CSC 570 Security in Computing
Instructor: Dr. Sviatoslav Braynov
Catalog Description: The course introduces the fundamentals of Computer security. It covers various attack techniques and how to defend against them. Topics include: security policies and mechanisms, cryptographic techniques, formal methods of computer security, steganography, security of electronic payment systems, operating systems security, program security, Java security, database security, computer viruses and worms, intrusion detection, honeypots and honeytokens, physical temper resistance, electronic and information warfare, telecom security, smart cards security, privacy protecting techniques, spam, risk assessment, administering security, and legal and social issues. Students are expected to have good background in programming, operating systems, and networking.
Course Objectives: This course calls on students to demonstrate:
- Knowledge of security technologies, applications, and concepts,
- The ability to reason through analysis, evaluation and design of secure systems,
- The ability to effectively apply this knowledge to the construction of secure software systems.
Student outcomes:
Upon completion of this course, students will be able to:
- Understand a variety of generic security threats and vulnerabilities, the basic components of computer security and the risks faced by computer systems.
- Identify and analyze security problems in computer systems.
- Understand the design of security protocols and mechanisms.
- Use cryptography algorithms and protocols to achieve computer system security.
- Design and implement security mechanisms to protect computer systems.
- Apply appropriate security techniques to solve security problems.
- Understand selected legal, copyright, and privacy issues.
Textbooks (Additional readings will be assigned during the course):
- C. Pfleeger and S. Pfleeger. Security in Computing. Prentice Hall, 2003. ISBN 0-13--035548-8
- M. Bishop. Computer Security: Art and Science. Addison Wesley, 2003, ISBN 0-201-44099-7
Outline of Topics to be Covered:
- An overview of computer security
- Access control
- Take-grant protection model
- Schematic protection modelSecurity policies
- Confidentiality policy
- Integrity policies
- Attack languages
- Introduction to cryptography
- Symmetric key algorithms
- Advanced Encription standard
- Public key algorithms: RSA, Diffie-Hellman agreement
- Authentication and Digital Signatures
- Key management
- Introduction to Public Key Infrastructure (PKI)
- Secure Sockets Level
- Introduction to steganography
- Steganographic techniques
- Digital Watermarking
- Security of Electronic Payment Systems
- The Attacker's Process
- Spoofing
- DoS and DDoS
- Program security and buffer overflows
- Protecting OS
- Designing trusted OS.
- UNIX security
- Windows security
- Database Security
- Computer viruses and wormsd.
- Confinement problem
- Intrusion detection
- Password security.
- Firewalls
- Honeypots and honeytokens
- Physical temper resistance
- Electronic and Information Warfare
- Telecom system security
- Wireless security
- Administering security
- Legal, privacy, and ethical issues
|