CMSC 414: Computer and Network Security Fall 2011 William A. Arbaugh Sections 0101 1. Organization a. Instructors: William A. Arbaugh AVW 4137 waa at cs Mon/Wed: 12:00 pm – 1:00 pm and by appointment b. TA: Abdul Quamar Mon/Wed 3:00pm - 4:00pm AVW 1112 c. Class Time: Mon/Wed 2:00pm – 3:15pm in CSI 1121 Forum: We are using Piazza for the forum. The sign-up link is http://piazza.com/umd/fall2011/cmsc414. 2. Objectives Until recently, information systems security has only been a focus of the military, and the financial communities. With the recent explosive growth and merging of telecommunications and computing, security has become an integral element of any reliable and robust information systems environment. Unfortunately, most current commercial products ignore security in favor of a user friendly environment and performance. The side-effects of this decision are now well documented in the press. This class will cover information systems security at the under graduate level. 3. Textbook There is no text-book for this course. The syllabus contains reading, and video links that MUST be read/viewed prior to class. Lectures Lectures will not be a regurgitation of the reading assignment. Each class will begin with questions from the students over the class assignments. The remaining time in class will involve hands-on labs and assignments. You are highly encouraged to bring a laptop powerful enough to run multiple virtual machines is preferred. If you do not have a laptop, or yours is too old. There will be laptops provided. YOU are responsible for saving and moving files via a sufficiently large thumb drive. You are responsible for information presented in class and all readings/videos assigned out of class. Lab and In-class programming information You are responsible for providing a laptop or desktop (preferably a laptop) capable of running a recent hypervisor. If you are unable to do so, see Prof. Arbaugh immediately after the first class. Best efforts will be made to accommodate you. We will be making extensive use of virtual machines in this class. The virtual machines will be provided so that they may run with Vmware Fusion on a Mac, or VM player on Windows or Linux. You can obtain VM player here, and Vmware Fusion here. Vmware player is free. Unfortunately, Vmware Fusion is $39.95 for an academic license. The laptops provided in class will have a version of Vmware Fusion on them should you prefer not to purchase a copy. Course Assignments and Grades Attendance will not be taken at lectures. However, you are responsible for all material presented in the classroom. The course will have four graded laboratory assignments. These labs along with a mid-term, a class participation grade, capture the flag exercise, and a final compose your entire grade as follows: The four labs count as 40% of your final grade. Each lab is weighted equally, i.e. each lab is worth 10% of your final grade. The final capture the flag exercise counts as 10% of your final grade. The mid-term counts as 20% of your final grade. The final exam is worth 25% of your final grade. Class participation counts towards 5% of your final grade. This grade will be based on “pop” quizzes and your participation in the class forum helping others. You may appeal your grade up to seven calendar days from the date your grade was posted. For a lab, you should first appeal to the TA responsible for grading that lab. If you are not satisfied after your discussions with the TA, you may appeal to Prof. Arbaugh. Appeals on exam grades should be made directly to Prof. Arbaugh. Please note: grades will only be changed if an error has been made in the grading. Please also read http://gtalumni.org/Publications/techtopics/win96/wiesen.html Late assignments will be docked 20% each day for the first two days. Assignments more than 2 days late will not be accepted, unless you have arranged an extension in advance with Prof. Arbaugh. Extensions can only be given by Prof. Arbaugh and will only be given in extenuating circumstances. Even if you cannot complete the assignment- turn-in your work. Partial credit may be given if you made progress on the problem. Academic Integrity Each lab assignment must be the sole work of the student. Automatic cheat checkers will closely monitor assignments, and students may be asked to explain any suspicious similarities. The following are guidelines on what collaboration is authorized and what is not: What is cheating? o Sharing code or other electronic files: either by copying, retyping, looking at, or supplying a copy of a file. o Sharing written assignments: Looking at, copying, or supplying an assignment. What is not cheating? o Clarifying ambiguities or vague points in class handouts or textbooks. o Helping others use the computer systems, networks, compilers, debuggers, profilers, or other system facilities. o Helping others with high-level design issues. o Helping others debug their code. All cheating will be reported as academic dishonesty and may result in the student receiving a XF grade for the class. NOTE: Your assignments may be checked with electronic compliance/plagiarism checkers. By submitting an assignment, you agree to permit the use of web based plagiarism checks. Excused Absences Any student who needs to be excused for an absence from a single lecture, recitation, or lab due to a medically necessitated absence shall: Make a reasonable attempt to inform the instructor of his/her illness prior to the class. Upon returning to the class, present their instructor with a self-signed note attesting to the date of their illness. Each note must contain an acknowledgment by the student that the information provided is true and correct. Providing false information to University officials is prohibited under Part 9(h) of the Code of Student Conduct (V-1.00(B) University of Maryland Code of Student Conduct) and may result in disciplinary action. This self-documentation may not be used for the Major Scheduled Grading Events as defined below and it may only be used for only 1 class meeting during the semester. Any student who needs to be excused for a prolonged absence (2 or more consecutive class meetings) or for a Major Scheduled Grading Event, the student must provide written documentation of the illness from the Health Center or from an outside health care provider. This documentation must verify dates of treatment and indicate the timeframe that the student was unable to meet academic responsibilities. No diagnostic information shall be given. The Major Scheduled Grading Events for this course include: a) Mid-term - October 12 during the lecture period b) Capture the flag exercise 12/7 - 12/12 c) Final 12/19 Academic Accommodations Any student eligible for and requesting reasonable academic accommodations due to a disability is requested to provide, to the instructor in office hours, a letter of accommodation from the Office of Disability Support Services (DSS) within the first two weeks of the semester. Schedule

CMSC 414: Computer and Network Security

Fall 2011

William A. Arbaugh

Sections 0101

1.Organization

a.Instructors:

William A. Arbaugh

AVW 4137

waa at cs

Mon/Wed: 12:00 pm – 1:00 pm and by appointment

b.TA:

Abdul Quamar

Mon/Wed 3:00pm - 4:00pm AVW 1112

c.Class Time:

Mon/Wed 2:00pm – 3:15pm in CSI 1121

d.Forum:
We are using Piazza for the forum. The sign-up link is http://piazza.com/umd/fall2011/cmsc414.

