ClassInfo

SE 573 Security Architecture II

Corin Pitcher

Office: CDM 835
Spring 2006-2007
Class number: 34810
Section number: 902
Tu 5:45PM - 9:00PM
LEWIS 01510 Loop Campus

Summary

 Topics:

    * Basic protocols and attacks (for asymmetric-key ciphers)
    * Public-key infrastructure (PKI) and digital certificates
    * SSL
    * Role-based access control, Trust Management, and authorization logics
    * Identifying and preventing software vulnerabilities, including: buffer overflows, shellcode, fuzzing, stack cookies, race hazards, metacharacter problems, race conditions, cross-site scripting
    * Establishing trust in a distributed environment: remote attestation



Texts

 Two required textbooks:

    * Understanding PKI: Concepts, Standards, and Deployment Considerations, by Carlisle Adams and Steve Lloyd, second edition, 2002, Addison-Wesley, ISBN: 0672323915
    * The Art of Software Security Assessment, by Mark Dowd, John McDonald, and Justin Schuh, 2007, Addison-Wesley, ISBN: 0-321-44442-6


Grading

 Your final grade will be based on:

    * Homework: 50%
    * Project work: 50%

Homework assignments:

    * In both C/C++ and Java.
    * There may be peer review of your code or designs.
    * Homework assignments must be solved individually unless explicitly stated otherwise. You must not use anyone else's solution, and you must clearly acknowledge any code that you obtain from other sources (such as books, magazines, or the Internet). If you are in any doubt, contact the instructor for advice. For the homework assignments, you may use as much code as you like from the examples discussed in class.
    * You are expected to complete all of the homework assignments by the deadline. Late homework submissions will not be accepted, and all homework assignments will count towards the final grade.
    * Homework assignments must be submitted through the online system. Email submissions will not be accepted.



Prerequisites

 The course prerequisites for SE 573 are:

    * SE 473: Security Architecture I

In particular, you should be familiar with:

    * The use of symmetric-key ciphers and cryptographic hashing algorithms.
    * Strong (challenge-response) authentication.
    * Discretionary access control.
    * The RSA encryption algorithm.
    * Using sockets in Java.
    * Using pointers in either C or C++.

If you are not sure that you have satisfied the prerequisites, speak to the instructor before the second lecture. 


School policies:

Changes to Syllabus

This syllabus is subject to change as necessary during the quarter. If a change occurs, it will be thoroughly addressed during class, posted under Announcements in D2L and sent via email.

Online Course Evaluations

Evaluations are a way for students to provide valuable feedback regarding their instructor and the course. Detailed feedback will enable the instructor to continuously tailor teaching methods and course content to meet the learning goals of the course and the academic needs of the students. They are a requirement of the course and are key to continue to provide you with the highest quality of teaching. The evaluations are anonymous; the instructor and administration do not track who entered what responses. A program is used to check if the student completed the evaluations, but the evaluation is completely separate from the student’s identity. Since 100% participation is our goal, students are sent periodic reminders over three weeks. Students do not receive reminders once they complete the evaluation. Students complete the evaluation online in CampusConnect.

Academic Integrity and Plagiarism

This course will be subject to the university's academic integrity policy. More information can be found at http://academicintegrity.depaul.edu/ If you have any questions be sure to consult with your professor.

All students are expected to abide by the University's Academic Integrity Policy which prohibits cheating and other misconduct in student coursework. Publicly sharing or posting online any prior or current materials from this course (including exam questions or answers), is considered to be providing unauthorized assistance prohibited by the policy. Both students who share/post and students who access or use such materials are considered to be cheating under the Policy and will be subject to sanctions for violations of Academic Integrity.

Academic Policies

All students are required to manage their class schedules each term in accordance with the deadlines for enrolling and withdrawing as indicated in the University Academic Calendar. Information on enrollment, withdrawal, grading and incompletes can be found at http://www.cdm.depaul.edu/Current%20Students/Pages/PoliciesandProcedures.aspx.

Students with Disabilities

Students who feel they may need an accommodation based on the impact of a disability should contact the instructor privately to discuss their specific needs. All discussions will remain confidential.
To ensure that you receive the most appropriate accommodation based on your needs, contact the instructor as early as possible in the quarter (preferably within the first week of class), and make sure that you have contacted the Center for Students with Disabilities (CSD) at:
Lewis Center 1420, 25 East Jackson Blvd.
Phone number: (312)362-8002
Fax: (312)362-6544
TTY: (773)325.7296