INFS 767: SECURE ELECTRONIC COMMERCE

Professor Ravi Sandhu

Fall 2002, Thursday 4:30pm - 7:10pm, Robinson B113

www.profsandhu.com/infs767

Important Notice:

• 12/09/02: Assignment 2 and final answers are received from all students. No confirmation to individual!
• 12/5/02: Due to cancellation of class today, final examination and assignment 2 should be submitted via email to sandhu@gmu.edu by 5pm Friday Dec 6th. Due to volume of submissions no acknowledgement will be provided. A list of missing submissions will be posted on Friday evening. Hardcopy can be submitted on Friday until 5pm in my office. If I am not in office please slide the submission under my door.

• 11/27/02: FINAL CLARIFICATION: Questions 2, 3 and 4 definitely go beyond the lectures and slides. You are not likely to find the answers in the slides, papers or what I said in class. You need to think it through.

• 11/26/02: Clarifications to the final examination have been posted at the original site.

• 11/23/02: The final examination has been posted here.

• 11/15/02: If you'd like to please email your comments on the paper "PKI: It's Not Dead, Just Resting", by Peter Gutman to the author at pgut001@cs.auckland.ac.nz. If you'd like your comments to be annonymous please email to me at sandhu@gmu.edu and I will forward.

• 11/15/02: Assignment 1 and mid-term 1 have been returned. Only three grades were given for assignment 1: 29, 30 and 31. For mid-term 1: high score is 59/60, low score is 35/60, average is 50/60.

• 10/26/02: Assignment 2 has been posted here

• 10/18/02: Clarification to the mid term examination have been posted in red on the original mid term page here.

• 10/11/02: The mid term examination has been posted here.

• 10/3/02: There will be a class meeting on Oct 17th to address questions concerning the mid-term and anything else.
  The final examination will also be take-home. Please see schedule for dates.

• 9/30/02: We will have a review session on Oct 10. Original Oct 10 lecture is rescheduled for after the first mid-term examination.
  First mid-term examination will be take-home. Will be posted on the web soon after Oct 10 class. Will be due in class on Oct 24.

• 8/31/02: Lectures 4 through 7 have been posted.
• The course is closed and over-subscribed. No force-adds will be provided.
• Please do not sign up for this course unless you have COMPLETED one of INFS 762 or INFS 766.
  • There are NO exceptions to this prerequisite. SORRY!
  • Concurrent enrollment in INFS 762 is not sufficient.
  • If you ignore this prerequisite you are likely to have difficulty with the material and unlikely to get sympathy from me.
  • If you cannot take INFS 767 for the Information Security Certificate, I recommend ECE 646 in Fall 2002.
• This is a tough course with high expectations of the students. Be prepared to be self-reliant and don't let yourself get surprised.
  • We cover a lot of advanced material, without any text book.
  • The source material is mostly research papers that are quite demanding.
  • The examination and assignments require deep understanding of the material, critical thinking and the ability to write crisply and critically.
  • It is my policy to assign open-ended questions to which I do not know the answers. There are no "right" answers. The point is to present your answer convincingly.
• Look forward to an exciting course!

Course Prerequisites:    

• Must have completed INFS 762 or INFS 766. Concurrent enrollment in INFS 762 is not sufficient.
• Must be familiar with Discrete mathematics and Formal notation (such as INFS 501).
• Must be internet, web, pdf (get Acrobat Reader here) and postscript (get GSview here) capable.
• Must know how to access ACM, IEEE and any other digital libraries available to the GMU community. On-campus and off-campus access to these libraries is available to all GMU students. Links are conveniently available at University Libraries -- Database Wizard
• No assistance beyond the web links above will be provided on these basic Internet capabilities.
• There are NO exceptions to these prerequisites. SORRY!

Grading Policy:

• There are two examinations: one mid-term and one final. The final is based on the post mid-term material.
• Examinations are take-home.
• There are no make-up examinations. SORRY! Please plan your schedule carefully.
• There are two assignments due with the examination. Each assignment requires you to write a brief critique of each of a set of assigned papers.
• Grades will be "curved" based on overall class performance.
• Each examination and assignment has 25% weightage.
• Due to size of the class it will take some time to grade the first midterm examination and assignment. Do not expect a quick turnaround.

Policy for Assignments:    

• Should be submitted in hard copy (unless otherwise specified) on due date.
• You must write the answer yourself without ANY discussion with anyone else.
• Provide a signed statement with your submission stating, I have not given help or taken help from anyone on this assignment.

Lecture notes and readings:    

• Copies of lectures slides are provided on the class web page.
• In my lectures I will usually cover more material than provided on the slides. I may also skip over some of the slides. The slides are merely a guideline for the lecture.
• Missing a lecture is likely to be costly. SORRY!
• In most cases lectures are supported by papers from the literature.

Schedule:    

• Aug-29-02: Cryptography review. Slides 2/page | Slides 6/page || Assignment 1 (due Oct-24-02 in class)
• Sep-5-02: SSL, PKI and Trust Slides part I 2/page | Slides part I 6/page | Slides part II 2/page | Slides part II 6/page | Papers
• Sep-12-02: Password-Enabled PKI: Virtual Smartcards versus Virtual Soft Tokens. Slides PowerPoint | Paper
• Sep-19-02: Access Control: DAC and MAC. Slides 2/page | Slides 6/page | Paper I | Paper II
• Sep-26-02: Role-Based Access Control (RBAC): RBAC96 model. Slides Part I 2/page | Slides Part I 6/page | Slides Part II 2/page | Slides Part II 6/page | Paper I | Paper II
• Oct-3-02: Administration of RBAC. Slides Part I 2/page | Slides Part I 6/page | Slides Part II 2/page | Slides Part II 6/page | Paper I | Paper II
• Oct-10-02: REVIEW FOR MID-TERM 1.
  Mid-term 1 has been posted here on Oct 11, 2002. It is due in class on Oct 24, 2002.
  
• Oct-17-02: There will be a class meeting to address questions concerning the mid-term and anything else.
• Oct-24-02: Mid-term 1 due in class. || Assignment 1 due in class. || Assignment 2 posted on 10/26/02
  RBAC implementation. Slides 2/page | Slides 6/page | Paper1 | Paper2 | Paper3 | Paper4
• Oct-31-02: Password-based protocols. Slides 2/page | Slides 6/page
• Nov-7-02: No lecture. Use time to work on assignment 2.
• Nov-14-02: Multi-server password-based protocols. Slides 2/page | Slides 6/page
  Paper: W. Ford & B. Kaliski, Server-Assisted Generation of a Strong Secret from a Password, Proceedings of the IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, NIST, Gaithersburg MD, June 14-16, 2000.
• Nov-21-02: Secrity architectures for controlled information dissemination. Slides 2/page | Slides 6/page | Paper
  Final examination has been posted here on Nov 23, 2002. It is due in class on Dec 5, 2002.
• Nov-28-02: No lecture. Thanksgiving.
• Dec-5-02: Final examination due in class. || Assignment 2 due in class.

Archives: INFS 767 Fall 2001 | INFS 767 Fall 2000 | INFS 767 Fall 1999