Syllabus

Course Info

TAs

There are two TAs for the course. I'll announce their names and office hours in Piazza.

Course Description

This course will provide students with a basic and comprehensive understanding of the problems of information assurance (IA) and the solutions to these problems, especially the security of information on computers and networks. This course will focus on the IA technology as well as IA policy, management, legal, and ethical aspects.

Instruction Style

The course will be a combination of lectures and homework assignments. Attendance is required, but will not be recorded (i.e., honor system).

For questions and answers regarding course materials and homework please use Piazza or come to office hours, unless there is some compelling reason to use email. Use email for course administrativia (requesting an extension, you need a signature from me for some reason, etc.) Feel free to email me any time for anything, but if you're asking questions about the homework or lectures you're much more likely to get a timely response in Piazza than via email.

All homeworks should be done in Linux, specifically MX Linux 19.4. If you use other Linux distros or other OSes you do so at your own risk, and with no guarantee of support from me. If you're familiar with Linux you can probably get the homeworks done in your distro of choice without too much trouble. I'll try to help but will need to prioritize the needs of students who stuck with MX Linux 19.4. If you attempt to do the homeworks in Mac OS, it's probably possible but it's going to be painful and I can't help you at all. The same goes for any BSD-based OS. If your OS of choice is another UNIX, like Solaris, I also can't help you with OS-specific questions and...seriously? If you attempt to do the homework in OSes that don't have a native UNIX-like shell, such as Windows, you will most likely fail. There are exceptions, but unless you've been competing in CtFs with your OS of choice for years and already have an environment set up for dealing with raw files, common file formats, packet captures, ELF binaries, etc., please just use the provided Linux virtual machine or install MX Linux 19.4 in a virtual machine of your own.

You are responsible for your own file backups and time management. E.g., feel free email me, or post in Piazza, the day before something is due, "I worked on it all day and then my VM crashed and I lost my file!" But, that's not grounds for an extension and I'm not going to be able to do anything about it to make sure you submit your homework on time. I recommend keeping your code and other work for this course in a private repository that you periodically commit to.

Breakout sessions

There will be Piazza discussions and meetings created around certain topics, and you're allowed to create these on your own. These are intended to develop a sense of fellowship among the CSE 365 students this semester and allow students to gather in a way that is centered around common interests. E.g., myself or one of you might create a Piazza discussion with something like, "Who's interested in learning more about digital forensics?" If enough people respond we can set up a Zoom meeting for the subset of the class that is interested. Participation in these breakout sessions is not required and does not affect your grade, but I strongly encourage you to participate in at least a couple of them.

Prerequisites

Computer Information Systems BS major, Computer Systems Engineering BSE major, Computer Science BS major, or Industrial Engineering BSE major; CIS 235, CSE 220, or CSE 240 with C or better.

Textbook

No textbook is required for this course.

Course Topics

Assessment

Students will be evaluated on their performance on homework assignments. There will not be any exams.

Homework Assignments

There will be 300 points of homeworks throughout the semester, divided into cryptography (100 points total), network security (100 points total), and system and application security (100 points total).

Grading

Area Weight %
Homework 100%
Bonus 10%

Homework Due Dates

Homework due dates will be posted in advance on the class website and announced in class. All times will be Mountain Standard Time, i.e., Arizona time. Late submissions will be accepted with a 1% reduction of score per hour.

Plagiarism and Cheating

This course has a zero-tolerance policy: Any violation of the academic integrity policy (detailed below) will lead to a failure on this course. The violation will be reported to the Dean's office. If you need more time to accomplish a homework assignment, please tell the instructors and ask for an extension. Extensions will be considered for circumstances that are/were beyond your control. Do not attempt plagiarism.

As an ASU student, you must follow both the ASU Student of Conduct and the ASU Student Academic Integrity Policy.

For this course, you are allowed to use code snippets that you find on the Internet as long as you specify clearly in the comment of your source code where the code snippets come from, and the source snippets existed before the assignment was assigned. You are not allowed to upload any part of your solution online or show it to other students. Using other students' answers or code, past or present, with or without a citation is seen as a violation of the academic integrity policy. You will not turn in your source code for most assignments, and maybe not any assignment. But if I suspect cheating I reserve the right to require you to come to my office and show me your source code to get full points. All assignments are graded automatically by graders with anti-cheating mechanisms built-in. Do not cheat -- it is not worth risking your grade and your academic profile.

Security token

As part of the first homework, you will generate a 128-bit MD5 token that will serve as a sort of student ID for the course. You are not to make this token public; share it with any of your classmates; share it with anybody other than the instructor, yourself, and the TAs; find out the token of any of your classmates; or in any way compromise the confidentiality policy that only you yourself and the instructor/TAs for the course should know your security token. If you violate this policy that will be considered cheating as per the policy above.

Sexual Discrimination

Title IX is a federal law that provides that no person be excluded on the basis of sex from participation in, be denied benefits of, or be subjected to discrimination under any education program or activity.  Both Title IX and university policy make clear that sexual violence and harassment based on sex is prohibited.  An individual who believes they have been subjected to sexual violence or harassed on the basis of sex can seek support, including counseling and academic support, from the university.  If you or someone you know has been harassed on the basis of sex or sexually assaulted, you can find information and resources at https://sexualviolenceprevention.asu.edu/faqs.    As a mandated reporter, I am obligated to report any information I become aware of regarding alleged acts of sexual discrimination, including sexual violence and dating violence.  ASU Counseling Services, https://eoss.asu.edu/counseling is available if you wish to discuss any concerns confidentially and privately. ASU online students may access 360 Life Services, https://goto.asuonline.asu.edu/success/online-resources.html.

Copyright

All course content and materials, including lectures (Zoom recorded lectures included), are copyrighted materials. You may not share outside the class, upload to online websites not approved by the instructor, sell, or distribute course content or notes taken during the conduct of the course. See ACD 304-06, "Commercial Note Taking Services" and ABOR Policy 5-308 F.14 for more information.

You must refrain from uploading to any course shell, discussion board, or website used by the course instructor or other course forum, material that is not the student's original work, unless the students first comply with all applicable copyright laws; faculty members reserve the right to delete materials on the grounds of suspected copyright infringement.

Future Changes

Any information in this syllabus may be subject to change with reasonable advance notice.

Tentative Schedule

Date Content
8/19 Guest lecture
8/24 Course introduction
8/26 Cryptography A (hash functions)
9/2 Cryptography B (symmetric)
9/7 Cryptography C (asymmetric)
9/9 Cryptography D (attacks)
9/14 UNIX Basics
9/16 Network Security A
9/21 Network Security B
9/23 Network Security C
9/28 Network Security D
9/30 Authentication
10/5 Anonymity & Tor
10/7 Internet censorship
10/12 Fall break
10/14 Application Security A (compiler and memory basics)
10/19 Application Security B (buffer overflows)
10/21 Application Security C (Werewolves)
10/26 Thanksgiving
10/28 Application Security D (Werewolves)
11/2 Saltzer and Schroeder
11/4 VPNs
10/9 Policy and access control
11/11 Information flow, confinement problem, covert channels
11/16 Malware, intrusion detection
11/18 Forensics
11/23 TBD (please send suggestions of things you'd like us to learn about together as a class)
11/25 TBD (social engineering? cyberbullying?)
12/2 TBD