University of Texas at El Paso
Banner
Compuer Science
   
Syllabus Minimize    



CS 4351 - Computer Security


Spring 2014 Course Syllabus



Course Description:
General concepts and applied methods of computer security, especially as they relate to confidentiality,
integrity, and availability of information assets.
Topics include system security analysis, access control and various security models,
identification and authentication, protection against external and internal threats,
communication protocols and internet security.



Course Goals:
With the multiplication of tasks that are performed on computers and the advent of globalisation of computing in general,
the topic of computer security becomes more and more important.
We see in this course what is computer security,
especially as it relates to the protection of information stored on the computers and exchanged between computers.
Topics include: system security analysis, access control and various security models, identification and authentication,
security in UNIX and Windows, communication security, cryptography, internet security, e-commerce security protocols.



Textbook:
"Computer Security", by Dieter Gollmann, 3rd edition, Wiley, 2011. (ISBN 9780470741153)



Course website:
https://faculty.utep.edu/Default.aspx?tabid=72960



Exams and Grades:
There will be a midterm, a final, and a research report.
The rest of the grade will be based on written and/or programming assignments.
The following percentages will be used in formulating the final grade:


  • Midterm 25%

  • Final 30%

  • Research Report 10%

  • Assignments 35%



Standards of Conduct:
Students are expected to conduct themselves in a professional and courteous manner,
as prescribed by the Standards of Conduct.
Students may discuss work assignments and programming exercises in a general way with other students,
but the solutions must be done independently.
Similarly, groups may discuss group project assignments with other groups,
but the solutions must be done by the group itself.
Graded work should be unmistakably your own.
You may not transcribe or copy a solution taken from another person, book, or other source, e.g., a web page.
Professors are required to -- and will -- report academic dishonesty and any other
violation of the Standards of Conduct to the Dean of Students.

Disabilities:
If you have a disability and need classroom accommodations,
please contact The Center for Accommodations and Support Services (CASS) at 747-5148,
or by email to cass@utep.edu, or visit their office located in UTEP Union East, Room 106.
For additional information, please visit the CASS website at www.sa.utep.edu/cass.



Faculty Information:

Professor: Luc Longpré

Office: 3.0420 CCS building

Phone: 747-6804

e-mail: longpre @ utep . edu

Office Hours: See
https://faculty.utep.edu/longpre
for office hours and appointments.

Course outcomes:



Knowledge and Comprehension


  1. Describe the functioning of various types of malicious code, such as viruses, worms, trapdoors.

  2. Enumerate programming techniques that enhance security.

  3. Explain the various controls available for protection against internet attacks, including authentication, integrity check, firewalls, intruder detection systems.

  4. Describe the different ways of providing authentication of a user or program.

  5. Describe the mechanisms used to provide security in programs, operating systems, databases and networks.

  6. Describe the background, history and properties of widely-used encryption algorithms.

  7. Describe legal, privacy and ethical issues in computer security.

  8. List and explain the typical set of tasks required of a information security professional.

  9. Describe the principles of steganography and watermarking


Application and Analysis



  1. Compare different access control, file protection or authentication mechanisms.

  2. Set up file protections in a Unix or Windows file system to achieve a given purpose.

  3. Incorporate encryption, integrity check and/or authentication into a given program or algorithm.


Synthesis and Evaluation



  1. Appraise a given code fragment for vulnerabilities.

  2. Appraise a given protocol for security flaws.

  3. Assess risk for a given network system using publicly available tools and techniques.




Tentative Schedule:














































































































Week Dates Topic Material Reference
1 1/22/2014 Course Overview

2 1/27/2014
1/29/2014
Principles of security, Management & Risk Confidentiality, integrity, availability, accountability, non-repudiation, threats,
vulnerabilities, attacks, mitigation, risk
Ch 2, 3
3 2/3/2014
2/5/2014
Identification and Authentication passwords, cracking, phishing, spoofing, social engineering, biometrics Ch 4
4 2/10/2014
2/12/2014
Access Control access control operations and structures, groups, privileges, role-based access control, policies Ch 5
5 2/17/2014
2/19/2014
OS security Unix: user accounts, superuser, groups, login, file permissions, set userID

Windows: registry, permissions, policies, user accounts
Ch 7, 8
6 2/24/2014
2/26/2014
Application security Malware taxonomy, hackers, memory management, scripting, SQL injection, race conditions Ch 10
7 3/3/2014
3/5/2014
Review, midterm

8

Spring break

9 3/17/2014
3/19/2014
Security models Bell-LaPadula, Biba, Chinese wall, Clark-Wilson, Harrison-Ruzzo-Ullman, information-flow Ch 11, 12
10 3/24/2014
3/26/2014
Cryptography Common encryption algorithms, cryptographic hashing, digital signatures, protocols, key establishment, key management Ch 14, 15
11 4/7/2014
4/9/2014
Database Security database access control, statistical database security, privacy protection Ch 9
12 4/14/2014
4/16/2014
Security evaluation Orange book, federal criteria, common criteria, quality standards Ch 13
13 4/21/2014
4/23/2014
Network Security TCP sessions, domain name system, firewalls, intrusion detection Ch 17
14 4/28/2014
4/30/2014
Web Security web browsers, cookies, cross-site scripting, web services security, cloud security Ch 18
15 5/5/2014
5/7/2014
Student presentations

16 5/14/2014 Final exam