Computers, Security, and Ethics

Fall 97, University of Illinois

Computer Science 397 -- Call Number 08357
Students can go directly to our password-protected site: http://wsi-www1.cso.uiuc.edu/courses/CS397

Credit for CS 397:

Credit for graduates: 1/2 unit
Credit for undergraduates: 2 hours

Schedule: 1:00 p.m - 2:30 p.m. on Thursdays

Location:

Instructors and Media Support:

Keith Miller, Associate Professor, UIS, Computer Science
Marsha Woodbury, Director of Information Technology, UIUC, Graduate School of Library and Information Science
Larry Dale, Director, UIS Media Services and Instruction

Purpose:

This course is designed to acquaint students with electronic privacy, security and ethics. The course provides a balance between technical issues, such as security holes in software, and underlying issues, such as why we have email, and what would be a reasonable model for privacy and security of email in a particular organization. The emphasis is not on the more immediate, colorful issues, such a hacker cracking into a system. Rather, the course also explores the grayer areas: Is the acceptable use policy thoughtfully written? Can a policy work without destroying staff morale?

At the end of the course, students can expect to know the basic concept of "ethics," the definition of "security," and how that varies, and the limits of technology. Students will learn about real and potential security issues, and steps that can be taken to create environments of trust.

Prerequisites:

Students should have experience in using computers in a variety of environments. Those students who are not computer science majors should have an understanding of basic computer architecture, basic networking terminology, and some familiarity with UNIX. Students will not be expected to have expertise at system administration, or to be programmers.

Introduction to the Course:

This class is a cooperative effort between faculty, students, and staff at UIS, UIUC, and involves experts from other institutions and the private sector:

  1. The course is team taught by Dr. Marsha Woodbury of UIUC and Dr. Keith Miller of UIS. Larry Dale of UIS is coordinating the media for course delivery.
  2. UIUC, UIS, and UI Central administration are all contributing resources for the class. On the UIUC campus, the Graduate School of Library and Information Science is cooperating with the Computer Science Department and the Office of Extramural Instruction.
  3. Outside experts in computer security and computer ethics are participating: Deborah Johnson from RPI, Gene Spafford from Purdue, and Jeff Voas from Reliable Software Technologies.
  4. Students will contribute by presenting their projects during the semester. Each student will develop a topic in the form of a WWW site, and will present that topic to the class.

Textbook: (On order at the IU Bookstore--should be in stock by Sept. 7 or 12)

The NCSA Guide to Enterprise Security, by Michel E. Kabay (1996) McGraw-Hill.

This book includes case studies and discussions of key threats and vulnerabilities of information systems. It also describes strategies for organizing both precautions and responses.

Supplementary text:

Who Owns Information? From Privacy to Public Access, by Anne Wells Branscomb (1994) New York, NY: BasicBooks

Class Schedule and Format:

The class schedule is given below in terms of weeks. The class will meet every Thursday for 90 minutes. The first class will be taught twice:

August 28th at UIS and

September 4 at UIUC.

UIS classes start on August 28th, a week before UIUC. UIS has off the next Thursday, September 4, when UIUC starts.

The subsequent classes will continue once a week, simultaneously at UIS and UIUC via interactive compressed video. Most weeks Dr. Woodbury will be at UIUC and Dr. Miller will be at UIS, both Dr. Woodbury will visit UIS and Dr. Miller will visit UIUC at least once during the semester. A significant portion of the class will be done asynchronously via the WWW.

WEEK # TOPIC

  1. Fundamental technical details of computer security
  2. Ground rules for productivite ethical deliberation
    "Ethical slips"
  3. Encryption: costs and benefits for computers; costs and benefits for society
  4. JAVA: security features; marketing points; who is responsible for what?
  5. Viruses and worms: motivations and mechinizations
  6. Practical tips--Broader meanings for the word "security"
  7. The Robert Morris case: technical details are clues to human values
    /The Hare virus: virtual hysteria and media involvement
  8. Bad technical choices lead to insecurity: the year 2000 problem
  9. Computer passwords: convenience vs. safety
  10. Privacy and security: intersections
  11. The gender gap in computer crime
  12. Who makes money from computer security?
  13. Computer security policies at the University of Illinois: an analysis
  14. International aspects of computer security
  15. Addiction or lifestyle choice? computer cracking

Graded Work:

Continuous active participation is crucial to successfully completing this course.

Each student will be responsible for developing one topic for the class. The topic will be selected by the student, in consultation with one of the class instructors (Dr. Woodbury or Dr. Miller). One possible topic for computer science students will be to explain a technical issue in some depth using terminology and concepts accessible to the whole class. Once the topic is approved, the student will produce the following:

  1. A web page available to the class on the selected topic. This should include an introduction written by the student and references both to print and Internet resources related to the topic.
  2. A written examination of an ethical issue related to a technical aspect of the topic. This is a short paper (4-10 printed pages), also available through the student's web page (see previous point).
  3. A 20 minute class presentation about the topic. This can include lecture, class discussion, and perhaps a case study exercise for the class. This presentation will be scheduled as part of the interactive TV class time, and will be video taped. See: schedule of presentations.

Students will be graded as follows:

40%: Class Participation (including weekly interactive worksheets on the Web)

30%: Presentation of the students' topic during class

30%: Web page on the student's topic, including the short paper

90-100%: A; 80-89%: B; 70-79%: C; and so on.

If you have a learning disability, please see the links to the Division of Rehabilitation Education Services. The instructors will work with you to be certain that you have full and equal access to this course.

Other Resources:

Here are a few additional Internet resources for computer security and computer ethics. This list will be expanded by students, instructors, and the consultants during the semester.

Role of Outside Experts: