CSCI 327 Computer Security

 

 

 

General Information

 

Class Location

216 Thompson

 

Instructor

Dr. Shankar M Banik

Office: 222 Thompson

Email: shankar.banik@citadel.edu

 

Coursepage: http://macs.citadel.edu/baniks/327/Syllabus/Syllabus_CSCI327_FAXX.htm

 

 

 

Course Description

 

A survey of the principles and practices related to computer security. The course concentrates on the problems of security associated with computer systems and emphasizes the application of cryptography to address those problems.

 

 

Course Objectives

 

1.      Explain fundamental concepts of Cybersecurity and Information Assurance, Describe CIA - Confidentiality, Integrity, and Availability

2.      Describe different types of attacks and their characteristics

3.      Describe how fundamental concepts of cyber defense can be used to provide system security                   

4.      Explain Access Control Matrix Model and Protection States of Systems

5.      Analyze types of Security Policies and Access Control - DAC, MAC, ORCON

6.      Explain goals of confidentiality policies, describe and analyze Bell-LaPadula Model

7.      Explain goals of Integrity Policies, Describe and Analyze Biba's Integrity Model, Clark-Wilson Integrity Model

8.      Explain Hybrid Policy Models - Chinese Wall Model and Clinical Information Systems Security Policy Model, ORCON, R-BAC

9.      Explain key elements of Cryptographic System, describe difference between symmetric and asymmetric cryptographic algorithms, discuss properties of DES, AES, public key cryptography and RSA, analyze different types of attacks in a cryptosystem, and understand operations of SHA-1, and SHA-2, and HMAC for message authentications                                               

10.  Describe Cryptographic protocols, tools and techniques for a given situation, analyze key exchange protocols for authentications - Kerberos, describe properties of Certificates and Digital Signatures         

11.  Describe implementation issues of cryptographic protocols, analyze their strengths and weaknesses.

12.  Describe Basics of Authentications, analyze different types of attacks on passwords, describing properties of strong and weak passwords, explain Challenge Response Mechanisms, Pass Algorithms, One-time Password, Biometrics, and Two-factor authentications                                                           

13.  List the first principle of security, describe each security design principle and how it can be used in the development of security mechanism to achieve desired level of security, analyze common security failures, identify violation of design principles, identify needed design principle for a given scenario, understand the importance of human machine interface and the usability factor of a secured system

14.  Explain the need for assurance and the role of trust, describe steps for building secure and trusted systems, analyze different models of software development for security

15.  Describe properties of different malicious logic - Trojan Horse, Virus, Worm, Rabbit, Bacteria, Logic Bomb, analyze different defense mechanisms against malicious logic.

 

 

 

 

Course Outcomes

 

Upon successful completion of this course, students will be able to

1.      list the fundamental concepts of Information Assurance and Cyber Defense;

2.      describe different types of attacks and their characteristics;

3.      describe how fundamental concepts of cyber defense can be used to provide system security;

4.      explain different models of confidentiality and integrity;

5.      identify elements of cryptographic systems;

6.      describe differences between symmetric and asymmetric cryptography;

7.      analyze different cryptographic protocols, tools, and techniques;

8.      analyze the weakness and strength of a cryptosystem;

9.      list first principle of security;

10.  describe each design principle of security and how it can be used in security mechanisms;

11.  identify common security failures and violation of design principles;

12.  describe the importance of human machine interface and usability factor in security;

13.  understand the concepts of key management and authentication; and

14.  understand the features of different malicious logics;

 

 

Course Material

 

Textbooks:      

 

Introduction to Computer Security,

Matt Bishop,

Addison Wesley

                                   

                                   

Computer Security: Principles and Practice

William Stallings and Lawrie Brown

Pearson

 

Course Handouts

 

 

 

Tentative List of Topics

 

1.      Components of Computer Security

2.      Access Control Matrix

3.      Security Policies

4.      Confidentiality Model: Bell-Lapadula

5.      Integrity Model: Biba, Clark-Wilson

6.      Hybrid Model: Chinese Wall, Clinical Information Systems Security Policy

7.      Classical and Public Key Cryptography: Caesar Cipher, Vigere Cipher, DES, RSA

8.      Key Management Protocols

9.      Authentication

10.  Malicious Logic

11.  Assurance and Trust

12.  Design Principles

 

