Instructor | Announcements | Course Info | Class Material | Schedule | Project | Grade | General Policy | Related Links

 

CmpE 297
Software Security Technologies
Fall 2003
College of Engineering

 

 

Instructor

Richard Sinn
Email: sinn@openloop.com
Office Hours: Before / After class, by appointment or email only

Richard Sinn has been in the pure software industry for over 10 years both as manager and lead developer for projects ranging from IBM operating systems, kernel file system, network computer, Java desktop, IT secure development framework, IBM DB2 database, security and provisioning services.

In 2001, Richard led the development of the first dynamic workflow enabled PKI Certificate Management System (CMS) in the industry. It is a joint project between VeriSign and a Silicon Valley security startup company. There are currently eight patents (six in security technologies, and two in database technologies) pending under Richardís name.

Richard has also been a part-time professor for the past five years teaching at San Jose State University (both Computer Science and Computer Engineering departments) and University of Minnesota.

 

Announcements

Class time:

Thursday, 7:30pm to 9:15pm

Class room:

This is Section 2.

SAL 104

American Language (SAL) building at 384 S. Second Street, Room 104.
Best to park on the street or in the parking facility at 3rd and San Carlos.

 

Aug 3, 2003: Initial creation.

Aug 14, 2003:

Please consider how you set up your evaluation environments - be it homework, on-campus quizzes and exams, to minimize chances of (temptations to) cheating.

In particular:

During tests:

- Make sure there is plenty of space between students.

- Always proctor exams and tests, and preferably by sitting at the back of the room rather than at the front. Do not leave the testing room during the test. If you cannot proctor the class yourself, contact me and I will endeavor to find a proctor for you.

- If the test is closed-book, require all backpacks to be zipped shut, all PDAs, computers and phones to be handed in, and any access to either without explicit proctor permission should be an immediate F in the class.

For homework: We have started using on-line support systems to catch cheaters. So I would very strongly urge you:

- For code assignments: Run them all through MOSS

- For essays etc: Run them all through turnitin.com (SJSU has a site subscription, I have been told.)

- Make sure individual contributions are ensured in team projects. This can be done through various means: Sign-offs, quizzes on the content of common work, etc.

Remember: A grade reflects an evaluation of the individual student's achievements. Your evaluation system has to reflect that objective.

 

Aug 24, 2003:

Registration is at the Computer Engineering Department office, Room ENG-284. Register as off-campus CMPE-297E. Class will be held in SAL-108 (384 South Second Street, Downtown SJ). Lab will be discussed on forum: cmpe297e-fall2003. Class restricted to 25 students, sign-up is on a first-come/first-serve basis.

Students must be present on first night of class and be prepared to pay a course fee of $750. To be assured of getting in the course it is advised that students stop by the department office a fill out the form ahead of time. Off campus courses need a minimum of 20 students to be held.

 

Aug 25, 2003:

Add/Drop to do for instructor:

1) For all classes, count the number of students that intend to enroll in the class or who are already enrolled.

2) If the number is smaller than the class size, hand out permission codes immediately to the students writing themselves into the add-list (which you get at the department office). If it is larger then tell them we'll hand out permission codes from the waiting list within a day or two.

3) If you hand out codes in class then tell the students they have to use the permission code to register within two days, or the night before the next class meeting (whichever comes first, as determined by you).

4) Immediately after class, report the number from (1) above to Sharolene.

 

Course Information

Objectives

Latest corporation challenge is managing software security threats on high speed, high volume mission critical software infrastructure. Building secure software in both the Internet and enterprise network becomes a must in today's world. The objective of this course is to teach you the essentials to build and deploy secure software. Learn how to design and administrate a complete, consistent, correct, and adequate security program.

Topics include:

You must be proficient with Java and J2EE architecture, preferably that you have already taken CMPE 275 or taking concurrently.

Grading

Apart from big term project(s) and presentation, there are homework assignments, a mid-term exam and a final exam. Some exams might be take-home. The weightings for grading are: Term Project(s) 40%, Homework 10%, Midterm 10%, Final Exam 20%, Term Presentation 10%, and Research Paper on selected topics (10%).

No Late Assignment Submission

 

 

Class Material

Lecture Notes

Reading material will be online on this web site before every lecture. Please email sinn@openloop.com if you experience any download problem.

