4005-784 Privacy and Security - Course Syllabus

Last updated 2009/11/15 14:06:10

1. Course Overview

1.1. Course Goal

The goal of this course is to help students become more aware of the issues surrounding the collection, storage, and use of information of all types. Both legal and ethical issues will be addressed. The need to protect information and to provide secure computing facilities will be used to motivate discussion of and experimentation with software tools for the defense of computer systems and networks.

1.2. Course Outcomes

The following are the intended outcomes for this course:

• Students will be able to exlain the seminal work in privacy and security literature.
• Students will demonstrate an understanding of fundamental issues in information control, and will be able to assess the risks associated with dissemination and misuse of information.
• Students will be able to use software tools for evaluating system and network vulnerabilities, detecting and recovering from computer system intrusions, and defending against intrusions.

1.3. Course Prerequisites

The prerequisites for this course are:

• Operating Systems I (4003-713, or equivalent)
• Data Communications and Networking I (4003-420, or equivalent)

In addition, students should show:

• computing maturity - experience writing a significant amount of code, some understanding of networks (e.g., protocols, etc.), etc.
• a strong interest in the course material
• a willingness to actively participate in the class

2. Books

There are two required textbooks for this course:

• Privacy, Information, and Technology, second edition, by Daniel J. Solove and Paul M. Schwartz; Aspen, 2009.

• Secrets and Lies: Digital Security in a Networked World, by Bruce Schneier; John Wiley & Sons, 2000.

Other textbooks in the areas covered by this course include:

• Security:
  • Charles Pfleeger and Shari Lawrence Pfleeger, Security in Computing, Fourth edition, Prentice-Hall 2007
  • Matt Bishop, Computer Security: Art and Science, Addison-Wesley, 2003
  • Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2005
  • Dorothy Denning, Information Warfare and Security,, Addison-Wesley (ACM Press) 1999
  • Dorothy and Peter Denning, Internet Besieged,, Addison-Wesley (ACM Press) 1998
  • Peter Denning, ed., Computer Under Attack: Intruders, Worms, and Viruses, Addison-Wesley (ACM Press) 1991
  • Winn Schwartau, Information Warfare,, Second Edition, Thunder's Mouth Press 1996
• Privacy, Ethics:
  • Simson Garfinkle, Database Nation: The Death of Privacy in the 21st Century, O'Reilly, 2000
  • Deborah Johnson and Helen Nissenbaum, Computers, Ethics, and Social Values, Prentice-Hall 1995
  • Sara Baase, A Gift of Fire: Social, Legal, and Ethical Issues in Computing, Prentice-Hall 1997
  • Charles Dunlop and Rob Kling, Computerization and Controversy: Value Conflicts and Social Choices, Academic Press 1991
  • J. C. Cannon, Privacy: What Developers and IT Professionals Should Know, Addison Wesley, 2005

Any programming work you do for this course will typically be done in C.

3. Grades

The final grade will be determined using the following weights:

3.1. Homework/Programming Assignments

Homework will be announced in class and posted to the course home page. Homework assignments will be a mix of theoretical and practical questions. Some programming may be required; the exact number of these assignments and their scope will be determined during the quarter.

All homework and programming assignments are due in hardcopy form at the beginning of class on the assigned due date. Late submissions (those that are turned in on the due date, but after the end of class) will be penalized. Submissions will not be accepted after the due date.

3.2. Attendance and Participation

Students are expected to actively contribute to classroom discussions. This includes attending class, asking and answering questions, and contributing personal opinions and experiences to our discussions. Student attendance is also required during graduate student presentations; a portion of your participation grade will be based on your submission of a peer evaluation form for each presentation. Finally, the end-of-quarter "wrapup" session scheduled during final exam week is considered to be a regular class session; attendance and participation during this session will be included in the overall participation grade. This quarter, our "final" is scheduled for Monday, February 22, 2010, 12:30-2:30pm, 70-2690 .

In order to ensure the free exchange of ideas and commentary, it is vital that, at all times, all participants respect the integrity and views of others participating in classroom activities.

