Course Design Document. IS403: Advanced Information Security and Trust



Similar documents
Course Design Document: IS429: Cloud Computing and SaaS Solutions. Version 1.0

Course Design Document. Information Security Management. Version 2.0

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Course Design Document: IS412: Enterprise Business Solutions Enterprise Process Integration using SAP Software. Version 1.6

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

University of Wisconsin-Whitewater Curriculum Proposal Form #3 New Course

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

Major prerequisites by topic: Basic concepts in operating systems, computer networks, and database systems. Intermediate programming.

CS 450/650 Fundamentals of Integrated Computer Security

Data Encryption and Network Security

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Network Security Course Specifications

Weighted Total Mark. Weighted Exam Mark

Curran, K. Tutorials. Independent study (including assessment) N/A

Information Security Course Specifications

Network Security SWISS GERMAN UNIVERSITY. Administration Charles Lim

CIS 253. Network Security

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

MS-55096: Securing Data on Microsoft SQL Server 2012

Table of Contents. Introduction. Audience. At Course Completion

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN

Securing Data on Microsoft SQL Server 2012

Introduction to Cyber Security / Information Security

MS Information Security (MSIS)

e-code Academy Information Security Diploma Training Discerption

Course Design Document. IS103 Computational Thinking (CT)

CPSC 467: Cryptography and Computer Security

Course Syllabus. Course code: Academic Staff Specifics. Office Number and Location

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

CS 5490/6490: Network Security Fall 2015

Computer Security (EDA263 / DIT 641)

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD Course Outline

Bellevue University Cybersecurity Programs & Courses

Course Design Document. IS417: Data Warehousing and Business Analytics

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY 229 Information Security Fundamentals

CS 464/564 Networked Systems Security SYLLABUS

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

SE 4472a / ECE 9064a: Information Security

(Instructor-led; 3 Days)

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Implementing Cisco IOS Network Security v2.0 (IINS)

CS 340 Cyber Security Weisberg Division of Computer Science College of Information Technology & Engineering Marshall University

CS Ethical Hacking Spring 2016

Tele3119 Trusted Networks Course Outline 2013

CENTRAL TEXAS COLLEGE ITSY 2401 FIREWALLS AND NETWORK SECURITY. Semester Hours Credit: 4 INSTRUCTOR: OFFICE HOURS:

Cryptography and Network Security Chapter 14

CCA CYBER SECURITY TRACK

Cryptography and Network Security

CSUS COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science (RVR 3018; /6834)

CSci 530 Midterm Exam. Fall 2012

90% of data breaches are caused by software vulnerabilities.

Principles of Information Assurance Syllabus

Lecture 1: Introduction. CS 6903: Modern Cryptography Spring Nitesh Saxena Polytechnic University

I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Network Security - ISA 656 Review

Information, Network & Cyber Security

Master of Science in Information Systems & Security Management. Courses Descriptions

COURSE SYLLABUS BMIS 342 CYBER SECURITY

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

CPSC 467b: Cryptography and Computer Security

Why Security Matters. Why Security Matters. 00 Overview 03 Sept CSCD27 Computer and Network Security. CSCD27 Computer and Network Security 1

MW , TU 1-3; and other times by appointment

Course Title: ITAP 3471: Web Server Management

CSCI 4541/6541: NETWORK SECURITY

Computer and Network Security PG Unit Outline School of Information Sciences and Engineering

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

Introduction to Cryptography CS 355

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

(IŞIK - IT201) 1 / 6 COURSE PROFILE. Theory+PS+Lab (hour/week) Local Credits. Course Name Code Semester Term ECTS

Build Your Own Security Lab

Course Content Summary ITN 262 Network Communication, Security and Authentication (4 Credits)

MCS5813 Cryptography Spring and select CRN 3850

Microsoft Security Development Lifecycle for IT. Rob Labbé Application Consulting and Engineering Services

Course Outline Computing Science Department Faculty of Science. COMP Credits Computer Network Security (3,1,0) Fall 2015

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

UVic Department of Electrical and Computer Engineering

CRYPTOG NETWORK SECURITY

Designing and Coding Secure Systems

Chapter 7 Transport-Level Security

Preliminary Course Syllabus

CRYPTOGRAPHY AND NETWORK SECURITY

Cryptography and Network Security Chapter 1

Course mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication

CS 458 / 658 Computer Security and Privacy. Course mechanics. Course website. Module 1 Introduction to Computer Security and Privacy.

