IS 511: Introduction to Information Security


Syllabus


Textbook
  • Required: Papers!
  • Optional
    • Security Engineering by Ross Anderson, Available on-line.
    • Handbook of Applied Cryptography by Alfred J. Menezes, Paul C. Van Oorschot, Scott A. Vanstone (Editor), CRC Press, ISBN 0849385237, (October 16, 1996) Available on-line at http://www.cacr.math.uwaterloo.ca/hac/

Class Homepage: http://syssec.kaist.ac.kr/~yongdaek/courses/is511

Read this document very carefully, as it defines what is required to perform effectively in this class.

Course Overview:
This is an introductory graduate course on Computer Security. It will cover a broad variety of elementary topics in security, focusing on the scientific principles involved in various security technologies, rather than the specifics of any particular technology. For example, we will discuss firewalls in this course: after this course, you will probably not know which commercial firewall to pick or the exact details of how to configure it; but you will know what a firewall can do (in general) to protect a computer system and what are the inherent limitations of firewalls. The primary emphasis of this course is on preparing students for research in security, and teaching how to apply security principles to research in other CS fields. However, students interested in practicing security will learn important principles that a more applied course might not teach.

Goals and Objectives:
The most important aspect of working and doing research in computer security is learning to "think like an adversary" and I hope you learn a little about how to do that in this course. At the end of the course you should be able to:
  • Use a computer system in a secure manner.
  • Recognize common vulnerabilities in protocols, designs, and programs.
  • Eliminate or minimize the impact of these vulnerabilities.
  • Apply the principal security standards in use today to design and build secure applications.
  • Apply principles, concepts, and tools from security to your own research.

Prerequisites:
The listed prerequisite for this course is an undergraduate course in operating systems. More generally, however, we will expect students to have the skills of someone who has (mostly) completed an undergraduate computer science major. In particular, students should be able to write and debug programs in C and Java by themselves - it is not a proper use of the instructor or TA's time to help get your code running. Students should also feel comfortable understanding and modifying programs written in other languages, such as scripting languages (e.g. PERL, PHP, Python), Unix shells, and SQL.  We expect students to put in time outside of class to master the concepts presented in class; and we expect students to be resourceful: if a topic is mentioned in lecture along with a name, you can probably learn more using, e.g. google.

 Course content : Security Fundamentals, User interface/Psychology, Cryptography, Network Security, OS Security, Software Security, Web Security, Privacy

Evaluation: The following rules will be strictly enforced.

 Evaluation will be based on the followings:

Midterm Exam: 20%
Final Exam: 25%
Homework: 20%
Class Project: 30%
Participation: 5%
Incompletes will in general not be given. These options will be considered only when a provably serious family or personal emergency arises, proof is presented, and the student has already completed all but a small portion of the work.

Scholastic conduct must be acceptable.