Data Security - myweb - Long Island University

Computer Security Syllabus
CS 678 – Data Security
Spring 2015
Course Schedule: Saturday 9:00 - 11:35 AM Classroom: Cook Lab (LLC 207)
I. INSTRUCTOR INFORMATION
Instructor: Prof. Ping-Tsai Chung
Contact Information - Office Room: LLC 206R Office Hours: Monday, Wednesday,
4:00 - 6:00 PM or by appointment
E-mail: pchung@liu.edu Tel: (718) 488-1073
Course Web Site: http://myweb.brooklyn.liu.edu/pchung/
Blackboard: http://blackboard.liu.edu/
Email access is essential in communicating with the instructor and your peers. Please
activate your LIU e-mail account.
For each homework submission, you should send your answer file to
ptchung@ieee.org (pingtsaichung@gmail.com). Also, you should submit one hard copy
to me in class on the due day to facilitate my grading work.
II. RESOURCES
Textbook: (Required) Introduction to Computer Security, Michael T. Goodrich and
Roberto Tamassia, Addision Wesley, ISBN 0-13-978-0-321-51294-9, 2011.
The companion website http://www.securitybook.net/
References: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, Dafydd Stuttard and Marcus Pinto, Second Edition, Wiley, ISBN: 978-1118-026447-2, 2011.
Available at https://leaksource.files.wordpress.com/
Useful Resources:
(1)
Network Security Essentials : Applications and Standards, 4th Edition, William
Stallings, Prentice-Hall, ISBN 0-13-610805-9, 2011.
(2)
http://williamstallings.com/NetworkSecurity/
http://williamstallings.com/NetworkSecurity/NetSec4e-Student/index.html
http://williamstallings.com/NetSec/NetSec3e.html
1
(3) Computer Security – Art and Science, Matt Bishop, Addison-Wesley.
http://nob.cs.ucdavis.edu/book/book-aands/slides/index.html
(4) Computer Networks, Fourth Edition, Andrew S. Tanenbaum, Prentice-Hall.
http://authors.phptr.com/tanenbaumcn4/
Library: Campus library resources tailored for computer science are available at http:
//www2.brooklyn.liu.edu/library/wlp/LibPortal-CS-BC.htm.
III. BUSINESS CONTEXT
Keywords: Computer Security, Cryptography, Physical Security, Operating Systems
Security, Malware, Network Security, Web Security, Security Models and Practice, and
Distributed-Applications Security.
IV.
INSTRUCTIONAL DESIGN
Course Description: A consideration of security problems in computing, with emphasis
on legal issues. Topics include cryptography fundamentals and data security; NPcompleteness and security of cryptosystems; DES; IDEA; hashes and message digests;
RSA; authentication of people and systems; signature schemes; access controls,
information flow controls, and inference controls; Operating Systems Security, Malware,
Network Security, Web Security, Security Models and Practice, and DistributedApplications Security such as Database Security, E-mail security, and Social
Networking.
Course Objectives:
(O1) Could have a comprehensive understanding of Computer Security, Cryptography,
Physical Security, Operating Systems Security, Malware, Network Security, Web
Security, Security Models and Practice, and Distributed-Applications Security.
(O2) Could have a clear understanding of the security ramifications of using computers
and the Internet in their daily lives (e.g., for online banking and shopping), as well as the
potential threats to individual privacy (as seen in recent debates on electronic voting, for
example), and possibly to democracy itself, that may arise from inappropriate use of
computer security technology.
Course Structure:
This course is a lecture based course which is consist of lectures, readings,
homework assignments, Term projects, and one Exam.
2
Weekly Outline:
Schedule
Topics Covered
Lecture 1
(1/24)
Introduction
Lecture 2
(1/31)
Cryptography
1.1 Fundamental Concepts
1.2 Access Control Models
1.3 Cryptographic Concepts
1.4 Implementation and
Usability Issues
Lecture 3
(2/7)
1 Symmetric Cryptography
2 Public-Key Cryptography
3 Cryptographic Hash
Functions
4 Digital Signatures
5 Details on AES and RSA
Lecture 3
(2/14)
Physical Security
Lecture 4
(2/21)
Operating Systems
Security
1 Physical Protections and
Attacks
2 Locks and Safes
3 Authentication
Technologies
4 Direct Attacks Against
Computers
5 Special-Purpose Machines
6 Physical Intrusion
Detection
Resources
Assignments
Chapter 1 and
Notes
Chapter 8 and
Notes
Homework 1
Chapter 2 and
Notes
Chapter 3 and
Notes
Homework 2
1 Operating Systems
Concepts
2 Process Security
3 Memory and Filesystem
Security
4 Application Program
Lecture 5
(2/28)
Malware
1 Insider Attacks
2 Computer Viruses
3 Malware Attacks
Chapter 4 and
Notes
3
4 Privacy-Invasive Software
5 Countermeasures
Lecture 6
(3/7)
Network Security I
1 Network Security Concepts
2 The Link Layer
3 The Network Layer
4 The Transport Layer
5 Denial-of-Service Attacks
Chapter 5 and
Notes
Homework 3
(3/14) Spring Recess - NO CLASS
Lecture 7
(3/21)
Network Security II
Lecture 8
(3/28)
Web Security
Lecture 9
(4/4)
Security Models and
Practice
1 The Application Layer and
DNS
2 Firewalls
3 Tunneling
4 Intrusion Detection
5 Wireless Networking
1 The World Wide Web
2 Attacks on Clients
3 Attacks on Servers
Chapter 6 and
Notes
Chapter 7 and
Notes
Homework 4
Chapter 9 and
Notes
Homework 5
1 Policy, Models, and Trust
2 Access Control Models
3 Security Standards and
Evaluation
4 Software Vulnerability
Assessment
5 Administration and
Auditing
6 Kerberos
7 Secure Storage
Lecture 10
(4/11)
DistributedApplications Security
Chapter 10 and
Notes
1 Database Security
2 Email Security
4
3 Payment Systems and
Auctions
4 Digital Rights Management
5 Social Networking
6 Voting Systems
Lecture 11
(4/18)
Course Review
Lecture 12
(4/25)
Exam - Contents will be
discussed in the Class.
