CS 4351 - Computer Security
concepts and applied methods of computer security, especially as they
relate to confidentiality, integrity, and availability of information
assets. Topics include system security analysis, access control and
various security models, identification and authentication, protection
against external and internal threats, communication protocols and
multiplication of tasks that are performed on computers and the advent
of globalisation of computing in general, the topic of computer
security becomes more and more important. We see in this course what is
computer security, especially as it relates to the protection of
information stored on the computers and exchanged between computers.
Topics include: system security analysis, access control and various
security models, identification and authentication, security in UNIX
and Windows, communication security, cryptography, internet security,
e-commerce security protocols.
"Introduction to Computer Security", by Matt Bishop, Addison Wesley, 2005.
Exams and Grades:
will be two tests. The rest of the grade will be based on written
and/or programming assignments. The following percentages will be used
in formulating the final grade:
Test 1 25%
Test 2 25%
Standards of Conduct:
are expected to conduct themselves in a professional and courteous
manner, as prescribed by the Standards of Conduct. Students may discuss
work assignments and programming exercises in a general way with other
students, but the solutions must be done independently. Similarly,
groups may discuss group project assignments with other groups, but the
solutions must be done by the group itself. Graded work should be
unmistakably your own. You may not transcribe or copy a solution taken
from another person, book, or other source, e.g., a web page.
Professors are required to -- and will -- report academic dishonesty
and any other violation of the Standards of Conduct to the Dean of
Professor: Luc Longpré
Office: 227 CS Building
e-mail: longpre @ utep . edu
Office Hours: Tu-We-Th 1:30-2:30, or by appointment
Knowledge and Comprehension
- Describe the functioning of various types of malicious code, such as viruses, worms, trapdoors.
- Enumerate a set programming techniques that enhances security.
- Explain the various controls available for protection against
internet attacks, including authentication, integrity check, firewalls,
intruder detection systems.
- Describe the different ways of providing authentication of a user or program.
- Describe the mechanisms used to provide security in programs, operating systems, databases and networks.
- Describe the background, history and properties of widely-used encryption algorithms such as DES, AES, and RSA.
- Describe legal, privacy and ethical issues in computer security.
- List and explain the typical set of tasks required of a system security administrator.
Application and Analysis
- Compare different access control, file protection or authentication mechanisms.
- Incorporate encryption, integrity check and/or authentication into a given program or algorithm.
- Set up file protections in a Unix or Windows file system to achieve a given purpose.
- Distinguish between steganography and watermarking as document modification methods.
Synthesis and Evaluation
- Appraise a given code fragment for vulnerabilities.
- Appraise a given protocol for security flaws.
- Design a security protocol for a given application.
- Formulate a security plan for a given scenario, including risk
analysis, organizational security policies, and planning for physical
security and natural disasters.