Email:

Course Outline

Course Topics

Basic notions of confidentiality, integrity, availability; authentication models; protection models; security kernels; secure programming; audit; intrusion detection and response; operational security issues; physical security issues; personnel security; policy formation and enforcement; access controls; information flow; legal and social issues; identification and authentication in local and distributed systems; classification and trust modeling; risk assessment.

Teaching Assistants

Abhilasha Bhargav-Spantzel
Office: REC 222
Office hours: T 10:30-11:30 & R 10:30-11:30, or by appointment.
Phone: 49-66766
Email: bhargav@cs.purdue.edu

William Speirs
Office:
Office hours: Mon & Wed from 2:30 to 3:20
Phone:
Email: wspeirs@cs.purdue.edu

Prerequisites

The official requirement is CS 503 (Operating Systems) or equivalent, and by extension the material required as a prerequisite to CS 503. If you do not have this background please look at the discussion of prerequisites, and then talk with Prof.Bertino.

Text

Matthew Bishop, Computer Security: Art and Science Addison-Wesley, 2003. ISBN 0-201-44099-7

It is suggested you get the latest printing of the textbook; earlier printings had some typos that made following the text a challenge. Also get the appropriate Errata pages.

Some students have found primary material in the research literature easier to understand than the (condensed) treatment in the textbook. The text contains extensive references (over 1000); you are encouraged to go to these for material you have difficulty with.

Another suggestion is the text used for the undergraduate course (CS426):
Charles P. Pfleeger and Shari Lawrence Pfleeger Security in Computing, 3/e Prentice Hall, 2003.
You may find this book easier to read, however it does not provide the level of mathematical rigor needed for this course.

Evaluation/Grading:

The exact mix of project, written homeworks, papers, etc. is yet to be determined.

Each student will conduct a semester-long course research project. Upto 2 people can work together and their contribution may be evaluated individually. A research project basically consist in identifying a novel research problem in the area of information security and outlining a possible solution to it. Grade for the project will be 20% of the grade for the course. The project preparation and submission is organized as follows:

Pre-proposal
Due November 1 It should be about half a page and should present the research problem to be investigated. References to relevant papers should also be included.

Proposal for the project
Due November 8 The proposal should include survey of the literature. Detailed description of the plan.

Final presentation for the project (During the last three lectures of the class)
Final report for the project Due November 29

Evaluation will be a subjective process, however it will be based primarily on your understanding of the material as evidenced in:

Midterm Exam (25%)
Final Exam (35%)
Written assignments, paper reviews (20%)
Semester Project (20%)

Hard copy of the homework is to be submitted at 9:00am at the day of submission. Late work will be penalized 10 points per day (24 hour period). This penalty will apply except in case of documented emergency (e.g., medical emergency), or by prior arrangement if doing the work in advance is impossible due to fault of the instructor (e.g., you are going to a conference and ask to start the project early, but I don't have it ready yet.)

Qualifier Requirements

Qualifying exam, time and place to be determined. Advance registration required.

If you plan to use this course as part of your Part 1 Qualifying Exams, you should have emailed your availability during final exam week to bertino_nospam@cs_nojunk.purdue.edu by September 20, 2005. Check your exam schedule first! (it will be available September 15.)

Course Outline (numbers correspond to week):

Please look for announcements and class discussions for homeworks and other material in the class newsgroup: purdue.class.cs526.

Note: The course outline is being updated for Fall 2005, and will change. In particular, the assignments (and due dates) will change. They are provided at this time to assist you in planning for the course.

August 23: Lecture by Prof. Ninghui Li. Overview of Cryptography, Slides. Reading: Chapter 9.

August 25: Introduction: Information security: basic concepts, Privacy, Access control, security policies and models Slides (PDF). Reading: Chapters 1,2.1-2.3.

August 30: Lecture by Monica Scannapieco on Data Quality. Slides
Assignment 1 (due 9/13)

September 1: [cont.] Introduction: Information security: basic concepts, Privacy, Access control, security policies and models Slides (PDF). Reading: Chapters 1,2.1-2.3.

September 6: Access Control Slides (PDF).

September 8: Access Control Models Slides (PDF).

September 13: Access Control Models ( Updated! ) Slides (PDF). Assignment 2 (due 9/27) [Quantum Cryptography]

September 15: Access Control Models Part II Slides (PDF).

September 20: Lecture by Cristina Nita-Rotaru on Network Security. Slides

September 22:Access Control Models Part II ( Updated! ) Slides (PDF).

September 27: Lecture by Monica Scannapieco on Data Quality and Data Integration.Slides.

September 29: Temporal Role Based Access Control . Slides(PDF).
Reference TRBAC Paper: PDF. Updated!

October 4: Integrity Policies. Slides(PDF). Assignment 3.

October 6: Authentication. Slides.

October 11: October Break (Oct 8 to Oct 12)

October 13: Identity. Slides(PDF).

October 18: Security Design Principles. Slides(PDF).
Security of Distributed Systems Part I. Slides(PDF).
Assignment 4.

October 20: Midterm

October 25: XACML Slides
October 27: XML Security. Slides

November 1: Pre-Proposal due
Digital Identity Management Slides
November 3: Identity Theft Protection Slides

November 8: Proposal due
Lecture by James Early on Intrusion Detection. Slides
November 10: Lecture by Steve Elliot on Biometrics.

November 15:
Biometrics continued. No more assignments.
November 17: Database Security. Slides

November 22: Lecture by Mohamed Shehab on Watermarking Relational Databases. Slides.
November 24: Thanksgiving Break (Nov 23 to Nov 28) Instructions and details about Projects is given here.

November 29: Final Project submission
System R reference paper link.
An Extended Authorization Model for Relational Databases link.
December 1: Virtual Private Databases

Project List and Slides
December 6: Presentations/Question answer sessions :Team numbers 1-16
December 8: Presentations/Question answer sessions :Team numbers 7-31

Final Exam is on Tuesday December 13, 2005. 3:20 to 5:20pm in *UNIV 303* .
Its a cumulative exam with emphasis on the second half. All guest lectures except data quality are included. System R paper is also included.

CS 526: Information Security

TR 9:00-10:15am

UNIV 101

Elisa Bertino