                          

 

Course Outline

 

 

Topics

Assignment

Week 1

Introduction to Computer Security, Confidentiality, Integrity and Availability

Read Chapter 1, HW 1

Week 2

Access Control Matrix and Security Policies

Read Chapters 2, 4, HW 2

Week 3

Confidentiality Model: Bell Lapadula

Read Chapter 5, HW 3

Week 4

Integrity Models: Biba, Clark Wilson

Read Chapter 6

Week 5

Hybrid Models: Chinese Wall, CISSP

Read Chapter 7

Week 6

Classical Cryptography

Read Chapter 8,

HW 4 (Caesar Cipher),

HW 5 (Vigenere Cipher)

Week 7

Public Key Cryptography

HW 6 (Public Key Cryptography)

HW 7 (RSA)

Week 8

Key Management Protocols

Read Chapter 9

Week 9

Cryptographic Hash Functions

Read Chapter 21 from Stallings and Brown Book

Week 10

Cipher modes and implementations

Read Chapter 10

Week 11

Authentications

Read Chapter 11

Week 12

Design Principles

Read Chapter 12, HW 8 (Design Principles)

Week 13

Malicious Logic

Read Chapter 18

Week 14

Assurance and Trust

Read Chapter 17

 

 

 

 

Required Work

 

Homework

There will be approximately six homeworks. Each homework should be turned in at the beginning of the class on the due date. The homework must be typed. Late and/or illegible work will not be accepted. For every 24 hours late, you will be deducted 10% of the grade of the homework.  Any homework that is more than 5 days late will not be evaluated.

 

 

Quizzes

There will be approximately five to six quizzes. Quizzes will be held every two weeks and will be announced one week before the quiz date.

 

 

Midterm Examinations

There will be two Midterm Exams during the semester. Missing an examination without a previously approved excuse will result in a grade of zero for that examination. Makeup examinations are never available.  

 

 

Final Examination

The Final Examination is comprehensive. No Final Examination can be given early, except as required by The Citadel Policy.

 

 

Course Policies

 

Class Attendance and Discussion: It is advised that students attend all lectures. Everyone in the class is expected to participate in the class discussion.

 

Class Webpage: All course materials and grades will be posted on CitLearn.

 

E-mail: Any announcement will be sent through email. Class emails are sent to your official email address using CitLearn. You are responsible for making sure that you are receiving class e-mails. It is your responsibility to have your official email account working properly and forwarding to the location where you read emails.

 

Grading: There are four components to the course grade. They are weighted as follows.

 

 

Component

Percent

Midterm Exams

40

Final

20

Homeworks

30

Quizzes

10

 

The grading scale will be no higher than the following. It may be lower at the discretion of the instructor.

 

Grade

Percentage

A

90+

B

80-89

C

70-79

F

Otherwise

 

 

Grading Policies

 

If you have a question about the grading of a homework, please see the instructor during his office hours. All disagreements about the grading of a homework must be brought to the attention of the instructor within one week of when the item was returned.

 

If there is a dispute about the grading of an examination problem, you may stay after the class the day the exams are returned to discuss it with the instructor. If you cannot stay at this time, return the paper to the instructor at the end of class and visit with the instructor during his office hours. ONCE AN EXAM HAS BEEN REMOVED FROM THE CLASSROOM AFTER IT HAS BEEN RETURNED, THE GRADE IS FINAL AND WILL NOT BE CHANGED, EVEN IF IT IS FOUND TO BE IN ERROR.

 

 

Disability

 

Any student in this course who has a disability that may prevent him or her from fully demonstrating his or her abilities should contact the instructor personally as soon as possible so that accommodations necessary can be made to ensure full participation and to facilitate educational opportunities.

 

Academic Misconduct

 

All work submitted for an individual grade, including homework and term project, should be the work of that single individual, and not their friends, nor their tutor. It is your responsibility to be familiar with the policies mentioned in The Honor Manual of The Citadel. Ignorance of these policies is not an excuse for violating them.