· Matt Bishop, Introduction to Computer Security, Addison Wesley, 2004. ISBN: 0-321-24744-2.
· Charles P. Pfleeger and Shari L. Pfleeger, Security in Computing, Prentice Hall, Upper Saddle River, NJ 07458, 3rd edition, 2003. ISBN: 0-13-035548-8.
Ed Skoudis, Counter Hack: A Step-by-Step Guide to
Computer Attacks and Effective Defenses, Prentice Hall,
· Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, John Wiley & Sons, Inc., 2001. ISBN 0-471-38922-6.
90.0 -- 100% A = 450 -- 500 Points
80.0 -- 89.9% B = 400 -- 449 Points
70.0 -- 79.9% C = 350 -- 399 Points
60.0 -- 69.9% D = 300 -- 349 Points
00.0 -- 59.9% F = 000 -- 299 Points
Tentative Point Distribution:
Tests 2 * 100 points each 200 Points 40%
Project 1 * 100 points each 100 Points 20%
Assignments 6 * 20 points each 120 Points 24%
Participation Attendance + Involvement 80 Points 16%
TOTAL: 500 Points 100%
Important Note: I reserve the right to change this grading system as the course progresses and various circumstances develop.
Two tests will be given. Each test will cover the material from that unit only. Test questions will consist of multiple choices, fill blanks, programming, and/or essay questions. Questions will cover topics discussed in class that may or may not be covered in the textbook. Students are encouraged to attend class often so as to maximize their exam scores.
There is one course project in this course worth 100 points. The project is intended to test the range of knowledge sets and skills developed by students in their prior CS/SWE/IT courses and this course as well. Each student will work as a member of a 2~4-person team to complete one research topic in information security. More details about the nature of the project, suggested topics, grading policy, deliverables, and the instructor's expectations will be provided as a separated handout in class. Each student is expected to contribute equally to the success of the project and to participate in the presentation of the final results. Grading will be subjective based on the quality and completeness of the project.
Assignments are individual work testing the understanding of the course materials. Students should complete their assignments independently and turn in their solutions in time according to the assignment requirements.
As information security represents a challenging research arena in Computer Science / Software Engineering / Information Technology, many topics covered in this course are potential research topics for your MS thesis projects. Some of the topics will be briefly discussed in class. More details will be provided by the instructor upon request. Please contact the instructor if you are interested in doing MS thesis in Information Security, or visit the instructor’s web page at http://lovelace.spsu.edu/jwang/.
All assignments and deliverables, including all project progress reports, source code, presentations, group reports, individual reports, homework assignments, and peer evaluations, are due at the beginning of the class time on the due date. Any late item will be discounted by 10 points per hour delay. Students should be responsible for their homework and project result reaching the instructor in time. (Don't trust the department drop-box.)
You must contact the instructor prior to the test to explain your reasons for being absent in the test. The instructor will decide whether a makeup test is allowed or not. If your application for a makeup test is accepted, in any case, the makeup test must be done before the next scheduled class unless you could provide official documents from the Student Health Service or the Office of the Senior Vice President for Academic Affairs for attending authorized and official University activities.
No makeup project-work (reports or presentations) are allowed.
Class participation includes class attendance, contributions during class discussion, and sense of teamwork. Class participation will contribute to your overall grade up to 80 points. The instructor expects you to attend lectures regularly and to arrive on time. Attendance checking (roll-call) will be conducted at the beginning of each class. Students are responsible to inform the instructor their attendance if they miss the roll call but actually attend the class. Your attendance grade for each class time is determined by the following grading sheet for this summer semester:
Maximum attendance grade: 3 * 16 = 48 points.
You are responsible for all course work. Being absent does not excuse work from the stated due dates. In addition to attendance, there will be a contribution grade to encourage class discussion and sense of teamwork. You can earn up to 32 points in the whole semester by
SPSU values academic integrity. Therefore all students must understand the meaning and consequences of cheating, plagiarism and other academic offenses. Work submitted for this course must represent your own efforts. Copying assignments or tests, or allowing others to copy your work, will not be tolerated. Note that introducing syntactic changes into a copied program is still considered plagiarism. The grade for all involved parties for any course work (homework, assignment, project, programming, or test) will be zero if plagiarism is evidenced.
