General Information
Instructor
Matt Bishop
Email: [email protected]
Office: 2209 Watershed Sciences
Phone: (530) 752-8060
Office Hours: MWF 2:10pm–3:00pm
Teaching Assistant
Tina Mashhour
Email: [email protected]
Office:(Tuesday) 53 Kemper Hall; (Thursday) 55 Kemper Hall
Office Hours: TuTh 9:30am–11:00am
Lectures
MWF 4:10pm–5:00pm in 6 Wellman
Discussion Sections
ECS 153-A01: T 2:10pm–3:00pm in 1 Wellman
ECS 153-A02: W 5:10pm–6:00pm in 147 Olson0.
Course Outline
Introduce principles, mechanisms, and implementations of computer security; learn how attacks work, how to defend against them, and how to design systems to withstand them
Course Goals
Some goals we hope you achieve:
- learn about security in the UNIX system and programming environments;
- learn how to attack a system, and to defend it by analyzing the system for vulnerabilities and ameliorating those problems;
- understand the strengths, and weaknesses of cryptography as a tool of security;
- learn how access to systems, resources, and data can be controlled;
- learn the basics of writing security-related programs; and
- learn about security in networks.
Prerequisite
The prerequisites for this course are ECS 150, Operating Systems, and ECS 152A, Computer Networks. Students who have not taken these courses are at a serious disadvantage in this class, and will be dropped unless the instructor approves them taking the class. To make your case, please complete a Missing Prerequisite Form\footnote{http://engineering.ucdavis.edu/wp-content/uploads/2013/07/Missing_Prerequisite_Documentation_Form.pdf} and give it to the instructor. On this form, state which prerequisite(s) you are missing and why it (they) should be waived.
Text
M. Bishop, Computer Security: Art and Science, Addison-Wesley, Boston, MA (2003). ISBN 0-201-44099-7.
Some updated chapters will be made available on the campus learning management system, Canvas.
Before Each Class
Please do the readings for each class period before the class. We will discuss material from the readings, and if you haven’t done the readings, you might have trouble following along!
Class Web Site
The class web site is on Canvas.
To access it, go to http://canvas.ucdavis.edu and log in using your campus login and password.
Then go to ECS 153 in your schedule.
Announcements, assignments, handouts, and grades will be posted there,
and you must submit assignments there. The alternate web site,
http://nob.cs.ucdavis.edu/classes/ecs153-2016-04
has everything except grades, and you cannot submit work there.
Computers
All registered students have been given an account on the computer science instructional machines in the basement (the Computer Science Instructional Facility, CSIF). You are also welcome to use your own laptops or desktops, but any programs you turn in will be graded on the CSIF systems. So, be sure they run on the CSIF!
Homework
For written homework, please turn in PDF or text files; we will not accept files in other formats (specifically, no DOC or ODT files allowed). As we grade these on a variety of systems, other formats may not print correctly, in which case we will be unable to grade them correctly. All homework is due at 11:55pm on the date stated on the homework, unless otherwise specified. The handout All About Homework discusses homework.
Laboratory Exercises
These exercises will cover handling attacks and programming. The labs involving attacks will require the use of VirtualBox, which is available for free from Oracle at https://www.virtualbox.org/wiki/Downloads. You are free to run it on any system you can; the exercises will be done using virtual machines with specific configurations. The labs involving programs will require you to write programs. They must work on the CSIF systems, as that is where we will grade them. The handout All About Programs discusses programs.
Extra Credit
Extra credit is tallied separately from regular scores.
It counts in your favor if you end up on a borderline between two grades at the end of the course. But, not doing extra credit will never be counted against you,
because grades are assigned on the basis of regular scores.
You should do extra credit if you find it interesting and think that it might teach you something.
Remember, though, it is not wise to skimp on the regular assignment in order to do extra credit!
Exams
Midterm: to be arranged (in class)
Final: Thursday, December 8 at 8:00am–10:00am in 6 Wellman
No early or late exam will be given; if you miss an exam for medical reasons (you must document this; no other excuses are acceptable), you may be allowed or required to take a make-up exam, or the other parts of the course will be counted proportionally more (the choice is the instructor’s). In particular, forgetting the time or place of an exam is not an excuse for missing it!
Grading
Homework | | 25% |
Lab Exercise | | 25% |
Midterm Exam | | 25% |
Final Exam | | 25% |
Academic Integrity
The UC Davis Code of Academic Conduct, available at http://sja.ucdavis.edu/cac.html, applies to this class. In particular, for this course, all work submitted for credit must be your own. You may discuss your assignments with classmates, with the instructor, or with the teaching assistant in the course to get ideas or a critique of your ideas, but the ideas and words you submit must be your own. Unless explicitly stated otherwise, collaboration is considered cheating and will be dealt with accordingly.
Be sure to read the description of plagiarism in the Code of Conduct. In this class, as in every class at the University, plagiarism is absolutely forbidden.
For written homework, you must write up your own solutions and may neither read nor copy another student’s solutions.
For programs, you must create and type in your own code and document it yourself. Note that you are free to seek help while debugging a program once it is written.
A good analogy between appropriate discussion and inappropriate collaboration is the following: you and a fellow student work for competing software companies developing different products to meet a given specification. You and your competitor might choose to discuss product specifications and general techniques employed in your products, but you certainly would not discuss or exchange proprietary information revealing details of your products. Ask the instructor for clarification beforehand if the above rules are not clear.