Instructor | Announcements | Course Info | Class Material | Schedule | Project | Grade | General Policy | Related Links

 

CmpE 297
Software Security Technologies
Spring 2004
College of Engineering

 

 

Instructor

Richard Sinn
Email: sinn@openloop.com
Office Hours: Before / After class, by appointment or email only

Richard Sinn has been in the pure software industry for over 10 years both as manager and lead developer for projects ranging from IBM operating systems, kernel file system, network computer, Java desktop, IT secure development framework, IBM DB2 database, security and provisioning services.

In 2001, Richard led the development of the first dynamic workflow enabled PKI Certificate Management System (CMS) in the industry. It is a joint project between VeriSign and a Silicon Valley security startup company. There are currently eight patents (six in security technologies, and two in database technologies) pending under Richardís name.

Richard has also been a part-time professor for the past five years teaching at San Jose State University (both Computer Science and Computer Engineering departments) and University of Minnesota.

 

Announcements

Class time:

Thursday, 7:30pm to 9:15pm

Class room:

This is Section 2.

ENG 341

American Language (SAL) building at 384 S. Second Street, Room 104.
Best to park on the street or in the parking facility at 3rd and San Carlos.

 

Dec 26, 2003: Initial creation.

Environment

Please consider how you set up your evaluation environments - be it homework, on-campus quizzes and exams, to minimize chances of (temptations to) cheating.

In particular:

During tests:

- Make sure there is plenty of space between students.

- Always proctor exams and tests, and preferably by sitting at the back of the room rather than at the front. Do not leave the testing room during the test. If you cannot proctor the class yourself, contact me and I will endeavor to find a proctor for you.

- If the test is closed-book, require all backpacks to be zipped shut, all PDAs, computers and phones to be handed in, and any access to either without explicit proctor permission should be an immediate F in the class.

For homework: We have started using on-line support systems to catch cheaters. So I would very strongly urge you:

- For code assignments: Run them all through MOSS

- For essays etc: Run them all through turnitin.com (SJSU has a site subscription, I have been told.)

- Make sure individual contributions are ensured in team projects. This can be done through various means: Sign-offs, quizzes on the content of common work, etc.

Remember: A grade reflects an evaluation of the individual student's achievements. Your evaluation system has to reflect that objective.

 

Registration

Registration is at the Computer Engineering Department office, Room ENG-284. Register as off-campus CMPE-297E. Class will be held in SAL-108 (384 South Second Street, Downtown SJ). Lab will be discussed on forum: cmpe297e-fall2003. Class restricted to 25 students, sign-up is on a first-come/first-serve basis.

Students must be present on first night of class and be prepared to pay a course fee of $750. To be assured of getting in the course it is advised that students stop by the department office a fill out the form ahead of time. Off campus courses need a minimum of 20 students to be held.

 

Add/Drop to do for instructor:

1) For all classes, count the number of students that intend to enroll in the class or who are already enrolled.

2) If the number is smaller than the class size, hand out permission codes immediately to the students writing themselves into the add-list (which you get at the department office). If it is larger then tell them we'll hand out permission codes from the waiting list within a day or two.

3) If you hand out codes in class then tell the students they have to use the permission code to register within two days, or the night before the next class meeting (whichever comes first, as determined by you).

4) Immediately after class, report the number from (1) above to Sharolene.

 

Course Information

Objectives

Latest corporation challenge is managing software security threats on high speed, high volume mission critical software infrastructure. Building secure software in both the Internet and enterprise network becomes a must in today's world. The objective of this course is to teach you the essentials to build and deploy secure software. Learn how to design and administrate a complete, consistent, correct, and adequate security program.

Topics include:

 

Grading

Apart from big term project(s) and presentation, there are homework assignments, a mid-term exam and a final exam. Some exams might be take-home. The weightings for grading are: Term Project(s) 40%, Homework 20%, Midterm 10%, Final Exam 20%, and Term Presentation 10%.