Academic dishonesty is an extremely serious offense. All cases of academic dishonesty will be dealt with in accordance with the policies of the University as published in the Undergraduate Catalog and Graduate Student Handbook. Penalties may include expulsion from the University.
Students with disabilities who believe that they may need accommodations in this class are encouraged to contact the counselor working with disabilities at 678-915-7226 as soon as possible to better ensure that such accommodations are implemented in a timely fashion.
Return and Destruction of Papers:
Homework, floppy disks, and other completed class assignments will be brought to class once to be returned after they are graded. If you are absent on a day that a paper is returned you will need to arrange to pick up the paper in the instructor's office. All tests and papers may be destroyed after the end of the first week of the following semester. Test papers will not be returned and you will not be allowed to keep or to photocopy exams. You may examine your tests in the instructor's office during scheduled exam review periods.
The URL for the course homepage is:
You will need a WebCT account to access the course web site.
Prerequisites: CS 5123: Advanced Programming and Data Structures; and CS 5423: Mathematical Structures for Computer Science
This course covers the fundamentals of computing security, access control technology, cryptographic algorithms, implementations, tools and their applications in communications and computing systems security. Topics include public key infrastructure, operating system security, database security, network security, web security, firewalls, security architecture and models, and ethical and legal issues in information security.
This course covers a variety of topics that will prepare those students who wish to develop a skill set in information security or who wish to enhance their current computer science expertise by gaining additional knowledge in the field of computing security.
The topics will range from operating systems security,
database security, program security, network security, wireless security,
legal and ethical issues, access controls, cryptography and risk management.
Students will also be instructed in how to design and create disaster
recovery plans, computer policies and standards, system security
architectures and physical security controls. Legal aspects of computer
security will also be covered as will auditing in a
secured environment and managing as a day-to-day security administrator.
In-class project and assignments will focus upon critical thinking for
security managers in mainframe, midrange and network environments as well as
research assignments and basic policy creation.
The course covers a wide range of skills for information security. On completion of this course, students should be able to
As a part of your general education, this course will also help you to
Chapter 1. An Overview of Computer Security.
1.1 The Basic Components.
1.3 Policy and Mechanism.
1.3.1 Goals of Security
1.4 Assumptions and Trust.
1.6 Operational Issues.
1.6.1 Cost-Benefit Analysis.
1.6.2 Risk Analysis.
1.6.3 Laws and Customs.
1.7 Human Issues.
1.7.1 Organizational Problems.
1.7.2 People Problems.
1.8 Tying It All Together.
Chapter 2. Access Control Matrix.
2.2 Access Control Matrix Model.
2.3.1 Conditional Commands.
Chapter 3. Foundational Results.
3.1 The General Question.
3.2 Basic Results.
Chapter 4. Security Policies.
4.1 Security Policies.
4.2 Types of Security Policies.
4.3 The Role of Trust.
4.4 Types of Access Control.
4.5 Example: Academic Computer Security Policy.
4.5.1 General University Policy.
4.5.2 Electronic Mail Policy.
126.96.36.199 The Electronic Mail Policy Summary.
188.8.131.52 The Full Policy.
184.108.40.206 Implementation at UC Davis.
Chapter 5. Confidentiality Policies.
5.1 Goals of Confidentiality Policies.
5.2 The Bell-LaPadula Model.
5.2.1 Informal Description.
5.2.2 Example: The Data General B2 UNIX System.
220.127.116.11 Assigning MAC Labels.
18.104.22.168 Using MAC Labels.
Chapter 6. Integrity Policies.
6.2 Biba Integrity Model.
6.3 Clark-Wilson Integrity Model.
6.3.1 The Model.
6.3.2 Comparison with the Requirements.
6.3.3 Comparison with Other Models.
Chapter 7. Hybrid Policies.
7.1 Chinese Wall Model.
7.1.1 Bell-LaPadula and Chinese Wall Models.
7.1.2 Clark-Wilson and Chinese Wall Models.
7.2 Clinical Information Systems Security Policy.
7.2.1 Bell-LaPadula and Clark-Wilson Models.
7.3 Originator Controlled Access Control.
7.4 Role-Based Access Control.
Chapter 8. Basic Cryptography.
