CSSE 340 - Foundations of Cybersecurity Winter Quarter 2023-2024 Rose-Hulman Institute of Technology Instructor: Sid Stamm Office Address: Moench D207 E-mail: stammsl@rose-hulman.edu Web: http://www.rose-hulman.edu/class/csse/csse340/ Textbook: Foundations of Security (Daswani, Kern & Kesavan) -------------------------------------------------------------------------------- Course Description: This course introduces ethical, theoretical, and practical issues of information security in interconnected systems of computers. Implications of relevant professional codes of ethics are a recurring theme of the course, as are societal and human impacts on computer system security. Foundational topics include access control matrices and standard system models, as well as policies for security, confidentiality, and integrity. Implementation issues include key management, cipher techniques, authentication, principles of secure design, representation of identity, access control mechanisms, information flow, life cycle issues, and formal evaluation and certification techniques. Additional topics include malicious logic, vulnerability analysis, and auditing. Computer system attack techniques are discussed and explored in a closed environment to motivate and inform discussion and exploration of computer network defense techniques. Students who successfully complete this course will be able to: 1. Given a set of threats, identify or design a security policy and mechanism in terms of confidentiality, integrity, and availability that will counter the threats. 2. Given a description of a system, identify and quantify threats including disclosure, deception, disruption, and usurpation. 3. Explain principles that guide the design of secure software. 4. Discuss current events, practices, vulnerability reports, and tools relevant to computer security. 5. Analyze and explain the effect malicious software could have on software or a computing system. 6. Explain the roles of cost-benefit analysis, risk analysis, laws and customs, organizational issues, and personnel issues in choosing appropriate security policies and mechanisms. Course Prerequisites: CSSE132 - Introduction to Systems Programming CSSE280 - Introduction to Web Programming Course Requirements: To earn a passing grade, you must complete homework, in-class quizzes, two in-class exams, in-class labs, participate in Class activities, and complete a small-group research project including presentation. Grading: In estimating your grade, weight the work as follows: 20% Homework and Quizzes 30% In-class exams 20% Labs 20% Group Project 10% Discussion/Participation In general, 90-100% is an A, 80-89% is a B, 70-79% is a C, 60-69% is a D. The above weights and percentages are a guideline that we typically follow. Please understand that it is not a promise. We will do our best to conform to the institute-wide grading policy described in the Grade Descriptions section of the registrar's web page. https://www.rose-hulman.edu/campus-life/student-services/registrar/rules-and-procedures/grades.html Attendance/Engagement Policy Regular PHYSICAL attendance in class meetings is expected. When necessary, the completion of all recorded lessons is also expected. Good Citizenship In this class you may learn things to protect but also to exploit flaws systems for educational purposes. You are expected to act ethically and only use these skills on systems when authorized by the owners of those systems. This course in no way protects or exempts you from following policies and laws. Don't be a jerk or a criminal. If at any time you are uncertain if something is allowed: stop, think, and ask. Academic Integrity Collaboration is required on certain graded events (team presentations), prohibited on others (individual quizzes, homework and exams), and encouraged on the remainder. Copying is not collaboration. Working out a solution as a group is acceptable collaboration. Each individual is responsible for understanding the entire solution. For homework, this means that once a group solution has been achieved, each collaborator must rework the problem and write up the solution independently. You must properly credit your collaborators and clearly indicate the extent of the collaboration, except where it is obvious (e.g. team quizzes in which all team members participated roughly equally). Failure to acknowledge collaboration can be considered cheating. You are welcome to talk to the instructor if you have any questions regarding our expectations. Late Assignments Homework and quizzes must be submitted on time to receive credit for them. Concerns about anything? Got a problem and can't get your assigments done on time? Come talk to me and we'll work something out!