Required Textbook

PKI: Implementing & Managing E-Security by Andrew Nash, Bill Duane, Derek Brink, Celia Joseph. McGraw-Hill Osborne Media; ISBN: 0072131233; (March 27, 2001).

Reference

More will be added as the semester goes

 

Schedule

Introduction

Aug 28, 2003-

  • Add/Drop

    1) For all classes, count the number of students that intend to enroll in the class or who are already enrolled.

2) If the number is smaller than the class size, hand out permission codes immediately to the students writing themselves into the add-list (which you get at the department office). If it is larger then tell them we'll hand out permission codes from the waiting list within a day or two.

3) If you hand out codes in class then tell the students they have to use the permission code to register within two days, or the night before the next class meeting (whichever comes first, as determined by you).

4) Immediately after class, report the number from (1) above to Sharolene.

 

PKI

Sept 4, 2003-:

Sept 11, 2003-:

  • Resume "Side" Homework
  • PKI components:
    • Concept of an Infrastructure
    • CA,
    • Certificate Repository,
    • Cert Revocation,
    • Key Backup and Recovery,
    • Automatic Key update,
    • Key history
    • Cross-Certification
    • Support for Non-Repudiation
    • Time Stamping
    • Client Software

 

September 12, 2003-:

  • Last Day to Drop Courses Without an Entry on Student's Permanent Record

 

Sept 18, 2003-:

  • PKI Services
    • Core PKI Services: Authentication, Integrity, and Confidentiality
    • PKI-Enabled Services
      • Notarization
      • Non-Repudiation
      • Privilege Management
      • Mechanisms Required
      • PKI Practice
  • Homework 1
  • Bring your receipt for enrollment, no audit this semester.

 

September 19, 2003-:

  • Last Day to Add Courses & Register Late

 

Sept 25, 2003-:

Oct 2, 2003-:

  • Java Security Introduction

    • Language-Level Security
    • Invalid Memory Access
    • Garbage Collection
    • Other Language Features
    • JavaTM Virtual Machine-level Security1
    • Java Byte Codes
    • Byte Code Verification
    • Class Loading
    • Runtime Checking
    • Managing Security
    • Access Controller and Permissions
  • Homework 1 Due

 

Java Security Programming Model

Oct 9, 2003-:

Oct 16, 2003-:

 

Oct 23, 2003-:

 

Mid-Term

Oct 30, 2003-:

  • Mid-Term (Take home, no class)
  • Project Part I Due (Use email with one single MS-Word document)

 

E-Commerce with Web Services

Nov 6, 2003-:

Nov 13, 2003-:

  • Web SSO
  • J2EE Overview
  • WebSphere Architecture Overview
  • E-Commerce Topology

 

Nov 20, 2003-:

  • Application Server Configuration
  • Security Issues in Web Services Model
  • E-Commerce Apps
    • Development
    • Packaging
    • Deployment
  • Project Part II Due

 

Nov 27, 2003-:

  • Thanksgiving Holiday

 

Final and Presentation

Dec 4, 2003-:

 

Dec 9, 2003-:

  • Last Day of Instruction for the whole university.

-

 

Term Project

PKI Security System

 

Overflow Topic

PKI

Java

Web Services

Grade

Email sinn@openloop.com to check your grade if necessary.

 

General Policy

The university and departmental policies and deadlines for course drop will be applied. Makeup exams cannot be offered, except under exceptional conditions, such as documented serious illness/accident, etc., and only at the professor's discretion.

Each student is responsible for his/her individual assignment, and must not copy anyone else's work. Students who borrow solutions from others will find themselves unable to pass the course. The minimum penalty for every student involved in the duplication of individual assignments or exams will be receiving a zero score on the submitted work.

For group project, all the work has to be done by your OWN group. Do not try to download "free code" from the Internet and hand in as a project. WE WILL FIND OUT. Do not share your work with others. So DO YOUR OWN WORK and EARN your grade.

 

Related Links

  • Past Class Grading and Info
  • Software Engineering Institute
  • Special Interest Group on Software Engineering (SIGSOFT)
  • IBM San Francisco Project
  • Object Management Group
  • Rational Software Corporation
  • -
Richard's Recent Articles

 

Instructor | Announcements | Course Info | Class Material | Schedule | Project | Grade | General Policy | Related Links