2.Objectives

Until recently, information systems security has only been a focus of the military, and the financial communities. With the recent explosive growth and merging of telecommunications and computing, security has become an integral element of any reliable and robust information systems environment. Unfortunately, most current commercial products ignore security in favor of a user friendly environment and performance. The side-effects of this decision are now well documented in the press.
This class will cover information systems security at the under graduate level.

3.Textbook

There is no text-book for this course. The syllabus contains reading, and video links that MUST be read/viewed prior to class.

4. Lectures

Lectures will not be a regurgitation of the reading assignment. Each class will begin with questions from the students over the class assignments. The remaining time in class will involve hands-on labs and assignments.

You are highly encouraged to bring a laptop powerful enough to run multiple virtual machines is preferred. If you do not have a laptop, or yours is too old. There will be laptops provided. YOU are responsible for saving and moving files via a sufficiently large thumb drive.

You are responsible for information presented in class and all readings/videos assigned out of class.

5. Lab and In-class programming information
You are responsible for providing a laptop or desktop (preferably a laptop) capable of running a recent hypervisor. If you are unable to do so, see Prof. Arbaugh immediately after the first class. Best efforts will be made to accommodate you.
We will be making extensive use of virtual machines in this class. The virtual machines will be provided so that they may run with Vmware Fusion on a Mac, or VM player on Windows or Linux. You can obtain VM player here, and Vmware Fusion here.
Vmware player is free. Unfortunately, Vmware Fusion is $39.95 for an academic license. The laptops provided in class will have a version of Vmware Fusion on them should you prefer not to purchase a copy.
6. Course Assignments and Grades

Attendance will not be taken at lectures. However, you are responsible for all material presented in the classroom.

The course will have four graded laboratory assignments. These labs along with a mid-term, a class participation grade, capture the flag exercise, and a final compose your entire grade as follows:

•The four labs count as 40% of your final grade. Each lab is weighted equally, i.e. each lab is worth 10% of your final grade.
•The final capture the flag exercise counts as 10% of your final grade.
•The mid-term counts as 20% of your final grade.
•The final exam is worth 25% of your final grade.
•Class participation counts towards 5% of your final grade. This grade will be based on “pop” quizzes and your participation in the class forum helping others.

You may appeal your grade up to seven calendar days from the date your grade was posted. For a lab, you should first appeal to the TA responsible for grading that lab. If you are not satisfied after your discussions with the TA, you may appeal to Prof. Arbaugh. Appeals on exam grades should be made directly to Prof. Arbaugh. Please note: grades will only be changed if an error has been made in the grading. Please also read http://gtalumni.org/Publications/techtopics/win96/wiesen.html

Late assignments will be docked 20% each day for the first two days. Assignments more than 2 days late will not be accepted, unless you have arranged an extension in advance with Prof. Arbaugh. Extensions can only be given by Prof. Arbaugh and will only be given in extenuating circumstances. Even if you cannot complete the assignment- turn-in your work. Partial credit may be given if you made progress on the problem.

7. Academic Integrity

Each lab assignment must be the sole work of the student. Automatic cheat checkers will closely monitor assignments, and students may be asked to explain any suspicious similarities. The following are guidelines on what collaboration is authorized and what is not:

What is cheating?

oSharing code or other electronic files: either by copying, retyping, looking at, or supplying a copy of a file.

oSharing written assignments: Looking at, copying, or supplying an assignment.

What is not cheating?

oClarifying ambiguities or vague points in class handouts or textbooks.

oHelping others use the computer systems, networks, compilers, debuggers, profilers, or other system facilities.

oHelping others with high-level design issues.

oHelping others debug their code.

All cheating will be reported as academic dishonesty and may result in the student receiving a XF grade for the class.

NOTE: Your assignments may be checked with electronic compliance/plagiarism checkers. By submitting an assignment, you agree to permit the use of web based plagiarism checks.

8. Excused Absences

Any student who needs to be excused for an absence from a single lecture, recitation, or lab due to a medically necessitated absence shall:

a) Make a reasonable attempt to inform the instructor of his/her illness prior to the class.

b) Upon returning to the class, present their instructor with a self-signed note attesting to the date of their illness. Each note must contain an acknowledgment by the student that the information provided is true and correct. Providing false information to University officials is prohibited under Part 9(h) of the Code of Student Conduct (V-1.00(B) University of Maryland Code of Student Conduct) and may result in disciplinary action.

c) This self-documentation may not be used for the Major Scheduled Grading Events as defined below and it may only be used for only 1 class meeting during the semester.

Any student who needs to be excused for a prolonged absence (2 or more consecutive class meetings) or for a Major Scheduled Grading Event, the student must provide written documentation of the illness from the Health Center or from an outside health care provider. This documentation must verify dates of treatment and indicate the timeframe that the student was unable to meet academic responsibilities. No diagnostic information shall be given. The Major Scheduled Grading Events for this course include:

a) Mid-term - October 12 during the lecture period

b) Capture the flag exercise 12/7 - 12/12

c) Final 12/19

4. Academic Accommodations

Any student eligible for and requesting reasonable academic accommodations due to a disability is requested to provide, to the instructor in office hours, a letter of accommodation from the Office of Disability Support Services (DSS) within the first two weeks of the semester.

5. Schedule