Personal tools
securitycourse.html

Computers, Security, and Ethics
Fall 97, University of Illinois
Students can go directly to our password-protected site: http://wsi-www1.cso.uiuc.edu/courses/CS397
Credit for CS 397:
Credit for graduates: 1/2 unit
Credit for undergraduates: 2 hours
Schedule: 1:00 p.m - 2:30 p.m. on Thursdays
Location:
- UIUC campus: 423 Engineering Hall
UIS campus: BRK 141A
Instructors and Media Support:
Keith Miller, Associate
Professor, UIS, Computer Science
Marsha Woodbury,
Director of Information Technology, UIUC, Graduate School of Library
and Information Science
Larry Dale, Director, UIS Media Services and Instruction
Purpose:
This course is designed to acquaint students with electronic privacy, security and ethics. The course provides a balance between technical issues, such as security holes in software, and underlying issues, such as why we have email, and what would be a reasonable model for privacy and security of email in a particular organization. The emphasis is not on the more immediate, colorful issues, such a hacker cracking into a system. Rather, the course also explores the grayer areas: Is the acceptable use policy thoughtfully written? Can a policy work without destroying staff morale?
At the end of the course, students can expect to know the basic concept of "ethics," the definition of "security," and how that varies, and the limits of technology. Students will learn about real and potential security issues, and steps that can be taken to create environments of trust.
Prerequisites:
Students should have experience in using computers in a variety
of environments. Those students who are not computer science
majors should have an understanding of basic computer architecture,
basic networking terminology, and some familiarity with UNIX.
Students will not be expected to have expertise at system administration,
or to be programmers.
Introduction to the Course:
This class is a cooperative effort between faculty, students,
and staff at UIS, UIUC, and involves experts from other institutions
and the private sector:
- The course is team taught by Dr. Marsha Woodbury of UIUC and Dr. Keith Miller of UIS. Larry Dale of UIS is coordinating the media for course delivery.
- UIUC, UIS, and UI Central administration are all contributing resources for the class. On the UIUC campus, the Graduate School of Library and Information Science is cooperating with the Computer Science Department and the Office of Extramural Instruction.
- Outside experts in computer security and computer ethics are participating: Deborah Johnson from RPI, Gene Spafford from Purdue, and Jeff Voas from Reliable Software Technologies.
- Students will contribute by presenting their projects during the semester. Each student will develop a topic in the form of a WWW site, and will present that topic to the class.
Textbook: (On order at the IU Bookstore--should be in stock by Sept. 7 or 12)
The NCSA Guide to Enterprise Security, by Michel E. Kabay (1996) McGraw-Hill.
This book includes case studies and discussions of key threats and vulnerabilities of information systems. It also describes strategies for organizing both precautions and responses.
Supplementary text:
Who Owns Information? From Privacy to Public Access,
by Anne Wells Branscomb
(1994) New York, NY: BasicBooks
Class Schedule and Format:
The class schedule is given below in terms of weeks. The class will meet every Thursday for 90 minutes. The first class will be taught twice:
August 28th at UIS and
September 4 at UIUC.
UIS classes start on August 28th, a week before UIUC. UIS has
off the next Thursday, September 4, when UIUC starts.
The subsequent classes will continue once a week, simultaneously
at UIS and UIUC via interactive compressed video. Most weeks Dr. Woodbury
will be at UIUC and Dr. Miller will be at UIS, both Dr. Woodbury will visit
UIS and Dr. Miller will visit UIUC at least once during the semester.
A significant portion of the class will be done asynchronously
via the WWW.
WEEK # TOPIC
- Fundamental technical details of computer security
- Ground rules for productivite ethical deliberation
- "Ethical slips"
- Encryption: costs and benefits for computers; costs and benefits for society
- JAVA: security features; marketing points; who is responsible for what?
- Viruses and worms: motivations and mechinizations
- Practical tips--Broader meanings for the word "security"
- The Robert Morris case: technical details are clues to human values
/The Hare virus: virtual hysteria and media involvement- Bad technical choices lead to insecurity: the year 2000 problem
- Computer passwords: convenience vs. safety
- Privacy and security: intersections
- The gender gap in computer crime
- Who makes money from computer security?
- Computer security policies at the University of Illinois: an analysis
- International aspects of computer security
- Addiction or lifestyle choice? computer cracking
- "Ethical slips"
Graded Work:
Continuous active participation is crucial to successfully completing
this course.
Each student will be responsible for developing one topic for
the class. The topic will be selected by the student, in consultation
with one of the class instructors (Dr. Woodbury or Dr. Miller).
One possible topic for computer science students will be to explain
a technical issue in some depth using terminology and concepts
accessible to the whole class. Once the topic is approved, the
student will produce the following:
- A web page available to the class on the selected topic. This should include an introduction written by the student and references both to print and Internet resources related to the topic.
- A written examination of an ethical issue related to a technical aspect of the topic. This is a short paper (4-10 printed pages), also available through the student's web page (see previous point).
- A 20 minute class presentation about the topic. This can include lecture, class discussion, and perhaps a case study exercise for the class. This presentation will be scheduled as part of the interactive TV class time, and will be video taped. See: schedule of presentations.
Students will be graded as follows:
40%: Class Participation (including weekly interactive worksheets on the Web)
- Participation is evaluated according to the
quality of what students say in class and post to
the class bulletin board.
That is, a positive contribution should:
be thoughtful or original or both, and show knowledge of the
class reading assignments, building on the discussion.
30%: Web page on the student's topic, including the short paper
90-100%: A; 80-89%: B; 70-79%: C; and so on.
If you have a learning disability, please see the links to the Division of Rehabilitation Education Services. The instructors will work with you to be certain that you have full and equal access to this course.
Other Resources:
Here are a few additional Internet resources for computer security and computer ethics. This list will be expanded by students, instructors, and the consultants during the semester.
- Ben Gross' Compilation
- Security and Cryptography and Privacy links.
- Conference on Computer Assurance
- Bridging the gap between theory and practice
- Computer Crime Research Resources
- Computer Professionals for Social Responsibility
- Current issues, archival information, activist group
- NIST Computer Security Resource Clearinghouse
- Ethical Dilemmas in Computing Discussion Forum
- Web Clearinghouse for Engineering and Computing Ethics
- From North Carlolina University's Division of Multidisciplinary Studies
- Information System Security
- John Isenhour's outline for class presentations.
- Information Systems Ethics: Computer Ethics - Cyberethics
- Helpful to researchers and educators
- The Tavani Bibliography of Computing, Ethics, and Social Responsibility
- Also available in print form from CPSR - cpsr@cpsr.org
- Philosophy of the GNU Project
- Free Software Foundation
- EFF "Intellectual Property Online: Patent, Trademark, Copyright" Archive
- DigiCash site
- Ecash information
- Who's watching you browse?
- Every time you visit a site, you leave a calling card...
- Johnson article "Good Fences"
- Randal L. Schwartz page
- Computer hacker
- Techweb's site
- Everything about security measures
- Information Ethics
- WWW Resources for Professor Kevin Bowyer's Ethics & Computing Course
- Security and Cryptography and Privacy links.
Role of Outside Experts:
- The outside experts will participate in the asynchronous part of the course, adding their insights and knowledge to the discussion. They will be available to guide students in completing class projects, in answering questions that arise in class, and directing our attention to the deeper implications of security practice. In a field that is changing very rapidly, having experts on hand is more valuable than printed texts, which quickly become obsolete.
Created before October 2004