Archive for the ‘Class Administration’ Category

Blog Participation Grading

May 5, 2010

Hey folks,

We welcome you to keep posting to the blog (even after the semester is over), but for the purposes of your participation grade the blog is now closed.  If you made a bunch of posts in the past few days (since Sunday evening) that you want to be considered in your participation grade, please email Ikpeme.


Chapters from Textbook

May 1, 2010

Hey folks,

The only  chapter covered in the textbook not covered on midterm 2 is chapter 11, so you can expect an emphasis (maybe 50%) on chapter 11 and guest-lecturer-related questions on the final.  For the record, these chapters were covered this semester:

Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 7
Chapter 5
Chapter 11

Course/Instructor Opinion Survey (Deadline: May 9)

April 25, 2010

Hey folks,

As a reminder, Rich and I would appreciate it if you fill out your surveys for the class; it’s helpful to us as instructors and to the institute to get a sense of what can be done to improve.

Project 3 grades

April 23, 2010

Hey folks,

Project 3 grades are up with comments.  They look pretty straight-forward to me…if you got points taken off for not seeing the webcam you can get those points back (send me an email), it crashed hard toward the end of the assignment so not everybody might have seen it.

Midterm 2 is on Thursday (chapters 5 and 7), redteaming project is due Tuesday

March 29, 2010

Hey folks,

As a reminder (per this post), midterm 2 is this Thursday. The best thing to do as far as studying goes is to know the material presented (Chapters 5 and 7) and practice with the posted midterms from previous semesters. Feel free to write to any of the course staff to meet on any questions (Rich for Rich’s material, Mike for Mike’s material).

(Updated) Problems with problem 7

March 9, 2010


The definition from the textbook for a Trojan Horse focuses on a seemingly benign executable having malicious functionality, which fits the scenario I listed. The distinction I was trying to get at in my formulation of problem 7 was that the infection did not stem from the user being invited to run malicious code, but rather that an existing program was exploited to cause infection. I also envisioned that the attack happened through interaction with the web server, as opposed to being via the delivery of a file (which can also constitute a Trojan when someone attempts to open a data file that is crafted to exploit a vulnerability in the application opening it). This line can get kind of blurry when it comes to the web, since your browser runs code from webservers (javascript, flash) and gets data files (jpegs, html) all the time, so you could look at a malicious flash application or malicious jpeg as a Trojan horse. I apologize again for the trouble; I have read the book but I should have looked again before writing my question, because these definitions can be really tricky (so tricky in fact that I managed to screw it up).

In other news, the test is actually out of 130 points, so everybody gets +10 in the numerator and +10 in the denominator.

Last but not least, we will post a solutions file, but it might be a few days.

(original post follows)

Hey folks,

I’ll post more details later, but the book definition of a Trojan horse is a bit broader than my definition, so problem 7 could be considered a Trojan horse. Please see me with your test for a regrade.

Midterm 1 grades

March 9, 2010

Hey folks. Midterm1 has been graded and will be returned starting today. The average was 82/120, not as high as I would have hoped. If you’d like a question of yours regraded, please see me for questions 0 and 6-12, and see Rich for question 1 – 5.

Class 1 Follow-up: Textbook for CS 4235 and Course approval problems

January 13, 2010
  1. The Bishop book was ordered by the professor who was originally signed up to teach the course.  It would have been a textbook change for 4235 that was out of step with prior years and other sections.  The best course is to use Pfleeger & Pfleeger as the official textbook.  If you have already purchased the other book you should return it.  Let us know if there are any problems that arise.
  2. We understand that there are various approval problems with the course.  We are working through the issues as quickly as we can.  Check back to see the status.  If you have specific, time-dependent problems that you think put you in jeopardy please send email to Profs. DeMillo and  Hunter
  3. Remember that this is an open blog site.  Don’t post your email address if you don’t want it to be discoverable/searchable.  Subscribing using your email address does not expose your address.


January 12, 2010

CS 4235: Introduction to Information Security
Spring 2010

Class Meetings
Cherry Emerson 320
4:30-6 Tues/Thurs

Textbook: Charles P. Pfleeger and Shari Lawrence Pfleeger. Security in Computing, Fourth Edition. Prentice Hall, 2007. ISBN 0-13-239077-9. In addition to the textbook, we will read publications covering strategies for information security. This blog will contain links to these papers when they will be included in class discussions.

Course Description
This course provides a one-semester, initial overview of information security. It is designed to help undergraduate and graduate students with some computer and programming knowledge understand this important priority in society today. It touches on the issues surrounding private citizens’ concern for privacy, the reasons for continued security failures after decades of attack, the role of people in securing systems, and the impact of negligent practices. Technically, the course examines  solutions that provide security for information processing systems, secure operating systems and applications, network security, cryptography, security protocols, and so on.

Course Objective

This course provides students with a background, foundation, and insight into the subject of information security. This knowledge will serve as basis for future study in selected aspects of this important field or as an important dimension to their effectiveness in the broader computer science field. The primary objectives of the course are:

  1. Literacy in information security problems and issue
  2. Gain ability to understand technical building blocks for security
  3. Acquire background to interact and aid information security staff in both large and small organizations
  4. Develop awareness of individual responsibility in maintaining secure environments
  5. Appreciate consequences (economic, personal, societal) for computer security breaches

As a part of your general education, the course will also help you learn to:

  • Communicate (written and verbally) about a complex, technical topic simply and coherently.
  • Work and interact collaboratively in groups to examine, understand and explain key aspects of information security.

