MSIT 458: Information Security and Assurance

Winter 2010

Yan Chen

[NOTE: This website is best viewed with Internet Explorer version 7 or later.]
[Assignment Due Schedule]

I.                 Course description:

The past decade has seen an explosion in the concern for the security of information. This course introduces students to the basic principles and practices of computer and information security.  Focus will be on the software, operating system and network security techniques with detailed analysis of real-world examples. Topics include cryptography, authentication, software and operating system security (e.g., buffer overflow), Internet vulnerability (DoS attacks, viruses/worms, botnets, etc.), intrusion detection systems, firewalls, VPN, Web and wireless network security. 

II.                 Required text and/or other materials:

III.               Reference text and/or other materials:

IV. Required prerequisites or knowledge base

V.                 Rationale for inclusion in MSIT Program:

This course provides students with an extensive understanding of information security management with emphasis on network security.  Whereas other courses provide an overview of the basics of the discipline, information security is simultaneously a technical and managerial discipline with enterprise-wide implications for employees, operations and systems at every level.  For organizations to successfully implement and manage an effective and efficient security program while managing shifting risks associated with interrelated information technology and decision-making employees, contractors, vendors, and suppliers must understand the concepts, technologies and practices of information security and be able to apply them effectively in their own distinctive areas of responsibility.

VI.              Course goal:

VII.            Course Objectives:

Upon successful completion of this course, the student should be able to:

VIII.         Course topics/content (by week):

Week 1 (October 2) [crypto.ppt]
Cryptography symmetric/asymmetric encryption (Stallings Chapters 2, 3 and 9, KPS Chapters 2, 3 and 5)

Week 2 (October 9) [invited.pptx][authentication.ppt]
User authentication and authorization and malcode overview (KPS Chapters 9 and 10)

Week 3 (October 16) [authentication.ppt]
Authentication in distributed systems, and Internet vulnerability: botnets (Stallings Chapter 19)

Week 4 (October 23) [malcode.ppt]
Internet vulnerability: malcode, denial of service (DoS) attacks and Threat Trend (Stallings Ch.18 and 19)

Week 5 (October 30) [invited talk]
Security Policy, Penetration Testing, and Layer 2 Attacks.

Week 6 (November 6) [DoS.ppt] [web.ppt]
DoS Attacks, WWW Security and Defense

Week 7 (November 13) [invited talk][IDS.ppt][snort.ppt]
Intrusion Detection/Prevention Systems (Stallings Chapter 18 and 20)

Week 8 (November 20) [firewalls.ppt] [wirelessSec.ppt] [wirelessSec_compliance.pdf]
Firewalls, Wireless network security, its related compliance, and technology integration.

Week 9 (December 4 morning)[CloudSecurity.pdf] [principle.ppt][bufferOverflow.ppt] [ipsec.ppt]
Cloud Security, Software Security, and IPSec (Stallings Chapters16 and KPS Chapter 17)

Week 10 (December 4 afternoon)
Review of the class and Layered Defense

The lecture notes have incorporated course materials developed by Dan Boneh (Stanford), Wenke Lee (Georgia Tech), David Lie (U Toronto), Aleph One, Vitaly Shmat (UT Austin), Martin Roesch (Sourcefire Inc.), and David Dittrich (University of Washington).

IX. Teaching methods: lectures, paper presentations, debate, project, and homework.

X. Assignments

There will be several group-based homework assignments so that students can reflect on what they learn in each class and try to apply them. In the beginning of each class, I will randomly pick some student(s) to report their answers (and reasoning!) to the homework as warm-up for each class. This will be considered as individual performance in this course.

In addition, students are expected to engage in technical paper reading, making presentations and debate. These papers are carefully selected (with little math!) which can be understood with the basic information security and networking knowledge. There will be three debates with one group as defense and one group as offense. The defense team will make 30-minute presentation on the main idea/techniques of the paper while the offense team will make a 15-minute presentation on the drawbacks/shortcomings of the approach. Then we will discuss and summarize the findings.

All of the assignments, including homework, presentation draft, and paper summaries, are due on Monday midnight of corresponding weeks. For presentation draft, I will give comments on the following Tue or Wed for revision. Presentation groups do not need to submit paper summaries.

Your summary should include at least:

Project: each group will work on a quarter-long project called Information Security in Real Business with the following steps.

  1. Understanding the security requirements in your corporate/organization, using the four cornerstones of secure computing introduced in the class. Please describe the requirement, how your corporate/organization handles that requirement and what remains to be done to fully satisfy that requirement. The requirement does not need to be restricted to a technical one, but can be related to legal, business, social, or anything to do with information security.

    This is required for each student. In the submission, please also give suggestions on the current syllabus, e.g., important topics which are currently missing, interesting extra teaching materials that you are aware of, etc. I will try to make adjustment based on the suggestions. The suggestion part is optional. It will not affect your grade if you don't have any.

  2. Based on the requirements, pick one problem that most of your group members have interest in, and it is not yet well solved in your corporate/organization. If you are uncomfortable talking about your employers security practices, you can anonymize the name or use a hypothetical case but reflects the real problems in industry. Formulate a security problem and do some research on the related work. Please show why this problem is a general one that comes across multiple industry/education/government sectors. Each group is expected to give a short presentation (5 minute) to seek synergy and early feedback from other students and the instructor (maximal another 5 minutes for each group) in week 5.

  3. Then please analyze the pros and cons on the existing work, and propose a solution to the problem you formulated, by either adopting existing solutions, or propose something new. Please be specific on how you will implement or have implemented the solutions, the cost/risk analysis, feasibility analysis, business/legal consequence, how this solution will fit different corporate context, like industry, education, government, etc. Each group is expected to give a final project presentation in the class of week 10. The presentation is expected to be 15 minutes plus 3 minutes Q&A. But we can have Q&A mingled w/ the presentation, i.e., each team has 18 minutes, excluding the switch time.
    You are also expected to submit a project report similar to a workshop paper (5-6 pages, with no larger than 11 point font, at most 1 inch margin, and single spacing. Double column is preferred though single column is OK.)

XI. Grading criteria

XII.Instructor profile

Yan Chen is an Associate Professor in the Department of Electrical Engineering and Computer Science at Northwestern University. He got his Ph.D. in Computer Science from the University of California at Berkeley in 2003. He has over ten years of experience in network security, network and distributed system measurement and diagnosis, for both wired and wireless networks. He won the Department of Energy (DOE) Early CAREER award in 2005, the DoD (Air Force of Scientific Research) Young Investigator Award in 2007, and the Microsoft Trustworthy Computing Awards in 2004 and 2005 with his colleagues. His research is also sponsored by National Science Foundation (NSF) and Motorola. In addition to the industry sponsors, he has widely collaborated with industry researchers from Microsoft, AT&T, Motorola, Yahoo, Keynote, and the Internet Storm Center of the SANS (SysAdmin, Audit, Network, Security) Institute. According to Google Scholar, his papers have been cited for more than 3,000 times. He has also offered security consulting services to several companies.

He started several security courses at Northwestern University, including the EECS 350 Introduction to Computer Security, EECS 354 Network Penetration and Security, and EECS 450 Internet Security. He was awarded as a Searle Junior Fellow by the Searle Center for Teaching Excellence of Northwestern University in 2004.