8.1 What Is Cryptography?
8.2 Classical Cryptosystems.
8.2.1 Transposition Ciphers.
8.2.2 Substitution Ciphers.
22.214.171.124 Vigenère Cipher.
126.96.36.199 One-Time Pad.
8.2.3 Data Encryption Standard.
8.2.4 Other Classical Ciphers.
8.3 Public Key Cryptography.
8.4 Cryptographic Checksums.
Chapter 9. Key Management.
9.1 Session and Interchange Keys.
9.2 Key Exchange.
9.2.1 Classical Cryptographic Key Exchange and Authentication.
9.2.3 Public Key Cryptographic Key Exchange and Authentication.
9.3 Cryptographic Key Infrastructures.
9.3.1 Certificate Signature Chains.
188.8.131.52 X.509: Certification Signature Chains.
184.108.40.206 PGP Certificate Signature Chains.
9.4 Storing and Revoking Keys.
9.4.1 Key Storage.
9.4.2 Key Revocation.
9.5 Digital Signatures.
9.5.1 Classical Signatures.
9.5.2 Public Key Signatures.
Chapter 10. Cipher Techniques.
10.1.1 Precomputing the Possible Messages.
10.1.2 Misordered Blocks.
10.1.3 Statistical Regularities.
10.2 Stream and Block Ciphers.
10.2.1 Stream Ciphers.
10.2.1.1 Synchronous Stream Ciphers.
10.2.1.2 Self-Synchronous Stream Ciphers.
10.2.2 Block Ciphers.
10.2.2.1 Multiple Encryption.
10.3 Networks and Cryptography.
10.4 Example Protocols.
10.4.1 Secure Electronic Mail: PEM.
10.4.1.1 Design Principles.
10.4.1.2 Basic Design.
10.4.1.3 Other Considerations.
10.4.2 Security at the Network Layer: IPsec.
10.4.2.1 IPsec Architecture.
10.4.2.2 Authentication Header Protocol.
10.4.2.3 Encapsulating Security Payload Protocol.
Chapter 11. Authentication.
11.1 Authentication Basics.
11.2.1 Attacking a Password System.
11.2.2 Countering Password Guessing.
220.127.116.11 Random Selection of Passwords.
18.104.22.168 Pronounceable and Other Computer-Generated Passwords.
22.214.171.124 User Selection of Passwords.
126.96.36.199 Reusable Passwords and Dictionary Attacks.
188.8.131.52 Guessing Through Authentication Functions.
11.2.3 Password Aging.
11.3.1 Pass Algorithms.
11.3.2 One-Time Passwords.
11.3.3 Hardware-Supported Challenge-Response Procedures.
11.3.4 Challenge-Response and Dictionary Attacks.
11.6 Multiple Methods.
Chapter 12. Design Principles.
12.2 Design Principles.
12.2.1 Principle of Least Privilege.
12.2.2 Principle of Fail-Safe Defaults.
12.2.3 Principle of Economy of Mechanism.
12.2.4 Principle of Complete Mediation.
12.2.5 Principle of Open Design.
12.2.6 Principle of Separation of Privilege.
12.2.7 Principle of Least Common Mechanism.
12.2.8 Principle of Psychological Acceptability.
Chapter 13. Representing Identity.
13.1 What Is Identity?
13.2 Files and Objects.
13.4 Groups and Roles.
13.5 Naming and Certificates.
13.5.1 The Meaning of the Identity.
13.6 Identity on the Web.
13.6.1 Host Identity.
184.108.40.206 Static and Dynamic Identifiers.
220.127.116.11 Security Issues with the Domain Name Service.
13.6.2 State and Cookies.
13.6.3 Anonymity on the Web.
18.104.22.168 Anonymity for Better or Worse.
Chapter 14. Access Control Mechanisms.
14.1 Access Control Lists.
14.1.1 Abbreviations of Access Control Lists.
14.1.2 Creation and Maintenance of Access Control Lists.
22.214.171.124 Which Subjects Can Modify an Object’s ACL?
126.96.36.199 Do the ACLs Apply to a Privileged User?
188.8.131.52 Does the ACL Support Groups and Wildcards?
184.108.40.206 ACLs and Default Permissions.
14.1.3 Revocation of Rights.
14.1.4 Example: Windows NT Access Control Lists.
14.1.5 Implementation of Capabilities.
14.1.6 Copying and Amplifying Capabilities.
14.1.7 Revocation of Rights.
14.1.8 Limits of Capabilities.
14.1.9 Comparison with Access Control Lists.
14.3 Locks and Keys.
14.3.1 Type Checking.
14.4 Ring-Based Access Control.
14.5 Propagated Access Control Lists.
Chapter 15. Information Flow.