Transcription:

Course Design Document IS403: Advanced Information Security and Trust Version 1.3 05/10/ 2008 Xuhua Ding

Table of Content 1 Review Summary...3 2 Overview of Advanced Information Security and Trust Course... 3 Synopsis... 3 Prerequisites... 3 Objectives... 3 Basic Modules... 4 3 Output and Assessment Summary... 5 Exercises, quizzes and in class participation (30%; problem solving)... 5 Quiz (30%)... 6 Team Project (40%)... 6 4 Group Allocation for project... 8 5 Learning Outcome Summary... 9 6 Classroom Planning... 10 7 Course Schedule Summary... 10 8 Lis of Information resource and references... 11 9 Weekly Plan... 11 IS403: Advanced Information Security and Trust Page 2

1 Review Summary Version Description of changes Author Date V1.0 Robert Deng V1.1 Revise the curriculum Xuhua Ding V1.2 Revise the curriculum by adding trusted Xuhua computing, web security and software Ding security V 1.3 Revise the curriculum by replacing the content and adding new projects. Xuhua Ding 26 th Jul 2005 7th Aug, 2006 6 th Jan, 2008 5 th 10, 2008 2 Overview of Advanced Information Security and Trust Course Synopsis Built on the foundation of the Information Security and Trust course (IS302), the Advanced Information Security and Trust course draws on hard-won experience to explain the latest developments in security protocols, network security, web security, application security and industrial standards. Classroom instruction and discussion will closely integrate technical principles with real world applications such as secure e-banking, secure corporate networking, secure messaging in healthcare environment and multimedia system security. In addition, case studies will be used to demonstrate that security and trust are not only for protection of information assets, but also means of improving business operation or even starting new businesses. Besides the textbook knowledge, AIST also brings to the classroom security practices in industries, e.g. Microsoft, and government agencies (e.g IRAS and CSIT). Prerequisites Students are required to have taken (or have been exempted from taking) the Information Security and Trust course (IS302) to understand basic security concepts and techniques. Objectives Upon finishing the course, students are expected to: IS403: Advanced Information Security and Trust Page 3

Understand important security principles, industrial standards, security protocols and their applications. Be able to analyze and evaluate security mechanisms and systems, contrast competing schemes, explain strengths and weaknesses, and identify potential errors or vulnerabilities. Understand the common attacks to security protocols and be able to design security protocols to satisfy security requirements and constraints in real world, such as e-banking, corporate networking, healthcare, and multimedia distribution Be aware of current and future trends in security research and applications. Basic Modules Cryptography Foundation (3 weeks) Advanced Security Technology (5 weeks) - Secure communication protocols - Authentication techniques - Trusted Computing - Database security - Software security (partially by CSIT) Management (2 weeks) - Computer forensics (partially by by IRAS) - Security development lifecycle for IT (SDL-IT) (by Microsoft) Project presentation (1 week) and field trip (1 week) IS403: Advanced Information Security and Trust Page 4

3 Output and Assessment Summary Week Output Assessments 1 Announcement of project 2 3 Weighting in % Group Weighting Remarks 4 Project Proposal due; 5 Issue Assignment 1 5 6 Assignment 1 due; Issue Assignment 2 7 8 Assignment 2 5 (Recess) due 9 Midterm 30 10 11 5 12 10 13 Project presentation and Review 14 No class Project report/ demo (25) 15 Submit project report or demo Total Exercises, quizzes and in class participation (30%; problem solving) IS403: Advanced Information Security and Trust Page 5

Evaluation based on attendance, exercises, and classroom interaction (20%) Take-home assignment (10%) Quiz (30%) Cover all materials from week 1 to 7. Include both multiple choice questions and analytical questions Team Project (40%). The students form their own teams with 4~5 members. Each team chooses either Project A or Project B. Project A: A Study of Information Security Technology and its applications Description: A list of information security technologies is given below. The team may select any topic in the list or, with approval of the course instructor, a topic that is not in the list. The team will prepare project proposal, maximum two pages, describing the technical and business issues to be explored in the project report and presentation. The proposal will briefly describe the security threats, and the most salient technical and business issues that have been uncovered by the team so far, and will sketch out the work plan that the team will follow. Proposals that are not approved must be resubmitted for subsequent approval. In these meetings, the teams will brief the instructor on their progress and the instructor will provide suggestions and feedback, List of Candidate Technologies a) Spam emails and its countermeasures b) Digital Rights Management c) DDoS attacks and the countermeasures d) Security in video streaming e) Security in sensor networks f) Botnet and its countermeasures g) Disaster recovery h) Steganography The team may choose an information security technology that is not on the list. However, this is subject to approval by the instructor. Project B: Design and implementation of a secure application. Description: The team is required to design a secure application. Two candidate applications are listed below. For each application, its basic functions are specified. The team must first identify the security requirements of the application. Then, it employs existing security IS403: Advanced Information Security and Trust Page 6

