Computer Systems Security: Winter 2016 Course Outline
Course Information
- Course Number: COMP 4108
- Term: Winter 2016
- Title: Computer Systems Security
- Institution: Carleton University, School of Computer Science
- Instructor: Anil Somayaji (anilsomayaji at connect.carleton.ca): Tuesdays 12:30-2 (and by appointment) in HP 5137
- TA: Borke Obada-Obieh (BorkeObadaObieh at cmail.carleton.ca): Wednesdays 3-4:30 PM in HP 1170
- Meeting Time: Tuesdays and Thursdyas 10:05-11:25 AM, TB 238
- Course Website: http://homeostasis.scs.carleton.ca/wiki/index.php/Computer_Systems_Security_(Winter_2016)
Official Course Description
COMP 4108: Introduction to information security in computer and communications systems, including network, operating systems, web and software security; Passwords, authentication applications, privacy, data integrity, anonymity, secure email, IP security, security infrastructures, firewalls, viruses, intrusion detection, network attacks. Prerequisite(s): one of COMP 3203 or SYSC 4602, and one of COMP 3000, SYSC 3001, SYSC 4001.
Communication
The main wiki page is the canonical source of information on this course. Please refer to it for updates. When significant changes are made to this document it will be either announced in lecture and/or posted in the course discussion forum.
Online course discussions will be on cuLearn.
You should get an account on this wiki so you can edit content here. Email Prof. Somayaji to get one with your preferred username and email address to which a password should be sent.
Required Textbooks/Software
There are no required textbooks or software for this course. Instead we will be reading research papers which will be linked to from the wiki. While many of these papers will be available directly via web search, some will be behind paywalls. In this case there will be alternate links to those pages that go through the Carleton Library's proxy.
Grading
Students enrolled in COMP 4108 have the following grading scheme:
- 20% Class Participation
- 20% Hacking Journal
- 10% Assignments (Reading Analyses)
- 20% Midterm (Feb. 25th, in class)
- 30% Final Exam
Each of these elements are explained below.
Class Participation
You are expected to attend every class for this course. Moreover, you are expected to participate in each class. This participation part of your grade will be based in part upon attendance; however, it will also be based upon the degree to which you were an active participant. Students who attend every class but who do nothing while in class will get a worse participation grade than those who miss some classes but who fully participate in those they do attend.
Note that mini presentations and group work are part of class participation.
Hacking Journal
The hacking journal is a journal of a student's explorations of computer security technology and methods (attacks and defenses) over the course of the semester. Every student should spend 3-4 hours a week on work that is documented in the hacking journal. The documentation may be concise and need not contain full sentences; however, it should cover the technical challenges encountered and the attempts to find solutions to those challenges (successful or not). It should also contain citations for any references consulted and help obtained from any other individuals.
Students should be prepared to share their progress informally during class. The hacking journal will need to submit their journal twice: once on February 12th (before March Break) and once at the end of the semester. You may maintain your hacking journal as one or many files, in any format you choose; for submission, however, you should if necessary combine them into one file that is either in text or PDF format.
Hacking opportunities will be discussed throughout the class and kept track of on the class wiki.
While students may choose to focus on one project primarily, students should attempt at least one hacking project in each of the four major categories of material of the course, OS, Network, Software, and Web.
The hacking journal should be submitted in the form of weekly updates and a final report. The final report should be a nicely formatted version, in PDF, of all previously submitted updates (optionally edited for clarity), discussion of any additional work completed after the last hacking update, and a summary statement of no more than two pages describing your overall experiences with the hacking journal. In this summary statement explain what you learned, what challenges you had, and to what degree you feel the exercise was worthwhile.
Your final grade will be half your grade for the top five hacking journal updates, half from the grade on your final report. The report will be graded out of 10: 4 points for breadth, 3 for depth, 3 for overall quality of the hacking. One point will be subtracted from the grade if no summary statement is present; otherwise the summary does not affect the report grade.
