Curran, K. Tutorials. Independent study (including assessment) N/A

Transcription

1 MODULE TITLE: MODULE CODE: Systems Security COM535 YEAR OF REVISION: 2013/14 MODULE LEVEL: 6 CREDIT POINTS: 20 MODULE STATUS: SEMESTER: 1 LOCATION: E-LEARNING: PREREQUISITE(S): CO-REQUISITE(S): MODULE CO-ORDINATOR(S): TEACHING STAFF RESPONSIBLE FOR MODULE DELIVERY: HOURS: Optional Magee Blended learning None None Curran, K Curran, K Lectures Seminars Tutorials Practicals Independent study (including assessment) 24 hrs hrs hrs 48 hrs 128 hrs TOTAL EFFORT HOURS: 200 ACADEMIC SUBJECT: COM MODULAR SUBJECT: N/A RATIONALE The aim of the course is to introduce the student to the issues that arise when we consider the security of computer networks, from both a "white-hat" (defensive), and "black-hat" (offensive) perspective.

2 AIMS The aim is to provide an understanding of the theory of secure software and network systems through a series of lab based practical work and experiments. This treatment will reinforce software engineering best practice. This module also aims to introduce the key concepts of secure computer systems and provide expertise in applying the principal techniques associated with planning and deploying secure systems. LEARNING OUTCOMES A successful student will be able to: KNOWLEDGE AND UNDERSTANDING K1 Demonstrate knowledge and understanding of the key principles and concepts that underpin computer security K2 Demonstrate knowledge and understanding of the key concepts and techniques used to develop security defences and related protocols and standards. K3 Display an appreciation of the technical and research challenges facing developers of network based secure environments. K4 Demonstrate how to assess the security of web applications INTELLECTUAL QUALITIES I1 I2 I3 I4 Critically evaluate approaches and techniques used in the design and development of secure technologies. Apply a range of technical solutions that address the technical challenges associated with the design of secure systems. Communicate and implement appropriate secure network applications. Identify a range of network security problems PROFESSIONAL/PRACTICAL SKILLS P1 Demonstrate competence in the creation of appropriate secure systems P2 Employ effectively a range of tools and techniques in the design of secure systems. P3 Combine a range of techniques and approaches in the design and development of secure applications. P4 Demonstrate the ability to develop secure systems.

3 TRANSFERABLE SKILLS T1 Adopt a methodical approach in the design and development of secure systems T2 T3 T4 Communicate design solutions in a clear and concise manner. Communicate design solutions in a clear and concise manner. Demonstrate ability to critically evaluate and synthesise information from a wide range of sources.

4 CONTENT Part 1: Computer Security Technology and Principles 1.1 Cryptographic Tools, Confidentiality, Message Authentication and Hash Functions, Public-Key Encryption and Digital Signatures and Key Management. 1.2 User Authentication, Means of Authentication, Password-Based Authentication, Security Issues for User Authentication 1.3 Access Control Principles, Subjects, Objects, and Access Rights 1.4 The Need for Database Security, Database Management Systems, Database Access Control, Cloud Security 1.5 Types of Malicious Software, Propagation/Infected Content/Viruses/Trojans/Bots 1.6 Denial-of-Service Attacks, Flooding Attacks, Application-Based Bandwidth Attacks 1.7 Intrusion Detection, Host-Based Intrusion Detection, Network-Based Intrusion Detection, Honeypots 1.8 Firewalls and Intrusion Prevention Systems. Intrusion Prevention Systems Part 2: Software Security & Trusted Systems 2.1 Buffer Overflow, Stack Overflows, Defending Against Buffer Overflows 2.2 Software Security, Handling Program Input, Interacting with the Operating System and Other Programs 2.3 Operating System Security, System Security Planning, Windows/Linux/Unix Security 2.4 Trusted Computing and Multilevel Security, The Concept of Trusted Systems, Assurance and Evaluation Part 3: Management Issues 3.1 IT Security Management and Risk Assessment, Security Risk Assessment 3.2 IT Security Controls, Plans, and Procedures, IT Security Plan, Implementation of Controls 3.3 Physical and Infrastructure Security, Recovery from Physical Security Breaches Human Resources Security, Employment Practices and Policies, and Internet Use Policies 3.5 Security Auditing, The Security Audit Trail, Audit Trail Analysis Part 4: Cryptographic Algorithms & Network Security 4.1 Symmetric Encryption and Message Confidentiality, Data Encryption Standard, Advanced Encryption Standard 4.2 Public-Key Cryptography & Message Authentication, Secure Hash Functions, HMAC 4.3 Internet Security Protocols and Standards, Secure and S/MIME, SSL, HTTPS 4.4 Internet Authentication Applications, Kerberos, X Wireless Network Security, IEEE Wireless LANs.

5 TEACHING AND LEARNING METHODS Lectures will consist of context setting, introductions to and explanations of relevant techniques and algorithms. Open discussions and references to reading material will frequently be used to widen the learning experience. The material covered in the practical sessions will reinforce the content covered in the lectures and will focus on developing the students game development and programming skills. Students will be directed to read sections of the recommended texts together with material from relevant Internet sites. They will be expected to consolidate the material after the lectures by private study. The module is offered by Blended Learning. ASSESSMENT AND FEEDBACK Coursework 1: CA1 (Worth 50% of the coursework): A closed book test midway through the module covering all taught and lab topics covered of the first six weeks. Feedback will follow within one week to assist students identify weaknesses and act as a guide for future revision. Students will be given their marks and full solutions individually. Coursework 2: CA2 (Worth 50% of the coursework): A written assignment will measure the student s ability to write a secure web service application which builds on best practice in cryptography and material covered in each lab session. Feedback will follow within one week to assist students identify weaknesses and act as a guide for future revision. Students will be given their marks and full solutions individually. Examination: A compulsory written examination lasting three hours is completed by the student at the end of the semester and students will be required to answer 4 questions out of 5. The examination is closed book. 50 % Coursework 50 % Examination READING LIST Recommended: Stallings, W., Brown, L. (2012) Computer Security: Principles and Practices: International Edition, 2/E, Pearson Higher Education, ISBN: Eastoom, W. (2012) Computer Security Fundamentals, 2/E, Pearson Higher Education, ISBN: Oriyano, S.P. (2012) Hacker Techniques, Tools, and Incident Handling, Jones and Bartlett Learning, ISBN:

6 SUMMARY DESCRIPTION This module provides an in-depth study of secure computer systems. This module will introduce the concepts and principles of secure systems. In addition, students will be given the opportunity to learn how to configure and test application and network security, deploy secure network based software applications and resolve security problems. Students will have an in-depth knowledge of basic skills in security, and an appreciation for emerging themes that could impact secure systems in the future.