Major prerequisites by topic: Basic concepts in operating systems, computer networks, and database systems. Intermediate programming.



Similar documents
UNIVERSITY OF MACAU DEPARTMENT OF COMPUTER AND INFORMATION SCIENCE SFTW 463 Data Visualization Syllabus 1 st Semester 2011/2012 Part A Course Outline

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

TIME SCHEDULE. 1 Introduction to Computer Security & Cryptography 13

Department of Computer & Information Sciences. INFO-450: Information Systems Security Syllabus

Information Security Course Specifications

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

COMP-530 Cryptographic Systems Security *Requires Programming Background. University of Nicosia, Cyprus

CS 450/650 Fundamentals of Integrated Computer Security

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

Textbook: C M Chang, Engineering Management: Challenges in the New Millennium, Prentice Hall, 2004.

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

Curran, K. Tutorials. Independent study (including assessment) N/A

Weighted Total Mark. Weighted Exam Mark

CRYPTOGRAPHY AND NETWORK SECURITY

Network Security Essentials:

(IŞIK - IT201) 1 / 6 COURSE PROFILE. Theory+PS+Lab (hour/week) Local Credits. Course Name Code Semester Term ECTS

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

CRYPTOG NETWORK SECURITY

CSUS COLLEGE OF ENGINEERING AND COMPUTER SCIENCE Department of Computer Science (RVR 3018; /6834)

e-code Academy Information Security Diploma Training Discerption

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

Computer and Network Security PG Unit Outline School of Information Sciences and Engineering

CS 464/564 Networked Systems Security SYLLABUS

Course Outline Computing Science Department Faculty of Science. COMP Credits Computer Network Security (3,1,0) Fall 2015

Common Syllabus Revised

Course Syllabus. Course code: Academic Staff Specifics. Office Number and Location

SE 4472a / ECE 9064a: Information Security

Network Security Course Specifications

University of Wisconsin-Whitewater Curriculum Proposal Form #3 New Course

Network Security SWISS GERMAN UNIVERSITY. Administration Charles Lim

University of Macau Undergraduate Electromechanical Engineering Program

Computer Security (EDA263 / DIT 641)

COURSE PROFILE. This course aims to give IT people the awareness for security needs of information in organizations, tools to enhance security.

Cryptography and network security CNET4523

Course Design Document. IS403: Advanced Information Security and Trust

Information Security and Cryptography

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

CSCI 454/554 Computer and Network Security. Instructor: Dr. Kun Sun

Lecture 1: Introduction. CS 6903: Modern Cryptography Spring Nitesh Saxena Polytechnic University

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Information, Network & Cyber Security

Why Security Matters. Why Security Matters. 00 Overview 03 Sept CSCD27 Computer and Network Security. CSCD27 Computer and Network Security 1

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

CNA 432/532 OSI Layers Security

CIS 253. Network Security

HARFORD COMMUNITY COLLEGE 401 Thomas Run Road Bel Air, MD Course Outline

CPSC 467: Cryptography and Computer Security

CS Ethical Hacking Spring 2016

EECS 588: Computer and Network Security. Introduction January 14, 2014

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

CNT5412/CNT4406 Network Security. Course Introduction. Zhenhai Duan

Syllabus. No: CIS 200. Title: Fundamentals of Network Security. Credits: 4. Coordinator: Dr. B. Dike-Anyiam, Computer Science & Networking Lecturer

City University of Hong Kong. Information on a Course offered by Department of Computer Science with effect from Semester A in 2014 / 2015

EECS 588: Computer and Network Security. Introduction

BUY ONLINE FROM:

MW , TU 1-3; and other times by appointment

CS 5490/6490: Network Security Fall 2015

CSC 474 Information Systems Security

Content Teaching Academy at James Madison University

Network Security Essentials Chapter 5

Chapter 7 Transport-Level Security

Professor s Contact Information Office Phone Other Phone n/a Office Location ECS South Address

TCOM 562 Network Security Fundamentals

CIS 6930/4930 Computer and Network Security. Dr. Yao Liu

CSCI 4541/6541: NETWORK SECURITY

Data Encryption and Network Security

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Asheville-Buncombe Technical Community College Department of Networking Technology. Course Outline

Computer Security: Principles and Practice

CISA TIMETABLE (4 DAYS)

MS Information Security (MSIS)

Course mechanics. CS 458 / 658 Computer Security and Privacy. Course website. Additional communication

CS 425 Software Engineering. Course Syllabus

Transport Level Security

Legal and Ethical Aspects. IT 4823 Information Security Administration. Cybercrime / Computer Crime. Law Enforcement Challenges.

