Add to collection(s) Add to saved
  1. No category

Hands-on Experience on Computer System Security (CIS 493, EEC 492/592) Fall 2014

advertisement 
Hands-on Experience on Computer System Security
(CIS 493, EEC 492/592)
Fall 2014
4:00 pm to 5:50 pm on Monday & Wednesday, FH 306
(5:00 – 5:50pm on Wednesday is for EEC 592 only)
Instructor: Dr. Sanchita Mal-Sarkar
Office Location: BU 345
E-mail: s.malsarkar@csuohio.edu
Work phone number: 216 523 7524
Office Time: 11:15 am – 1:15 pm (M/W),
other time by appointment.
Instructor URL:
http://grail.cba.csuohio.edu/~sanchita/sanchita
.html
Instructor: Dr. Chansu Yu
Office Location: SH 331
E-mail: c.yu91@csuohio.edu
Work phone number: 216 687 2584
Office Time: 2:00 pm – 4:00 pm (T/TH),
other time by appointment.
Instructor URL:
http://academic.csuohio.edu/yuc/
Prerequisite: CIS 345 or EEC 382
Number of Credits: 3 (CIS 493, EEC 492), 4 (EEC 592)
Course Description:
This course focuses on the hands-on learning of computer system security, which
integrates all aspects of security of computer systems – namely, network and information
security, software security, and hardware security. The course will follow a distinctive
hands-on teaching approach using a well-designed set of experiments as learning tool.
Students will be able to “hack” a system at different levels and analyze existing
countermeasures.
Key Concepts:
Introduction to comprehensive coverage on security issues - information and network,
software, hardware securities. Familiarize with FPGA (Field Programmable Gate Arrays)
and Verilog programming. Understand information security through data encryption and
decryption to protect data and systems. Learn buffer overflow attacks – stack overflow,
heap overflow, and array indexing errors. Learn bus snooping attacks and protection
schemes through bus encryption. Describe software infections caused by malware and the
protection schemes. Understand side-channel attacks and hardware Trojans of different
forms and sizes triggered by rare events.
Course Requirements:
The course will use the Facebook “Hardware Security” Group for sharing and discussing
new developments in hardware security.
1
Blackboard: The course will be administered using Blackboard Learn (the updated
version of Blackboard CE 6.0). The syllabus, calendar, homework assignments, notes,
exams, pertinent links and grades are available on the blackboard.
* Blackboard Learn: https://bblearn.csuohio.edu/MACAuth/login.jsp
* For Blackboard help: http://help.blackboard.com/Blackboard-Learn/9.1/SP08/ENUS/NAHE/Student/index.htm
Student Expectations:
Make sure you meet the following criteria. These are essential for you to complete this
course successfully.
1. Lab Assignments – Six group lab assignments will be given throughout the semester. All
lab assignments are to be completed by computer - handwritten assignments will not be
accepted.
2. Paper presentation and report (EEC 592 only) – Students are supposed to read a paper
every other week and make a presentation and a report.
3. Late Assignment/reports – Late assignment/lab report will receive a penalty of 10% per
day, unless excused. No late submission is accepted after one week of the due date.
4. Exams and Make-up Exam - There will be 2 tests throughout the semester. Make-up
tests will be given only in the case of serious need and only when the instructor is
notified PRIOR to the test time. In case of a missed test, valid reason must be
provided along with supporting document (e.g. doctor's note). Without proper
documentation, no marks will be given for a missed test.
5. Grading Scheme:
Your course grade is based on your overall performance through the entire semester.
The relative weights for the final grade are the following:
CIS 493, EEC 492
EEC 592
Lab Reports (6)
60 %
Lab reports (6)
48 %
Tests (2)
40 %
Tests (2)
32 %
Presentations
and reports (7)
20 %
Student Conduct: Students are expected to do their own work. Academic misconduct,
student misconduct, cheating and plagiarism will not be tolerated. Violations will be
subject to disciplinary action as specified in the CSU Student Conduct Code. A copy can
be obtained by contacting Valerie Hinton Hannah, Judicial Affairs Officer in the
Department of Student Life or at
http://www.csuohio.edu/studentlife/StudentCodeOfConduct.pdf
2
It is important that all students do their own work on the exams and assignments.
