Overview

This course provides an introduction to computer and network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography, cryptanalysis, and systems security, and continues by covering a number of seminal papers and monographs in a wide range of security areas.

Topics covered include network security, authentication, security protocol design and analysis, security modeling, trusted computing, key management, program safety, intrusion detection, DDOS detection and mitigation, architecture/operating systems security, security policy, group systems, biometrics, web security, and other emerging topics.

Most of the course readings will come from seminal papers in the field. Links to these papers will be provided on the course pages. In addition, the following book will be used for readings and as reference material.

• Kaufman, C., Perlman, R. and Speciner, M., Network Security: Private Communication in a Public World, 2nd edition, Prentice Hall 2002.

A detailed list of lectures, readings, assignments, due dates (subject to change as the semester evolves) is available on the course schedule.

Grading

Students will be evaluated based on the following breakdown:

• 25% Course Research Project
• 20% Midterm
• 25% Final
• 20% Assignments
• 10% Class Participation

Exam

The course will include one evening midterm and one final exam. Students will be responsible for material covered both in the readings AND lectures. Attendance is therefore recommended as not all class discussions will be covered in the text.

Assignments

The instructor will assign homework assignments on a periodic basis for topics associated with the class assignments. These homeworks require the students to write, program, or perform other basic research. The content and due dates of these assignments will be decided over the course of the semester. If you cannot attend a lecture, contact other students to see if any assignments have been made and consult the syllabus.

Quizzes may given at the beginning of class and will cover topics from the preceding lecture and readings. It is strongly suggested that students do the reading prior class, as a good percentage of their grade will depend on them. Quizzes missed because of absences can not be made up unless arrangements are made with the instructor prior to the course meeting.

Course Project

The course project requires that students execute research in network security. The result of the project will be a poster presentation. Project topics will be discussed in class after the introductory material is completed. Be realistic about what can be accomplished in a single semester. However, the work should reflect real thought and effort - projects executed in the closing days of the semester are unlikely to be well received. The grade will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort.

Project teams may include groups of up to three students; however, groups of greater size will be expected to make greater progress. I will advise each team/individual independently as needed. The project grade will be a combination of grades received for a number of milestone artifacts and the final project poster. Details of the milestones and content will be given in class with the other project details.

Class Participation

To do well in this course, students must take active and regular roles in discussion and demonstrate comprehension of the reading and lecture themes. Students are required to do the assigned reading before class. This will be closely monitored by Professor Traynor, thereby making a student's ability to demonstrate their comprehension of papers essential to a receiving a passing grade.

Lateness Policy

Assignments and project milestones are assessed a 15% per-day late penalty, with a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

Academic Integrity Policy

Students are required to follow the university guidelines on academic conduct at all times. Students failing to meet these standards will be reported to the Office of Student Integrity, which can result in the student receiving an 'F' for the semester. Note that students are explicitly forbidden from copying anything off of the Internet (e.g., source code, text, slides), using anything from an answer guide, or copying code/answers from each other for the purposes of completing any assignment or a course project.

Statement of Ethics

This course covers topics concerning the security of many systems that are widely deployed and potentially critical. As part of this course, we will investigate methods, tools and techniques whose use may negatively impact the rights, property and lives of others. As security professionals, we rely upon the ethical use of the above technologies to perform research. However, it is easy to use such tools in an unethical manner. Unethical use includes the circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services.

This is NOT a class on hacking. Any activity outside of the spirit of these guidelines will be reported to the proper authorities both within and outside of Georgia Tech and may result in dismissal from the class and the University. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through the proper channels; however, students with any doubt should consult Professor Traynor for advice. DO NOT conduct any action which could be perceived as technology misuse anywhere or under any circumstances unless you have received explicit permission from Professor Traynor.