CS 425 Software Engineering. Course Syllabus

Certificate in Cyber Security

CS 458 / 658 Computer Security and Privacy. Course mechanics. Course website. Module 1 Introduction to Computer Security and Privacy.

ACADEMIA LOCAL CISCO UCV-MARACAY CONTENIDO DE CURSO CURRICULUM CCNA. SEGURIDAD CCNA SECURITY. VERSION 1.0

COURSE PROFILE. Business Intelligence MIS531 Fall

UVic Department of Electrical and Computer Engineering

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

CS 161 Computer Security Spring 2010 Paxson/Wagner MT2

Syllabus COMP 517 Computer Security Penn State Harrisburg Fall 2009

(Instructor-led; 3 Days)

CS 425 Software Engineering

Introduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities

Report on Game Design and Development Courses Meeting Knowledge Areas

Computer Science 3CN3 Computer Networks and Security. Software Engineering 4C03 Computer Networks and Computer Security. Winter 2008 Course Outline

Fundamentals of Network Security - Theory and Practice-

Bachelor of Information Technology (Network Security)

CHIPOLA COLLEGE COURSE SYLLABUS Chipola s website:

Network Security. Text. Administrative. My Information. Course Focus. Evaluation CEN

Networked Systems Security

Chapter 6 Electronic Mail Security

Bellevue University Cybersecurity Programs & Courses

NEOSHO COUNTY COMMUNITY COLLEGE MASTER COURSE SYLLABUS. Division: Applied Science (AS) Liberal Arts (LA) Workforce Development (WD)

Transcription:

Elective course in Computer Science University of Macau Faculty of Science and Technology Department of Computer and Information Science SFTW498 Information Security Syllabus 2nd Semester 2011/2012 Part A Course Outline Catalog description: (3-2) 4 credits. The course introduces students to the fundamental issues concerning information security and applied cryptography. The areas covered are protecting information using symmetric and public key cryptography, cryptographic hash functions and standards, digital signatures, digital certificates, viruses and other malicious code, firewalls, intrusion detection systems, security management, and legal and ethical aspects. Course type: Theoretical with substantial laboratory/practice content Prerequisites: SFTW231 SFTW331 SFTW370 Textbook(s) and other required material: William Stallings & Lawrie Brown, Computer Security: Principles and Practice, ISBN-10: 0136004245, ISBN-13: 9780136004240, Prentice Hall, 1 st Edition, 2008. References: William Stallings, Cryptography and Network Security, ISBN-10: 0131873164, ISBN-13: 978-0131873162, Prentice Hall; 4th Edition, 2005. Charles P. Pfleeger, Shari Lawrence Pfleeger, Security in Computing, 4th Edition, Prentice Hall, 2006. Richard J. Spillman, Classical and Contemporary Cryptology, Prentice Hall, 2005. Elizabeth D. Zwicky, Simon Cooper, D. Brent Chapman, Deborah Russell, Building Internet Firewalls, 2nd Edition, O'Reilly & Associates, 2000. Messaoud Benantar, Introduction to the Public Key Infrastructure for the Internet, Prentice Hall, 2002. FIPS PUB 46-3, FIPS PUB 197, FIPS PUB 180-2, FIPS PUB 198a, RFC1321, and Publications from IEEE, ACM, USENIX Security Symposium and CryptoBytes. Major prerequisites by topic: Basic concepts in operating systems, computer networks, and database systems. Intermediate programming. Course objectives: Introduce students to the computer security technology and principles. [a] Introduce students to the management aspects of computer security. [a, f] Introduce students to the cryptographic algorithms. [a] Topics covered: Overview (3 hours): Study computer security concepts. Discuss computer-related assets that are subject to threats and attacks. Review security functional requirements, a security architecture for open systems, the scope of computer security, computer security trends, and computer security strategy. Cryptographic Tools (3 hours): Review the various types of cryptographic algorithms and introduce the most important standardized algorithms in common use. These algorithms include symmetric encryption, message 1