Failure to do so will result in a Failing Grade for the course.
Last day to drop
(Without W grade)
Friday, August 29, 2014
(Without W grade)
Friday, September 5, 2014
(with Full Refund)
Last day to drop:
Last day to withdraw:
(With W grade)
Friday, October 31, 2014
Examination Policy: The use of books, class notes, cell phones, calculators, and any
electronic devices is prohibited during the examinations. Any form of
communication during examinations is prohibited.
Student work for Course Portfolio: The professor reserves the right to retain, for
pedagogical reasons, either the original or a copy of your work submitted either
individually or as a group project for this class. Students’ names will be deleted from
any retained items.
Expected Outcomes: Upon successful course completion, a student will be able to:
 Understand the basic concepts of computer system security which integrates
network and information security, software security, and hardware security.
 Learn and design not only new solutions against known attacks but also learn to
hack into software and hardware and come up with a new threat models and
defense mechanisms against them.
 Analyze and validate computer system for security and build secure computer
system for trustworthy computing.
3
Course Schedule:
The tentative schedule of topics and their order of coverage is given in the table below.
Date
Week 1
08/25 – 08/29
Week 2
09/01 – 09/05
Week 3
09/08 – 09/12
Week 4
09/15 – 09/19
Week 5
09/22 – 09/26
Week 6
09/29 – 10/03
Week 7
10/06 – 10/10
Week 8
10/13 – 10/17
Chapter Title
Technical walk-through of several emerging hardware ,
software, network security threats and principles
Experiment#1: Experiments on Data encryption and
decryption
Experiment #1: Experiments on Data encryption and
decryption
Experiment #2: Experiments on Buffer Overflow Attacks
Week 9
10/20
10/22
Week 10
10/27
10/29
Week 11
11/03
11/05
Week 12
11/10
11/12
Experiment #4a: FPGA, DE0, Quartus
Week 13
11/17
11/19
Week 14
11/24
11/26
Week 15
12/01
12/03
Week 16
12/08
12/10
Important Dates
09/01: Labor Day –
No Class
Experiment #2: Experiments on Buffer Overflow Attacks
Experiment #3: Experiments on Software Infections
Exam review
Experiment #3: Experiments on Software Infections
10/13: Self-study
10/13: Columbus
Day – No Class
10/15: Test #1
Experiment #4b: VHDL
Experiment #4c: Hardware Trojan Attacks
Experiment #4d: HT Trigger and Payload
Presentation & Competition
Due: Assignment
4ab
Due: Assignment
4cd
Experiment #5a: Signal Tab
Experiment #5b: Nios II, Basic Computer, Monitor
Experiment #5c: Bus Snooping Attack
Due: Assignment
5ab
Experiment #5d: Bus Snooping Detect/Protection
Presentation & Competition
Due: Assignment
5cd
Experiment #6a: Physically Unclonable Function (PUF)
Backup
Experiment #6b: PUF
Presentation & Competition
12/8: Self-Study
Test #2
4
Due: Assignment
6ab
5
Related documents
Cleveland State University Department of Electrical Engineering and Computer Science
Cleveland State University Department of Electrical Engineering and Computer Science
Cleveland State University Department of Electrical Engineering and Computer Science
Cleveland State University Department of Electrical Engineering and Computer Science
IST 331 ‑ Modern Database Design and Implementation
IST 331 ‑ Modern Database Design and Implementation
Cleveland State University Department of Electrical Engineering and Computer Science
Cleveland State University Department of Electrical Engineering and Computer Science
Cleveland State University Department of Electrical Engineering and Computer Science
Cleveland State University Department of Electrical Engineering and Computer Science
Syllabus for Fall 2003
Syllabus for Fall 2003
Download
advertisement