Assignments/Reading Analyses
In lieu of regular assignments, students will be required to do security reading analyses of five readings. These readings may be ones assigned for class; however, all readings must be analyzed before they have been discussed in class. Outside selections must be published in reputable security venues.
Optionally, students may submit 10 reading analyses. In this case, assignments will count as 20% of their grade and the hacking journal will count as 10%.
Reading analyses may be submitted at any time before the final exam and should be submitted in PDF or text format via cuLearn.
Midterm and Final Exam
Students will be required to complete an in-class midterm exam and a formally scheduled final exam. These will be essay tests based on the material covered in class. Sample questions will be made available during study sessions prior to the exams.
Collaboration
Collaboration on all work is allowed except for the midterm and final exams. Collaboration, however, should be clearly acknowledged. Specifically, co-authored works should be marked as such. When co-authored, all authors of reading responses and projects will get the same grade, unless there is reason to believe that some co-authors did not in fact contribute significantly to the submitted work. Co-authored contributions may get different grades depending upon the relative contribution of the different authors; however, the default here will also be to give all authors the same grade.
It is essential that outside references be cited appropriately. Proper citation format should be followed except where more relaxed forms are specifically allowed.
Plagiarism or intellectual dishonesty of any kind is strictly forbidden. In other words, it should always be clear what is your work and what is the work of others. If anything you submit is, in part or whole, very similar in content or structure to that of work produced by someone else, you are plagiarizing. This includes figures.
Think of plagiarism as a kind of unauthorized collaboration. Don't do it. Plagiarism and other instructional offenses will be reported to the Dean of Science for disciplinary action, as per university guidelines.
University Policies
Student Academic Integrity Policy
Every student should be familiar with the Carleton University student academic integrity policy. A student found in violation of academic integrity standards may be awarded penalties which range from a reprimand to receiving a grade of F in the course or even being expelled from the program or University. Some examples of offences are: plagiarism and unauthorized co-operation or collaboration. Information on this policy may be found in the Undergraduate Calendar.
Plagiarism
As defined by Senate, "plagiarism is presenting, whether intentional or not, the ideas, expression of ideas or work of others as one's own". Such reported offences will be reviewed by the office of the Dean of Science.
Unauthorized Co-operation or Collaboration
Senate policy states that "to ensure fairness and equity in assessment of term work, students shall not co-operate or collaborate in the completion of an academic assignment, in whole or in part, when the instructor has indicated that the assignment is to be completed on an individual basis".
Please see above for the specific collaboration policy for this course.
Academic Accommodations for Students with Disabilities
The Paul Menton Centre for Students with Disabilities (PMC) provides services to students with Learning Disabilities (LD), psychiatric/mental health disabilities, Attention Deficit Hyperactivity Disorder (ADHD), Autism Spectrum Disorders (ASD), chronic medical conditions, and impairments in mobility, hearing, and vision. If you have a disability requiring academic accommodations in this course, please contact PMC at 613-520-6608 or pmc@carleton.ca for a formal evaluation. If you are already registered with the PMC, contact your PMC coordinator to send me your Letter of Accommodation at the beginning of the term, and no later than two weeks before the first in-class scheduled test or exam requiring accommodation (if applicable). After requesting accommodation from PMC, meet with me to ensure accommodation arrangements are made. Please consult the PMC website for the deadline to request accommodations for the formally-scheduled exam (if applicable) at http://www2.carleton.ca/pmc/new-and-current-students/dates-and-deadlines
Religious Obligation
Write to the instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. For more details visit the Equity Services website: http://www2.carleton.ca/equity/
Pregnancy Obligation
Write to the instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. For more details visit the Equity Services website: http://www2.carleton.ca/equity/
Medical Certificate
The following is a link to the official medical certificate accepted by Carleton University for the deferral of final examinations or assignments in undergraduate courses. To access the form, please go to http://www.carleton.ca/registrar/forms