15.1 Basics and Background.
15.1.1 Information Flow Models and Mechanisms.
15.2 Compiler-Based Mechanisms.
15.2.2 Program Statements.
220.127.116.11 Assignment Statements.
18.104.22.168 Compound Statements.
22.214.171.124 Conditional Statements.
126.96.36.199 Iterative Statements.
188.8.131.52 Goto Statements.
184.108.40.206 Procedure Calls.
15.2.3 Exceptions and Infinite Loops.
15.3 Execution-Based Mechanisms.
15.3.1 Fenton’s Data Mark Machine.
15.3.2 Variable Classes.
15.4 Example Information Flow Controls.
15.4.1 Security Pipeline Interface.
15.4.2 Secure Network Server Mail Guard.
Chapter 16. Confinement Problem.
16.1 The Confinement Problem.
16.2.1 Virtual Machines.
16.3 Covert Channels.
16.3.1 Detection of Covert Channels.
16.3.2 Mitigation of Covert Channels.
Chapter 17. Introduction to Assurance.
17.1 Assurance and Trust.
17.1.1 The Need for Assurance.
17.1.2 The Role of Requirements in Assurance.
17.1.3 Assurance Throughout the Life Cycle.
17.2 Building Secure and Trusted Systems.
17.2.1 Life Cycle.
220.127.116.11 Fielded Product Life.
17.2.2 The Waterfall Life Cycle Model.
18.104.22.168 Requirements Definition and Analysis.
22.214.171.124 System and Software Design.
126.96.36.199 Implementation and Unit Testing.
188.8.131.52 Integration and System Testing.
184.108.40.206 Operation and Maintenance.
17.2.3 Other Models of Software Development.
220.127.116.11 Exploratory Programming.
18.104.22.168 Formal Transformation.
22.214.171.124 System Assembly from Reusable Components.
126.96.36.199 Extreme Programming.
17.3 Building Security In or Adding Security Later.
Chapter 18. Evaluating Systems.
18.1 Goals of Formal Evaluation.
18.1.1 Deciding to Evaluate.
18.1.2 Historical Perspective of Evaluation Methodologies.
18.2 TCSEC: 1983 - 1999.
18.2.1 TCSEC Requirements.
188.8.131.52 TCSEC Functional Requirements.
184.108.40.206 TCSEC Assurance Requirements.
18.2.2 The TCSEC Evaluation Classes.
18.2.3 The TCSEC Evaluation Process.
220.127.116.11 Scope Limitations.
18.104.22.168 Process Limitations.
18.3 FIPS 140: 1994 - Present.
18.3.1 FIPS 140 Requirements.
18.3.2 FIPS 140-2 Security Levels.
18.4 The Common Criteria: 1998 - Present.
18.4.1 Overview of the Methodology.
18.4.2 CC Requirements.
18.4.3 CC Security Functional Requirements.
18.4.4 Assurance Requirements.
18.4.5 Evaluation Assurance Levels.
18.4.6 Evaluation Process.
18.4.8 Future of the Common Criteria.
22.214.171.124 Assurance Class AMA and Family ALC_FLR.
126.96.36.199 Products Versus Systems.
188.8.131.52 Protection Profiles and Security Targets.
184.108.40.206 Assurance Class AVA.
18.5 SSE-CMM: 1997 - Present.
18.5.1 The SSE-CMM Model.
18.5.2 Using the SSE-CMM.
Chapter 19. Malicious Logic.