authentication and hash functions, public-key encryption, digital signatures and key management, generation of random and pseudorandom numbers, and encryption of stored data. User Authentication (3 hours): Discuss the means of authentication. Study password-based authentication, token-based authentication, biometric authentication, and remote user authentication. Discuss security issues for user authentication and practical applications. Access Control (3 hours): Review access control principles, subjects, objects, access rights, discretionary access control, Unix file access control, and role-based access control. Intrusion Detection (3 hours): Identify the classes of intruders. Discuss basic principles of intrusion detection. Study host-based intrusion detection, distributed host-based intrusion detection, network-based intrusion detection, distributed adaptive intrusion detection, intrusion detection exchange format, and honeypots. Malicious Software (3 hours): Examine types of malicious software, viruses, virus countermeasures, worms, bots, and rootkits. Denial of Service (3 hours): Explore denial of service attacks, flooding attacks, distributed denial of service attacks, reflector and amplifier attacks. Review the defenses against denial of service attacks and responding to a denial of service attack. Firewall and Intrusion Prevention Systems (3 hours): Discuss the need for firewalls. Review firewall characteristics, types of firewalls, firewall basing, firewall location and configurations, and intrusion prevention systems. IT Security Management and Risk Assessment (3 hours): Review the process of how to best select and implement a range of technical and administrative measures to effectively address an organization s security requirements. Examine the role and importance of the IT systems in the organization. Study security risk assessment approaches and detailed security risk analysis. IT Security Controls, Plans, and Procedures (3 hours): Explore the range of management, operational, and technical controls or safeguards available that can be used to improve security of IT systems and processes. Legal and Ethical Aspects (3 hours): Study the classification of cybercrime and computer crime. Discuss about intellectual property, privacy, and ethical issues. Symmetric Encryption and Message Confidentiality (6 hours): Study symmetric encryption principles, Data Encryption Standard, Advanced Encryption Standard, stream ciphers and RC4, cipher block modes of operation, location of symmetric encryption devices, and key distribution. Public Key Cryptography and Message Authentication (3 hours): Study secure hash functions, HMAC, the RSA public-key encryption algorithm, Diffie-Hellman, and other asymmetric algorithms. Class/laboratory schedule: Timetabled work in hours per week Lecture Tutorial Practice No of teaching weeks Total hours Total credits No/Duration of exam papers 3 2 Nil 14 70 4 1 / 3 hours Student study effort required: Class contact: Lecture Tutorial Other study effort Self-study Homework assignment Total student study effort 42 hours 28 hours 28 hours 12 hours 110 hours Student assessment: Final assessment will be determined on the basis of: Homework 20% Project 10% Mid-term exam 30% Final exam 40% Course assessment: The assessment of course objectives will be determined on the basis of: Assignments, project and exams Course evaluation 2

Course outline: Weeks Topic Course work Overview Definition of computer security concepts, threats, attacks, assets, 1 security functional requirements, a security architecture for open systems, the scope of computer security, computer security trends, computer security strategy. 2 Cryptographic Tools Confidentiality with symmetric encryption, message authentication and hash functions, public-key encryption, digital signatures and key Assignment#1 management, random and pseudorandom numbers, encryption of stored data. 3-4 Symmetric encryption and Massage Confidentiality Symmetric encryption principles, Data Encryption Standard, Advanced Encryption Standard, stream ciphers and RC4, cipher Assignment#2 block modes of operation, location of symmetric encryption devices, key distribution. 5 Public-key Cryptography and Message Authentication Secure hash functions, HMAC, the RSA public-key encryption Project algorithm, Diffie-Hellman and other asymmetric algorithms. 6 User Authentication Means of authentication, password-based authentication, token-based authentication, biometric authentication, remote user authentication, Assignment#3 security issues for user authentication, practical applications and case study. Access Control 7 Access control principles, subjects, objects, access rights, Midterm discretionary access control, Unix file access control, Role-based access control, case study. 8 Intrusion Detection Intruders, intrusion detection, host-based intrusion detection, distributed host-based intrusion detection, network-based intrusion Assignment#4 detection, distributed adaptive intrusion detection, intrusion detection exchange format, honeypots. 9 Malicious Software Types of malicious software, viruses, virus countermeasures, worms, Assignment#5 bots, rootkits. 10 Denial of Service Denial of service attacks, flooding attacks, distributed denial of service attacks, reflector and amplifier attacks, defenses against Assignment#6 denial of service attacks, responding to a denial of service attack. 11 Firewalls and Intrusion Prevention Systems The need for firewalls, firewall characteristics, types of firewalls, firewall basing, firewall location and configurations, intrusion Assignment#7 prevention systems. 12 IT Security Management and Risk Assessment IT security management, organizational context and security policy, Assignment#8 security risk assessment, detailed security risk analysis, case study. 13 IT Security Controls, Plans and Procedures IT security management implementation, security controls or safeguards, IT security plan, implementation of controls, Assignment#9 implementation, follow up, case study. 14 Legal and Ethical Aspects Cybercrime and computer crime, intellectual property, privacy, ethical issues. Assignment#10 3

