[Note:
The most recent updates (if any) are highlighted]
CS 5950 - Computer Security and
Information Assurance — Fall 2008
Course Outline
Department of
Computer Science
Class Web Pages:
Syllabus - main page: index.htm
Detailed course outline (this
page): outline.htm
Announcements and slides: announcements+slides.htm
The
following list of lecture topics is based on Table of Contents for the textbook
(i.e., based on the textbook Security
in Computing. Fourth Edition
by Pfleeger and Pfleeger, Prentice
Hall, 2007, ISBN 0-13-239077-9).
I. We'll cover the following issues (numbers are Chapter
numbers):
1.
Is There a Security Problem in Computing?
What Does “Secure” Mean? Attacks. The Meaning of Computer Security.
Computer Criminals. Methods of
Defense.
2. Elementary Cryptography.
Terminology and Background. Substitution
Ciphers. Transposition (Permutations). Making “Good” Encryption Algorithms. The
Data Encryption Standard (DES). The AES Encryption
Algorithm. Public Key Encryption. The Uses of Encryption.
Chapter 7 will be covered out-of-sequence to facilitate running lab exercises.
7.
Security in Networks.
Note:
Despite the short list of chapter topics, we'll
spend about 30% of lecture time in this area
Network Concepts. Threats in Networks. Network Security
Controls. Firewalls. Intrusion
Detection Systems. Secure E-Mail.
3. Program Security.
Secure Programs. Nonmalicious Program Errors. Viruses and Other
Malicious Code. Targeted Malicious Code.
Controls Against Program Threats.
If
time permits: 4. Protection in
General-Purpose Operating Systems.
Protected Objects and Methods of Protection. Memory
and Address Protection. Control
of Access to General Objects. File Protection
Mechanisms. User Authentication. Summary of Security for Users.
If
time permits: 6. Database and Data
Mining Security.
Introduction to
Databases. Security
Requirements. Reliability and Integrity. Sensitive Data. Inference. Multilevel Databases. Proposals for
Multilevel Security. Data Mining.
II. We'll cover only the major
selected topics/issues from:
10. Privacy in Computing
Privacy Concepts. Privacy Principles and Policies. Authentication and Privacy. Data Mining.
Privacy on the Web. E-mail Security.
Impacts on Emerging Technologies.
11.
Legal and Ethical Issues in Computer Security.
Protecting Programs
and Data. Information
and the Law. Rights of
Employees and Employers. Redress for Software Failures. Computer Crime. Ethical Issues in Computer
Security. Case Studies of Ethics.
III. We will not cover:
5. Designing Trusted Operating Systems.
What Is a Trusted System? Security Policies. Models of Security. Trusted Operating
System Design. Assurance in Trusted Operating Systems.
8. Administering Security.
Security Planning. Risk Analysis. Organizational
Security Policies. Physical Security.
9.
The Economics of Cybersecurity
Making
a Business Case. Quantifying Security. Modeling Cybersecurity.
12.
Cryptography Explained
Mathematics
for Cryptography. Symmetric Encryption. Public Key
Encryption Systems. Quantum Cryptography.
==================
© 2007-2008 by Leszek T.
Lilien
Last updated on 9/3/08