19.2 Trojan Horses.
19.3 Computer Viruses.
19.3.1 Boot Sector Infectors.
19.3.2 Executable Infectors.
19.3.3 Multipartite Viruses.
19.3.4 TSR Viruses.
19.3.5 Stealth Viruses.
19.3.6 Encrypted Viruses.
19.3.7 Polymorphic Viruses.
19.3.8 Macro Viruses.
19.5 Other Forms of Malicious Logic.
19.5.1 Rabbits and Bacteria.
19.5.2 Logic Bombs.
19.6.1 Malicious Logic Acting as Both Data and Instructions.
19.6.2 Malicious Logic Assuming the Identity of a User.
220.127.116.11 Information Flow Metrics.
18.104.22.168 Reducing the Rights.
19.6.3 Malicious Logic Crossing Protection Domain Boundaries by Sharing.
19.6.4 Malicious Logic Altering Files.
19.6.5 Malicious Logic Performing Actions Beyond Specification.
22.214.171.124 Proof-Carrying Code.
19.6.6 Malicious Logic Altering Statistical Characteristics.
19.6.7 The Notion of Trust.
Chapter 20. Vulnerability Analysis.
20.2 Penetration Studies.
20.2.2 Layering of Tests.
20.2.3 Methodology at Each Layer.
20.2.4 Flaw Hypothesis Methodology.
126.96.36.199 Information Gathering and Flaw Hypothesis.
188.8.131.52 Flaw Testing.
184.108.40.206 Flaw Generalization.
220.127.116.11 Flaw Elimination.
Example: Penetration of the
20.2.6 Example: Compromise of a Burroughs System.
20.2.7 Example: Penetration of a Corporate Computer System.
20.2.8 Example: Penetrating a UNIX System.
20.2.9 Example: Penetrating a Windows NT System.
20.3 Vulnerability Classification.
20.3.1 Two Security Flaws.
20.4.1 The RISOS Study.
18.104.22.168 The Flaw Classes.
20.4.2 Protection Analysis Model.
22.214.171.124 The Flaw Classes.
20.4.3 The NRL Taxonomy.
126.96.36.199 The Flaw Classes.
20.4.4 Aslam’s Model.
188.8.131.52 The Flaw Classes.
20.4.5 Comparison and Analysis.
184.108.40.206 The xterm Log File Flaw.
220.127.116.11 The fingerd Buffer Overflow Flaw.
Chapter 21. Auditing.
21.2 Anatomy of an Auditing System.
21.3 Designing an Auditing System.
21.3.1 Implementation Considerations.
21.3.2 Syntactic Issues.
21.3.3 Log Sanitization.
21.3.4 Application and System Logging.
21.4 A Posteriori Design.
21.4.1 Auditing to Detect Violations of a Known Policy.
18.104.22.168 State-Based Auditing.
22.214.171.124 Transition-Based Auditing.
21.4.2 Auditing to Detect Known Violations of a Policy.
21.5 Auditing Mechanisms.
21.5.1 Secure Systems.
21.5.2 Nonsecure Systems.
21.6 Examples: Auditing File Systems.
21.6.1 Audit Analysis of the NFS Version 2 Protocol.
21.6.2 The Logging and Auditing File System (LAFS).
21.7 Audit Browsing.
Chapter 22. Intrusion Detection.
22.2 Basic Intrusion Detection.
22.3.1 Anomaly Modeling.
22.3.2 Misuse Modeling.
22.3.3 Specification Modeling.
126.96.36.199 Host-Based Information Gathering.
188.8.131.52 Network-Based Information Gathering.
184.108.40.206 Combining Sources.
22.5 Organization of Intrusion Detection Systems.
22.5.1 Monitoring Network Traffic for Intrusions: NSM.
22.5.2 Combining Host and Network Monitoring: DIDS.
22.5.3 Autonomous Agents: AAFID.
22.6 Intrusion Response.
22.6.1 Incident Prevention.
22.6.2 Intrusion Handling.
220.127.116.11 Containment Phase.
18.104.22.168 Eradication Phase.
22.214.171.124 Follow-Up Phase.
Chapter 23. Network Security.
23.2 Policy Development.
23.2.1 Data Classes.
23.2.2 User Classes.
23.2.4 Consistency Check.
23.3 Network Organization.
23.3.1 Firewalls and Proxies.
23.3.2 Analysis of the Network Infrastructure.
126.96.36.199 Outer Firewall Configuration.
188.8.131.52 Inner Firewall Configuration.
23.3.3 In the DMZ.
184.108.40.206 DMZ Mail Server.
220.127.116.11 DMZ WWW Server.
18.104.22.168 DMZ DNS Server
22.214.171.124 SMZ Log Server.
23.3.4 In the Internal Network.
23.3.5 General Comment on Assurance.
23.4 Availability and Network Flooding.
23.4.1 Intermediate Hosts.
23.5 Anticipating Attacks.
Chapter 24. System Security.