techniques to design the application/systems in order to satisfy the prescribed security requirements. List of Candidate Applications a) (web forum) HeiKe Alliance is a secret club whose members are hackers. The club head wants to build a web forum so that they can secretly exchange their experience and findings, such as new vulnerabilities and attacking tools, and recruit new members. Suppose you are the club head and have to develop this web forum. b) (group chatting) A company s CEO wants to have a conference with all his marketing managers around the world to discuss their new market expansion plan. Due to the resource constraints in some countries, he chooses to use MSN Messenger group chatting, which allows one participant s message to be sent out to all the others. Suppose you are the CIO of the company and is told to develop an enhanced messenger to protect the security of this incoming meeting. Project A Deliverables: Each team will write a proposal and a project report on their findings and deliver an oral presentation. a) The report will be no more than 30 pages and the oral presentation will be delivers by the team members in 25 minutes followed by 5 minutes Q&A. b) The proposal is less than 2 pages with reasonable formatting, i.e.. single column, single space, 11pt. The proposal must include the names of the team members, the project title, an outline of the report and a schedule. In both the report and the presentation, each team should: a) Describe the background of the chosen technology. b) Explain how the technology evolved, how it works and what security services or functionality it provides. c) Describe the possible business applications of the technology. d) Analyze the possible impact/benefits of deploying the technology in one or more business sectors or markets, and provides a simple case study where appropriate. Project B Deliverables: Each team will write a proposal and a project report and deliver an oral presentation (including a prototype demo). a) The proposal is less than 2 pages with reasonable formatting, i.e. single column, single space, 11pt font. The proposal must include the names of the team members, the project title, an outline of the report and a schedule. b) The report is a design document of the system. The report should explain the security goals of the design and how they are achieved. IS403: Advanced Information Security and Trust Page 7

All security related modules must be elaborated in detail (pseudocode). Grade Policy: Each team will be given a team grade based on the written report. The team members will also be given individual grade based on their oral presentation and Q&A. Project A: Proposal (5%), Presentation (10%), Report (25%) Project B: Proposal (5%), Presentation (10%), Report(20%), demo (5%) Remark: To encourage coding, those teams who implement their projects will be awarded up to 5 bonus points, depending on the quality, and will have a higher priority to be nominated for the AIST scholarship. Important Dates: a) Week 3: Proposal submission b) Week 4: Proposal feedback c) Weeks 12: Oral presentation d) Week 14: Written report 4 Group Allocation for project The students form their own groups. Each group consists of 4~5 members. IS403: Advanced Information Security and Trust Page 8

5 Learning Outcome Summary IS403 Advanced information security and trust Student Tasks to Achieve Outcomes Faculty Methods to assess Outcomes 1 Integration of business & technology in a sector context 1.1 Business IT value linkage skills 1.2 Cost and benefits analysis skills 1.3 Business software solution impact analysis skills 2 IT architecture, design and development skills 2.1 System requirements specification skills YY Analyzing the security requirements of a system Project B proposal Design secure systems. Apply 2.2 Software and IT architecture analysis and existing security technologies/tools YY design skills to solve security problems in Project B, Exam applications. 2.3 Implementation skills Y Implement a secure system Project B 2.4 Technology application skills Y Apply existing security technologies/tools to solve security Project B, A problems in applications. 3 Project management skills 3.1 Scope management skills 3.2 Risks management skills 3.3 Project integration and time management skills 3.4 Configuration management skills 3.5 Quality management skills 4 Learning to learn skills 4.1 Search skills YY 4.2 Skills for developing a methodology for learning 5 Collaboration (or team) skills: Search and study the technical documents, including standards. Assignment 1, Project A 5.1 Skills to improve the effectiveness of group processes and work products Y Students must apply this skills when tackling the group projects Project A, B 6 Change management skills for enterprise systems 7 6.1 Skills to diagnose business changes 6.2 Skills to implement and sustain business changes Skills for working across countries, cultures and borders 7.1 Cross-national awareness skills 7.2 Business across countries facilitation skills 8 Communication skills 8.1 Presentation skills YY 8.2 Writing skills YY Students must do the project presentation. Students must submit a project report. Project A, B Project A, B IS403: Advanced Information Security and Trust Page 9