(5/2)
Term Practical Project
Presentation I
(5/9)
Term Project Presentation
II
for the Web Application
from Hacker's Handbook
Based on all
Homeworks and
Examples of Class
Notes
V. GRADING CRITERIA, GUIDELINES, AND ASSIGNMENTS
Course Grading: Class Participation, Attendance, Assignments: 20%, Exam : 30%.
Project: 50%.
Note 1 (Grading Grid for Final Grades): 90% and higher (A), 75% – 89.99% (B), 60 74% (C), below 60% (F). Intermediate grades (A-, B+, …, etc. ) will be given.
Note 2 (Classroom): All face-to-face classes will meet at Classroom: LLC207 (Cook
Lab).
Note 3 (Class Attendance): Student should attend all classes include all Lectures,
Examinations.
Note 4 (Homework Submissions): All homeworks and final project should be
submitted through internet, please forward your homework to me at ptchung@ieee.org
(or pingtsaichung@gmail.com) before the specified deadline. No late homework will
be accepted. . Also, you should submit one hard copy to me in class on the due day
to facilitate my grading work.
5
VI. (A) ACADEMIC INTEGRITY AND REGULATIONS
Plagiarism: Plagiarism is the use or presentation of ideas, works, or work that is not
one's own and that is not common knowledge, without granting credit to the originator.
Plagiarism is a practice that is not only unacceptable, but which is to be condemned in
the strongest terms possible on the basis of moral, educational and legal grounds. Under
University policy, plagiarism may be punishable by a range of penalties from a failing
grade in the assignment or course to dismissal from the School of Business, Public
Administration and Information Sciences. All students are required to read the handbook
on avoiding plagiarism by visiting the URL:
www.liu.edu/~/media/Files/Brooklyn/Academics/Schools/Business/Plagiarism.ashx.
Cheating: Cheating includes, but not limited to the following: falsification of statements
or data; listing sources that have not been used; having another individual write your
paper or do your assignments; writing a paper or creating work for another student to use
without proper attribution; purchase of paper or research work for one’s submission as
his/her own work; using written, verbal, or electronic or other sources of aid during an
examination (except when expressly permitted by the instructor depending on the nature
of the examination) or knowingly providing such assistance to aid other students.
Attendance and Participation: Attendance and participation are essential to learning
and fulfilling the outcomes of the course. Students are advised to inform the instructor in
advance of any anticipated absence(s). In some instances, you may be required to submit
supporting documents.
Punctuality: Classes will begin promptly as scheduled. It is important that you be
present on time. As with absences, late arrival(s) will adversely impact your learning as
well your grade.
VI. (B) ACCOMMODATIONS FOR STUDENTS WITH DISABILITY
Long Island University seeks to provide reasonable accommodations for all qualified
persons with disabilities. This University will adhere to all applicable federal, state and
local laws, regulations and guidelines with respect to providing reasonable
accommodations as required to afford equal educational opportunity. It is the student's
responsibility to register with Special Education Services (SES) as early as possible and
to provide faculty members with the formal communication from SES for suitable
accommodations. All accommodations must be approved through SES. Contact
Information: Special Education Services, Pharmacy Building Basement, 718-488-1221
or 718-488-1044.
VI. (C) STUDENT RESOURCES
The School of Business, Public Administration and Information Sciences and the
University have a wide range of resources which are available through the School of
Business Advisement Page:
http://www.liu.edu/Brooklyn/Academics/Schools/SBPAIS/Advisement.aspx and the
University Resources Page: http://www.liu.edu/Brooklyn/About/Resources.aspx.
DISCLAIMER: The syllabus is a tentative schedule and the instructor reserves the right
to make any changes to fulfill the objectives of the courses and meet students’ needs.
6