24.2.1 The Web Server System in the DMZ.
24.2.2 The Development System.
24.3.1 The Web Server System in the DMZ.
24.3.2 The Development System.
24.4.1 The Web Server System in the DMZ.
24.4.2 The Development System.
24.5.1 The Web Server System in the DMZ.
24.5.2 Development Network System.
24.6.1 The Web Server System in the DMZ.
24.6.2 Development Network System.
24.7.1 The Web Server System in the DMZ.
24.7.2 Development Network System.
24.8.1 The Web Server System in the DMZ.
24.8.2 Development Network System.
Chapter 25. User Security.
25.2.2 The Login Procedure.
126.96.36.199 Trusted Hosts.
25.2.3 Leaving the System.
25.3 Files and Devices.
188.8.131.52 File Permissions on Creation.
184.108.40.206 Group Access.
220.127.116.11 File Deletion.
18.104.22.168 Writable Devices.
22.214.171.124 Smart Terminals.
126.96.36.199 Monitors and Window Systems.
25.4.1 Copying and Moving Files.
25.4.2 Accidentally Overwriting Files.
25.4.3 Encryption, Cryptographic Keys and Passwords.
25.4.4 Start-up Settings.
25.4.5 Limiting Privileges.
25.4.6 Malicious Logic.
25.5 Electronic Communications.
25.5.1 Automated Electronic Mail Processing.
25.5.2 Failure to Check Certificates.
25.5.3 Sending Unexpected Content.
Chapter 26. Program Security.
26.2 Requirements and Policy.
188.8.131.52 Group 1: Unauthorized Users Accessing Role Accounts.
184.108.40.206 Group 2: Authorized Users Acessing Role Accounts.
220.127.116.11 User Interface.
18.104.22.168 High-Level Design.
26.3.2 Access to Roles and Commands.
22.214.171.124 Storage of the Access Control Data.
26.4 Refinement and Implementation.
26.4.1 First-Level Refinement.
26.4.2 Second-Level Refinement.
126.96.36.199 Obtaining Location.
188.8.131.52 The Access Control Record.
Error Handling in
26.5 Common Security-Related Programming Problems.
26.5.1 Improper Choice of Initial Protection Domain.
184.108.40.206 Process Privileges.
220.127.116.11 Access Control File Permissions.
18.104.22.168 Memory Protection.
22.214.171.124 Trust in the System.
26.5.2 Improper Isolation of Implementation Detail.
126.96.36.199 Resource Exhaustion and User Identifiers.
188.8.131.52 Validating the Access Control Entries.
184.108.40.206 Restricting the Protection Domain of the Role Process.
26.5.3 Improper Change.
220.127.116.11 Changes in File Contents.
18.104.22.168 Race Conditions in File Accesses.
26.5.4 Improper Naming.
26.5.5 Improper Deallocation or Deletion.
26.5.6 Improper Validation.
22.214.171.124 Bounds Checking.
126.96.36.199 Type Checking.
188.8.131.52 Error Checking.
184.108.40.206 Checking for Valid, not Invalid, Data.
220.127.116.11 Checking Input.
18.104.22.168 Designing for Validation.
26.5.7 Improper Indivisibility.
26.5.8 Improper Sequencing.
26.5.9 Improper Choice of Operand or Operation.
26.6 Testing, Maintenance, and Operation.
22.214.171.124 Testing the Module.
26.6.2 Testing Composed Modules.
26.6.3 Testing the Program.
Chapter 27. Assess Network Security.
27.1 Assessment Fundamentals.
27.2 Requirements and Metrics.
27.3 Emissions Security (EMSEC) and TEMPEST
27.4 Wireless Network Security and Assessment
Chapter 28. Information Security Administration Issues.
28.1 Accountability for Classified/Sensitive Data
28.2 Automated Security Tools.
28.4 Change Control/Configuration management.
28.5 Declassification /Downgrade of Media
28.6 Destruction/Purging/Sanitization of Classified/Sensitive Information