• Improved skills in programming and data analysis; and
• Improved team work and presentation skills.

Course Requirements and Grading

Grading will be based on the following criteria:

Every student is required to form a team of 2 or 3 students to work on a class project.

Grading Scale