3.3. Readings

In order to get used to reading literature pertaining to the course topics, students will also be required to submit short summaries of selected papers and other resources. Students may choose the papers they wish to summarize from the reading list; however only one paper per topic should be chosen.

As with homework and programming assignments, summaries are due in hardcopy form in class. Summaries must be submitted no later than the last class session of the week in which the topic is listed on the reading list; as with homework assignments, summaries submitted after class on that date will be considered late and will be penalized, and summaries will not be accepted after that date. Please do not submit summaries more than one week in advance unless you have cleared this with me beforehand.

3.4. Research Reports

Each graduate student is expected to research two topics related to the course content, and to prepare a term paper of 15-20 pages for each. One paper will be on a privacy-related topic; the other, on a security-related topic. Requirements and grading information can be found in the assignment specification (see the course assignments web page).

3.5. Presentation

Each graduate student is expected to give a presentation to the class based on one of his or her research report topics. These will be scheduled during the last few class sessions. Grading will be based on the quality of the presentation, its information content, and peer evaluations submitted by the other students in the class.

4. Academic Conduct

Academic dishonesty will be dealt with in accordance with DCS and RIT policies.

• RIT's Honor Code (section 1 of the RIT Students Rights and Responsibilities handbook).
  A general statement that sets standards of behavior for all members of the RIT community.

• RIT's Academic Honesty Policy (section 18 of the RIT Students Rights and Responsibilities handbook).
  Defines the basic forms of academic dishonesty (cheating, duplicate submission, and plagiarism) and explains the official RIT policy regarding academic dishonesty.

• The DCS Policy on Academic Integrity.
  Explains the official Department of Computer Science policy regarding incidents of academic dishonesty.

5. Notes

• Disclaimer: Normally, the number, type, and relative weights of assignments will not change from those specified in the syllabus and other course documents. However, I reserve the right to make changes to these or any other facet of the course, at my discretion, based upon the events of the quarter; if such a change must be made, you will be notified in class, via electronic mail, and on my web page for the course.

• Coursework: Unless otherwise specified in the assignment, all work you submit for grading must be your own. Code or ideas (specific algorithms, optimizations, etc.) obtained from or inspired by other sources must be properly attributed.

• Due dates: I select due dates for assignments in order to provide adequate time to complete the assignments, while allowing sufficient remaining time in the quarter to complete the remaining assignments. Should it become necessary, I reserve the right to change due dates; this, in turn, may require modification of due dates for other assignments during the quarter, or (in some cases) elimination of some assignments.

  System downtime on or near the due date for an assignment is not usually grounds for an extension. An exception to this is extended system downtime (on the order of multiple days, not just hours); if this occurs, I may consider modifying a due date, but this is not guaranteed.

• Withdrawing: During the add/drop period (the first seven calendar days of the quarter), you may drop this course and it will disappear from your transcript. After that time, you can only withdraw from the course; the course will appear on your transcript with a grade of W.

  Deadline to add/drop: Sunday, December 6, 2009
  Deadline to withdraw: Friday, February 5, 2010

• Final Exam: RIT has an official set of Final Examination Policies which detail procedures related to the scheduling of final exams. Most important among these is the procedure to be followed by students who wish to request a change in date or time for an exam. Briefly, such a request is only accepted if the student has an exam conflict (i.e., two or more exams scheduled at the same time) or the student has three or more exams scheduled on the same day. Requests for rescheduling an exam must be submitted by the last day of week six.

  Although we will not have a final exam per se, we will use the two-hour final exam time as a "wrapup" session during which we will review the events of the quarter; for grading purposes, this will be considered to be a regular class session.

• Assignment of final grades:

  I use a traditional 90/80/70/60 percentage-based grading scale in this class. I reserve the right to alter these division points as I see fit at the end of the quarter if I believe it to be necessary, based on my overall evaluation of individual or class performance and effort.

  Score Range Grade n ≥ 90% A 80% ≤ n < 90% B 70% ≤ n < 80% C 60% ≤ n < 70% D n < 60% F