No Late Assignment Submission

 

 

Class Material

Lecture Notes

Reading material will be online on this web site before every lecture. Please email sinn@openloop.com if you experience any download problem.

 

Reference

More will be added as the semester goes

 

Schedule

Introduction

Jan 29, 2004-Thu

  • Add/Drop

    1) For all classes, count the number of students that intend to enroll in the class or who are already enrolled.

2) If the number is smaller than the class size, hand out permission codes immediately to the students writing themselves into the add-list (which you get at the department office). If it is larger then tell them we'll hand out permission codes from the waiting list within a day or two.

3) If you hand out codes in class then tell the students they have to use the permission code to register within two days, or the night before the next class meeting (whichever comes first, as determined by you).

4) Immediately after class, report the number from (1) above to Sharolene.

 

PKI

Feb 5, 2004-Thu:

Feb 12, 2004-Thu:

  • PKI components:
    • Concept of an Infrastructure
    • CA,
    • Certificate Repository,
    • Cert Revocation,
    • Key Backup and Recovery,
    • Automatic Key update,
    • Key history
    • Cross-Certification
    • Support for Non-Repudiation
    • Time Stamping
    • Client Software

 

Feb 17, 2004:

  • Last Day to Drop Courses Without an Entry on Student's Permanent Record

 

Feb 19, 2004-Thu:

  • PKI Services
    • Core PKI Services: Authentication, Integrity, and Confidentiality
    • PKI-Enabled Services
      • Notarization
      • Non-Repudiation
      • Privilege Management
      • Mechanisms Required
      • PKI Practice
  • Homework 1
  • Bring your receipt for enrollment, no audit this semester.

 

Feb 24, 2004:

  • Last Day to Add Courses & Register Late

 

Feb 26, 2004-:

 

Mar 4, 2004-Thu:

 

Java Security Programming Model

Mar 11, 2004-Thu:

 

Mar 18, 2004-Thu:

  • Mid-term (Take home, no class)

 

Mar 25, 2004-Thu:

  • Mid-term Due
  • Project Part I Due
  • LDAP Introduction
  • Client/Server Introduction

 

March 29 - April 2: Spring Break

 

Apr 8, 2004-Thu:

 

E-Commerce with Web Services

Apr 15, 2004-Thu:

  • Homework 4 Due (Optional, Extra Credit)
  • Java signature generation and verification
  • Web SSO (Notes cannot be posted)

 

Apr 22, 2004-Thu:

 

Apr 29, 2004-Thu:

  • Application Server Configuration
  • Security Issues in Web Services Model
  • Final Project Info (MUST READ)
  • E-Commerce Apps
    • Development
    • Packaging
    • Deployment

 

Final and Presentation

May 6, 2004-Thu:

 

May 13, 2004-Thu:

 

May 18, 2004-:

  • Last Day of Instruction for the whole university.

-

 

Term Project

PKI Certificate and Encryption Service Center

 

Overflow Topic

PKI

Java

Web Services

Grade

Email sinn@openloop.com to check your grade if necessary.

 

General Policy

The university and departmental policies and deadlines for course drop will be applied. Makeup exams cannot be offered, except under exceptional conditions, such as documented serious illness/accident, etc., and only at the professor's discretion.

Each student is responsible for his/her individual assignment, and must not copy anyone else's work. Students who borrow solutions from others will find themselves unable to pass the course. The minimum penalty for every student involved in the duplication of individual assignments or exams will be receiving a zero score on the submitted work.

For group project, all the work has to be done by your OWN group. Do not try to download "free code" from the Internet and hand in as a project. WE WILL FIND OUT. Do not share your work with others. So DO YOUR OWN WORK and EARN your grade.

 

Related Links

  • Past Class Grading and Info
  • Software Engineering Institute
  • Special Interest Group on Software Engineering (SIGSOFT)
  • IBM San Francisco Project
  • Object Management Group
  • Rational Software Corporation
  • -
Richard's Recent Articles

 

Instructor | Announcements | Course Info | Class Material | Schedule | Project | Grade | General Policy | Related Links