Contribution of course to meet the professional component: This course prepares students to work professionally in the area of Information Security. Relationship to CS program objectives and outcomes: This course primarily contributes to the Computer Science program outcomes that develop student abilities to: (a) an ability to apply knowledge of computing, mathematics, science, and engineering. (f) an understanding of professional, ethical, legal, security and social issues and responsibilities. Relationship to CS program criteria: Criterion DS PF AL AR OS NC PL HC GV IS IM SP SE CN Scale: 1 (highest) to 4 (lowest) 4 3 2 3 Discrete Structures (DS), Programming Fundamentals (PF), Algorithms and Complexity (AL), Architecture and Organization (AR), Operating Systems (OS), Net-Centric Computing (NC), Programming Languages (PL), Human-Computer Interaction (HC), Graphics and Visual Computing (GV), Intelligent Systems (IS), Information Management (IM), Social and Professional Issues (SP), Software Engineering (SE), Computational Science (CN). Course content distribution: Percentage content for Mathematics Science and engineering subjects Complementary electives Total Coordinator: Prof. Chi Man Pun 0% 20% 80% 100% Persons who prepared this description: Dr. Yain Whar Si 4

Part B General Course Information and Policies 2nd Semester 2011/2012 Instructor: Dr. Yain Whar Si Office: N404 Office hour: by appointment Phone: 8397 4454 Email: fstasp@umac.mo Time/Venue: To be announced Grading distribution: Percentage Grade Final Grade Percentage Grade Final Grade 100-93 A 92-88 A 87-83 B+ 82-78 B 77-73 B 72-68 C+ 67-63 C 62-58 C 57-53 D+ 52-50 D below 50 F Comment: The objectives of the lectures are to explain and to supplement the text material. Students are responsible for the assigned material whether or not it is covered in the lecture. Students are encouraged to look at other sources (other references, etc.) to complement the lectures and text. Homework policy: The completion and correction of homework is a powerful learning experience; therefore: There will be approximately 10 homework assignments. Homework is due one week after assignment unless otherwise noted. Course project: The project is probably the most exciting part of this course and provides students with meaningful experience. Students will work individually for the project. The requirements will be announced and discussed in class. The project will be presented at the end of semester. Exam: One 2-hour mid-term exam will be held during the semester. Both the mid-term and final exams are closed book examinations. There will be occasional in-class assignment. Note: Check UMMoodle (UMMoodle.umac.mo) for announcement, homework and lectures. Report any mistake on your grades within one week after posting. No make-up exam is given except for CLEAR medical proof. Cheating is absolutely prohibited by the university. 5

Appendix: Rubric for Program Outcomes Rubric for (a) 5 (Excellent) 3 (Average) 1 (Poor) Students have some Students understand Understand the confusion on some theoretic background and theoretic background or do not the limitations of the background understand theoretic respective applications. background completely. Compute the problem correctly Students use correct techniques, analyze the problems, and compute them correctly. Students sometime solve problem mistakenly using wrong techniques. Students do not understand the background or do not study at all. Students do not know how to solve problems or use wrong techniques completely. Rubric for (f) 5 (Excellent) 3 (Average) 1 (Poor) Understand how to critique Have knowledge of safety, and analyze design liability, and integrity of Design tradeoffs and constraints data, and context of use but with respect to safety, cannot analyze thoroughly. liability, and integrity of data, and context of use. Professional engineering practice Understand how to critique and analyze tradeoffs and constraints with respect to research issues of credit and authorship, integrity of data, and informed consent. Have knowledge of credit and authorship, integrity of data, and informed consent but cannot completely identify ownership in practical. No awareness of importance of safety, liability, and integrity of data, and context of use. No awareness of credit and authorship, integrity of data, and informed consent. 6

7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information