CS 5950/6030: Computer Security and
Information Assurance—Spring 2006
Syllabus
Department of
Computer Science
© 2006 by
Leszek T. Lilien
Class
Web Pages:
http://www.cs.wmich.edu/~llilien/teaching/spring2006/cs5950-6030/index.html
Detailed Syllabus (this page):
http://www.cs.wmich.edu/~llilien/teaching/spring2006/cs5950-6030/syllabus.html
Class slides and announcements:
http://www.cs.wmich.edu/~llilien/teaching/spring2006/cs5950-6030/slides.html
The
following list of lecture topics is based on Table of Contents for the required
textbook (Pfleeger and Pfleeger, Security in Computing. Third
Edition, Prentice Hall PTR, 2003, ISBN 0-13-035548-8).
I. We'll cover the
following issues (numbers are Chapter numbers):
1. Is There a Security Problem in Computing?
What Does “Secure” Mean? Attacks. The Meaning of Computer Security.
Computer Criminals. Methods of Defense.
2. Elementary Cryptography.
Terminology and Background. Substitution Ciphers. Transposition
(Permutations). Making “Good” Encryption Algorithms. The Data Encryption
Standard (DES). The AES Encryption Algorithm. Public Key Encryption. The
Uses of Encryption.
3. Program Security.
Secure Programs. Nonmalicious Program Errors. Viruses and Other
Malicious Code. Targeted Malicious Code. Controls Against Program
Threats.
4. Protection in General-Purpose Operating Systems.
Protected Objects and Methods of Protection. Memory and Address
Protection. Control of Access to General Objects. File Protection
Mechanisms. User Authentication. Summary of Security for Users.
Chapter 5 is optional - see below
7. Security in Networks.
Note: despite the short list of chapter topics, we'll spend probably 30% of the
course on this
Network Concepts. Threats in Networks. Network Security Controls.
Firewalls. Intrusion Detection Systems. Secure E-Mail. Summary of
Network Security.
6. Database Security.
Introduction to Databases. Security Requirements. Reliability and
Integrity. Sensitive Data. Inference. Multilevel Databases. Proposals
for Multilevel Security. Summary of Database Security.
Note:
Possibly, much more on Information Assurance from my own lecture notes.
II. We'll cover only
the major selected topics/issues from:
Chapter 8 is
optional - see below
9. Legal, Privacy, and Ethical Issues in Computer Security.
Protecting Programs and Data. Information and the Law. Rights of
Employees and Employers. Software Failures. Computer Crime. Privacy.
Ethical Issues in Computer Security. Case Studies of Ethics.
III. If time allows,
we'll cover also:
5.Designing Trusted Operating Systems.
What Is a Trusted System? Security Policies. Models of Security. Trusted
Operating System Design. Assurance in Trusted Operating Systems.
Implementation Examples. Summary of Security in Operating Systems.
8. Administering Security.
Security Planning. Risk Analysis. Organizational Security Policies.
Physical Security.
==================