Course Description:

To familiarize students with the security issues and technologies involved in modern information systems, including computer systems and networks and the various ways in which information systems can be attacked and tradeoffs in protecting networks.

Course Goals or Learning Outcomes:

By the end of this course, students will be able to:

Understand the basic concepts in information security, including security attacks/threats, security vulnerabilities, security policies, security models, and security mechanisms. Understand the concepts, principles, and practices related to elementary cryptography, including plain-text, cipher-text, the four techniques for crypto-analysis, symmetric cryptography, asymmetric cryptography, digital signature, message authentication code, hash functions, and modes of encryption operations.

Understand issues related to program security and the common vulnerabilities in computer programs; including buffer overflow vulnerabilities, time-of-check to time-of-use flaws, incomplete mediation. Explain and compare security mechanisms for conventional operating systems, including memory, time, file, object protection requirements and techniques and protection in contemporary operating systems.

Understand the basic requirements for trusted operating systems, and describe the independent evaluation, including evaluation criteria and evaluation process. Describe security requirements for database security, and describe techniques for ensuring database reliability and integrity, secrecy, inference control, and multi-level databases.

Describe threats to networks, and explain techniques for ensuring network security, including encryption, authentication, firewalls, and intrusion detection. Explain the requirements and techniques for security management, including security policies, risk analysis, and physical threats and controls.

Prerequisites: Data Communications and Computer Networks (CoSc2061)