CSE 7338 Course Syllabus

Fall 2014, F 12pm-4pm, Raytheon Garland

(Syllabus also available in PDF form.)

Instructor Information

Tyler Moore

Email: tylerm@smu.edu

Phone: 214-768-3716

Office: Caruth Hall Rm. 439

Office Hours: by appointment

Email Hours: I strive to respond to course-related emails within 24 hours on weekdays. Inevitably I may overlook some messages; if more than 24 hours has passed, feel free to send me a reminder.

Course Description

Summary

Introduces economics as a tool for understanding and managing information security. Reviews key information security challenges and technologies in order to reason about the topics economically. Students are introduced to techniques of analytic and empirical modeling. Economic concepts reviewed include rationality, markets, and information. Presents models and metrics of security investment, along with cost-benefit analysis techniques, and techniques for empirical investigation and measurement of cybercrime. Security games are designed to capture the strategic interaction between defenders, as well as between attacker and defenders. Implications for public policy are discussed.

Prerequisites

This course requires a background in computer science, engineering or economics. Students with a background in computer science should have taken CSE 3353 "Fundamentals of Algorithms" or its equivalent.

Learning Outcomes

Upon completing this course, students should be able to:

Here are the more general ABET student outomes by which students are evaluated:

The course is organized roughly into five components.

  1. Introduction: We start by introducing key concepts from information security and economics.
  2. Security metrics and investment: We discuss standard models and metrics of security investment, along with their limitations.
  3. Measuring cybercrime: We learn about the state of the art in cybercrime and its flourishing underground economy, followed by a discussion of techniques for collecting and analyzing data on information security topics.
  4. Security games: We introduce game theory and discuss ways to model the strategic interaction of defenders and attackers in information security applications.
  5. Policy options: We discuss available economic tools for improving information security, including cyber insurance/risk transfer, information sharing, and liability assignment.

Covering the first four topics may take more time than anticipated, in which case the last topic will be abbreviated. See the schedule for up-to-date details and reading assignments. Please note that the schedule and topics will most likely be revised during the semester.

Textbook

There is no textbook for the course. Readings are assigned from lecture notes co-authored by Rainer Böhme and myself, as well as from relevant academic papers.

Online resources

The course website is located at http://lyle.smu.edu/~tylerm/courses/econsec/. Course announcements will be made via Blackboard.

Screencasts describing interactions with security datasets in R will be posted on my YouTube channel.

Coursework

Unless otherwise stated, coursework is due at 12pm on the due date.

Assignments

There are 5 assignments, each equally weighted. Assignments will be posted on the schedule in due course.

Project

The final project will be on a topic selected by the students. Students are strongly encouraged to work in pairs. Full details on the project can be found here.

Exams

There is one midterm and one comprehensive final exam. The purpose of the exam is to assess the economics and information security concepts covered in the course, particularly those not covered by the homework assignments.

The midterm exam is scheduled to be given on October 3, and the final exam will be held Saturday, December 5, from 8-11am.

Evaluating Student Performance

Grade Distribution

I use standard percentage cut-offs when determining letter grades (e.g., [93-100] is an A, [90-93) is an A-, [87-90) is a B+, etc.). I do not use a curve in assigning grades, as I believe grading on a curve discourages collaboration among students. Occasionally, though, a particular assignment may be too difficult and so I reserve the right to adjust the score appropriately.

In order to reward progress in learning that occurs over the course of the semester, I will let students replace their lowest score on an assignment with their score on the final exam, provided that the final exam grade is higher than the lowest-graded assignment. For example, suppose you make an 82%, 88%, 90%, and 92% on the homework assignments and receive an 89% on the final exam. The 82% assignment grade is replaced by 89%, and the final exam is also treated as 89%.

Attendance and Participation Policy

I expect you to attend classes and participate in class discussions. Chronically missing class is not acceptable, and I reserve the right to penalize the course grade or academically withdraw students in the event of persistent absence.

I also expect that you will keep up with the reading.

Late Work

The assignments are designed to prepare you for tasks on the course project, and often build on concepts introduced in earlier assignments. Consequently, it is essential that you do not fall too far behind. As a result, assignments and project tasks really are due at the time stated in the course schedule.

There are three exceptions to this policy. First, if you have an emergency (e.g., serious illness, death in the family), please let me know as soon as possible so we can work out an accommodation.

The second exception to the strict deadline policy is for unforeseen circumstances that affect everyone: the power goes out on campus two hours before an assignment is due, for example. In this case, I will extend the deadline in a reasonable manner (e.g., extend by 24 hours after power is restored). I will post an announcement to Blackboard if such a circumstance arises.

Finally, students are given 4 lateness coupons for assignments (but not exams or the final project) for use throughout the semester, with one coupon equal to a 24-hour extension, rounded up to midnight. For example, for an assignment due on Friday at noon, one lateness coupon extends the deadline to 11:59pm Saturday night.

To redeem a lateness coupon, you must send an email to tylerm@smu.edu with subject "Lateness coupon" BEFORE the assignment is due. In the body of the email please let me know how many coupons you wish to redeem. Note that coupons are not transferable between students.

Late assignments must be turned in by email to as a scanned PDF attachement.

Collaboration and Attribution

I encourage collaboration between students on assignments and when studying. Collaboration is an essential skill for engineering, not to mention life in general. Unless I say otherwise, feel free to discuss assignments and the project with your classmates, including ideas for how to solve problems. Please do not, however, share code, equations, or written answers that solve an assignment directly with other students. Solutions to homeworks should be written from scratch and must not be pieced together from other students.

If you work with another student on assignments, you must turn in a single copy with both students' names.

It is also important to give credit to others when appropriate. If you implement an idea that you got from another student (or students), please say so. Furthermore, if you consult a web resource that directly assists you, please say so. As a reminder, it is also not acceptable to copy code or equations directly from a web resource that solves a problem on an assignment.

Policy on Academic Dishonesty

The SMU Honor Code defines cheating, plagiarism and facilitating academic dishonesty here:

http://smu.edu/studentlife/studenthandbook/PCL_05_HC.asp

Any student found doing any of the aforementioned activities will receive a failing grade in the course. Note that this includes copying code or writing from the Internet or other resources without attribution. I also reserve the right to refer the case to the Honor Council.

Extra Credit

It is my policy to not offer extra credit assignments on a per-student basis. To ensure fairness, extra credit may only be offered to all students, and would most likely take the form of a modest reward for attending an optional lecture, not an extra assignment.

Special Needs

Disability Accommodations

Students needing academic accommodations for a disability must first be registered with Disability Accommodations & Success Strategies (DASS) to verify the disability and to establish eligibility for accommodations. Students may call 214-768-1470 or visit http://www.smu.edu/alec/dass to begin the process. Once registered, students should then schedule an appointment with the professor to make appropriate arrangements.

Religious Observance

Religiously observant students wishing to be absent on holidays that require missing class should notify their professors in writing at the beginning of the semester, and should discuss with them, in advance, acceptable ways of making up any work missed because of the absence.  (See University Policy No. 1.9 for details.)

University Extracurricular Activities

Students participating in an officially sanctioned, scheduled University extracurricular activity should be given the opportunity to make up class assignments or other graded assignments missed as a result of their participation. It is the responsibility of the student to make arrangements with the instructor prior to any missed scheduled examination or other missed assignment for making up the work.    (See the University Undergraduate Catalog for details.)

Disclaimer

Please note that this syllabus is subject to change. Any changes to the syllabus will be announced via Blackboard and displayed on the course website.