Teaching Philosophy

We will make extensive use of classroom discussions based on the basic text and additional reading that I assign or you discover.We use class projects to reinforce skills or understanding. You will be given many opportunities to express and defend your views regarding the impact of the subject on you, society, a business / organization, or the information system. You will be expected to participate actively in discussions. On any given issue, you may be asked to summarize and critique reading assignments from the text or articles that you have read.

Class Participation and Attendance
Discovery does not arise from instruction but from personal engagement with the controversies and potentials of a computerized society. You have to be in class to contribute to and benefit from that personal engagement. As shown below, a portion of your grade depends on class participation.

In this class, engagement will take several forms:

  • You will be expected to read, summarize, and interpret  readings for yourself and others.
  • You will be expected to study problems, techniques, and approaches individually and in groups, and then present your findings both orally.
  • You will be expected to critique the perspectives/opinions of both authors and classmates in discussions and position papers.

If you are unable to attend class, notify the TA by email before the period begins. If you are absent withouth excuse and called upon to participate, it will count against you in tallying your final grade.

Students with access to laptops may use them in class at their discretion. Audio should be silenced, and you should not be wearing earphones.If  your laptop use is distracting, we may ask you to close it for the rest of class. Please keep in mind that heavy laptop use during lecture may lessen your participation in discussion.

Cell Phones & Handheld Computers
Cell phones are very distracting in lecture. All cell phones should be silenced or powered off for all classes. If you forget and your phone rings, please silence the ringer as soon as possible. If you believe a call is urgent, you may step outside to answer. It is extremely rude to answer a cell phone in class.
All devices must be powered down and put away during any exam or quiz. Any student typing ontheir device or reading information from their device are subject to a zero on the exam. Music Players, iPods and similar products should not be used in class.

General Assignment Guidelines

  • Technical Format: Although the most important thing to do in any assignment is to show that you have thought about the topic and gained some understanding, grading also takes technical format into account All written assignments must be prepared using a word processor. Each assignments page count assumes 12 point font, double-spacing (24 point leading), letter-size paper, and 1″ margins. Feel free to use other software for writing (e.g., LaTeX, Pages, etc). Class presentations should be accompanied by hard copies of all material presented in class.  This can take the form of a PowerPoint file or a .pdf document.  There are no required formats for these materials, although it is expected that all slides be readable as “stan-alone” documents with sufficient explanatory notes to permit a reader to understand what was said in class.
  • Each paper should clearly identify the author(s), date, and assignment number. If the assignment discusses an article, a proper citation for that article (author, title/headline, publication name, date, and page number or URL) must be included in the paper. In addition, at least the first page of the article should be attached (photocopies are acceptable).
  • Writing Style: All assignments are expected to be grammatically correct with accurate spelling. All writing assignments should be proofread and corrected before submission. Incomplete sentences and broken grammar will adversely affect your score. For footnotes and bibliographies, students will use a standard citation style. Students are encouraged to learn and use tools such as EndNote (for Word, available for free from OIT) or BiBTeX (for LaTeX).
  • Late Policy:  Homework and papers are due at the start of class on the due date, unless otherwise specified. Late work will be accepted, but penalized. Work not turned in by a designated final cut-off will not be considered and graded as a “zero” in numerical grading. All assignments must be turned in for a passing grade. Hardship exceptions to this policy will be considered and granted by the TA only before the assignment is due.
  • Academic Honesty: We  recognize and fully support the Georgia Tech Academic Honor Code as presently defined for the Georgia Tech community. A copy of the Honor Code can be found at this Georgia Tech website. All students are expected to maintain traditional standards of academic integrity by giving proper credit for all work referenced, quoted, etc. Unless otherwise stated, all work is individual work by each student. Plagiarizing is defined by Webster’s as “to steal and pass off (the ideas or words of another) as one’s own: use (another’s production) without crediting the source.” Quote and attribute any words that are not your own. If caught plagiarizing, you will be dealt with according to the GT Academic Honor Code. Unless specifically identified as group work, all graded portions of the course are to be completed alone. Any student in violation will receive a zero on the assignment for the first violation, and will fail the course on a second violation. All violations will be reported to the Office of Student Integrity.
  • Grading

Your grade will be based on the following evaluated tasks:
Projects (50%)
Midterm 1 (10%)
Midterm 2 (10%)
Final exam (20%)
Class participation & attendance (10%)
All assignments and projects are required for passing the course. Any assignment turned in by email
that contains a virus will receive an automatic zero.
Grades will be posted at T-Square.

Class Schedule

January 12, 2010

Week 1

Course Intro and Discussion

  • Reading Assignment: Chapter 1
  • Assignment of Project 1: Analysis of Security Events

Information Security Discussion based on Chapter 1

Week 2

Threats and Vulnerabilities (Project Reports Part 1)

Threats and Vulnerabilities (Project Reports Part 2)

  • Reading Assignment Chapter 2

Week 3

Modern Cryptography

Modern Cryptography (continued)

  • Reading Assignment Chapter 3

Week 4

Software vulnerabilities and consequences

More consequences, countermeasures

  • Reading assignment Chapter 4

Week 5

Memory Protection

Access Control and Authentication

Week 6

Week 7

Week 8

Week 9

Week 10

Spring Break

Week 11

Week 12

Week 13

Week 14

Week 15