Y YY This sub-skill is covered partially by the course This sub-skill is a main focus for this course 6 Classroom Planning There is one session of 3 hours classroom in each week. This will be split into two sessions of 1.5 hours each. The first session will mostly cover new topics and review previous lectures. Some portion of the second half may be used for exercises and hand-on experiments. The implementation may vary from week to week. 7 Course Schedule Summary Wk Focus Readings Classroom Activity Assignments 1 Cryptography Foundations I Chapter 2.1, 2.5, Appendix B Review basic security concepts, and principles. Introduce probability and randomness project starts 2 Cryptography Foundations II 3 Cryptography Foundations III Chapter 20.1, 20.2 Chapter 20.3, 19.1~5 hash functions. Lab: find a collision of a hash Public key and symmetric key crypto Project proposal due 4 Secure communication protocols Chapter 22.3, 20.4 Lab: the size of keys 5 Authentication Chapter 3 Password security, biometric authentication Proposal feedback due Assignment 1 6 Database Security 7 Trusted Computing / Software Security 8 Recess 9 Software Security 10 Security development lifecycle for IT Chapter 5 Chapter 7, 11.1, 11.2, 12.1~3 Chapter 10 Exam A talk by Joseph from CSIT on software security and its business issues A guest lecture by Dr. Bradley Jensen from Microsoft 1 hour on SDL 1 hour on threat modeling 1 hour threat modeling lab IS403: Advanced Information Security and Trust Page 10

11 Security Auditing and Computer forensics A 1 hour talk by IRAB on computer on computer forensics. 12 Debate Debate on Trusted Computing Technology 13 Project presentation 14 15 8 List of Information resource and references Course textbook: Computer Security: Principles and Practice, by William Stallings and Lawrie Brown, Pearson International Edition Reference book: 1. Principles of Computer Security: Security+ and Beyond, by Wm Arthur Conklin, Gregory B. White, Chuck Cothren, Dwayne Williams, and Roger L. Davis, McGraw Hill, 2. Security in Computing, by Charles Pfleeger and Shari Pfleeger 3. Information Security: Principles and Practice, by Mark Stamp, Wiley- Interscience, 2005 9 Weekly Plan IS403: Advanced Information Security and Trust Page 11

Week: 1 Date: Topic: Cryptography Foundation Session 1 (Introduction, security principles and processes) Threat, vulnerability and attack Security services Confidentiality Integrity Authentication Availability Understanding of Randomness Chapter 2.1, 2.5, Appendix B Project: Project team formulation (4 person per team) Project assignment and requirement Study of information security technology and its applications Week: 2 Date: Topic: Cryptography Foundation Hash functions o One-way ness o Weak-collision resistance o Strong-collision resistance Application of hash functions Lab: collision of hash functions Chapter 20.1, 20.2 Project: Continue project (office hour) Week: 3 Date: Topic: Cryptography Foundation RSA Cryptosystem o Mathematical foundation of RSA encryption/signatures o OAEP and PSS padding The security implication of the order of public key encryption and digital signatures Symmetric key encryption Lab: security and key size Chapter 20.3, 19.1~5 Project: Project proposal due Week: 4 Date: Topic: Secure Communication Protocols Two party communication: key establishment, confidentiality and integrity protection Multiparty-party communication: Public key infrastructure IS403: Advanced Information Security and Trust Page 12

Chapter 22.3, 20.4 Assignment 1: Eavesdrop the network and do a protocol analysis Week: 5 Date: Topic: Authentication User Authentication Techniques Password Security Biometric Authentication Two factor authentication Single Signon Lab: bio authentication: password + keystroke Chapter 3 Project continue Week: 6 Date: Topic: Database Security Database Access Control Inference Control Statistical Database Chapter 5 Project continues Week: 7 Date: Topic: Software Security Virus Buffer overflow attack and its defense Handling program input Writing Safe Program Code Lab: Buffer overflow attack Chapter 7, 11.1, 11.2, 12.1~3 Project continues Week 8: Recess Week: 9 Date: Topic: Trusted Computing Trusted Computing Midterm IS403: Advanced Information Security and Trust Page 13

Chapter 10 Project continue Week: 10 Date: Topic: Security Development Lifecycle for IT (SDL-IT) 1 hour on SDL-IT 1 hour on Threat Modeling Lab: (1 hour) threat modeling lab Chapter 16.3 Project continues This lecture is led by Dr. Bradley Jensen from Microsoft. Week: 11 Date: Topic: Computer Forensics and Security Auditing 1 hour talk by Felix Lim from IRAS, How a CIT deal with Computer Forensics Computer Forensics and Security Auditing Lab: Windows Forensics Chapter 10 Project continues Some of the material is provided by Microsoft. Week 12: Debate Week 13: Project presentation Week 14: Project due IS403: Advanced Information Security and Trust Page 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information