Semester I, 2001-2002 (Thursday 2 pm - 4 pm, LT27)

Last update: Friday, 17-May-2002 15:09:23 +08

Table of Contents

• Announcements (last updated 17-11-2001)
• General Information
• Brief Course Outline
• Course Material
• Tutorial Information
• Class Schedule
• Frequently Asked Questions

General Information

Lecturer: Mohan S Kankanhalli

Tutors: Li Qiming , Hugh Anderson

Aims and Objectives:

This course aims to develop an appreciation of the basic computer security issues and an understanding of techniques available to address them. This involves understanding of fundamentals of cryptography, general system security issues and security modeling/evaluation techniques.

Brief Description:

With the widespread use of computers and internet as well as the rapid spread of electronic commerce, computer security has become very important. The aim of this course is to provide the basic knowledge about computing systems security. The topics covered in this course include cryptography fundamentals, threats to computer systems, authentication of computer systems, access control, intrusion detection, program security, operating system security, database security, network & distributed systems security fundamentals and security evaluation criteria. While the course does provide all the necessary mathematical background in cryptography, it concentrates more on the systems security aspects. Therefore the primary focus will be on the design of computing systems from the security perspective.

Grading information:

Assignments: 30%
Midterm Exam: 20% [open book]
Final Exam: 50% [open book]

Pre-requisites:

• CS2105 (Computer Communication Networks) or CS2106 (Operating Systems) [required]
• Mathematical maturity [desirable]
• Familiarity with computer systems concepts like computer architecture, operating systems, databases, TCP/IP networking [highly recommended]

Office consultation hours:

• Mohan Kankanhalli Thu 4pm - 6pm (SOC-1 #04-19)
• Li Qiming Mon 4pm - 6pm (S16 #08-15)
• Hugh Anderson Wed 10am - 12nn (S16 #08-03)

<-- Table of Contents

Brief Course Outline

* Introduction to Computer Security (2 hrs)
    Background; security goals and threats
* Cryptography Fundamentals (4 hrs)
   Number theory background; RSA Public-key cryptography; Digital Signatures; Data Encryption Standard
* Security Protocols (2 hrs)
   Fundamentals; Key-distribution protocols; Digital Signature Protocols; Advanced Protocols; Cipher-chains
* Program Security (2 hrs)
   Viruses and other malicious code; Controls against program threats
* Operating Systems Security (6 hrs)
   Access control models; Security models & policies; OS Security mechanisms & design principles
* Database Security (2 hrs)
   Requirements; reliability and integrity of data
* Distributed Systems Security (4 hrs)
   Network security basics; IP Security; Firewalls; Kerberos
* Security policies, standards & assurance (2 hrs)
   Security evaluation; Security management, planning & disaster recovery
* Security: current issues & trends (2 hrs)

The main textbook for the course will be:

• Charles Pfleeger (1997), Security in Computing, Prentice Hall International.

• Dieter Gollman (1999), Computer Security, Wiley.

It is not necessary to buy Gollman's book. I will be covering the OS Security lectures from Gollman's book with Pfleeger's book being the secondary material. Copies of the slides will be made available through the coop. In addition, occasional supplementary material will be provided in order to facilitate your grasp of a particular topic and will help provide a deeper understanding of the lecture content. However, this material may contain advanced concepts not covered in the lecture. But as far as exams are concerned, you are responsible only for the material covered in the class.

<-- Table of Contents

Tutorial Information

The class has been divided into 14 tutorial groups:

Group 1: Tue 2pm to 3pm (TR7 (SOC-1 4^th Floor))
Group 2: Tue 3pm to 4pm (TR7 (SOC-1 4^th Floor))
Group 3: Tue 4pm to 5pm (TR7 (SOC-1 4^th Floor))
Group 4: Tue 5pm to 6pm (TR7 (SOC-1 4^th Floor))
Group 5: Wed 9am to 10am (TR7 (SOC-1 4^th Floor))
Group 6: Wed 10am to 11am (TR7 (SOC-1 4^th Floor))
Group 7: Wed 11am to 12nn (TR7 (SOC-1 4^th Floor))
Group 8: Fri 2pm to 3pm (TR7 (SOC-1 4^th Floor))
Group 9: Fri 3pm to 4pm (TR7 (SOC-1 4^th Floor))
Group 10: Fri 4pm to 5pm (TR7 (SOC-1 4^th Floor))
Group 11: Tue 2pm to 3pm (TR8 (SOC-1 5^th Floor))
Group 12: Tue 3pm to 4pm (TR8 (SOC-1 5^th Floor))
Group 13: Tue 4pm to 5pm (TR8 (SOC-1 5^th Floor))
Group 14: Tue 5pm to 6pm (TR8 (SOC-1 5^th Floor))

  Tutorial 1: Tutorial on Crypto I (Week of Aug 13^th)
  Tutorial 2: Tutorial on Crypto II (Week of Aug 20^th)
  Tutorial 3: Tutorial on Security Protocols (Week of Aug 27^th)
  Tutorial 4: Tutorial on Program Security (Week of Sep 10^th)
  Tutorial 5: Tutorial on OS Security I (Week of Sep 17^th)
  Tutorial 6: Tutorial on OS Security II (Week of Sep 24^th)
  Tutorial 7: Tutorial on OS Security III (Week of Oct 1^st)
  Tutorial 8: Tutorial on Database Security (Week of Oct 8^th)
  Tutorial 9: Tutorial on Distributed Sys Security I (Week of Oct 15^th)
  Tutorial 10: Tutorial on Distributed Sys Security II (Week of Oct 22^nd)

  Tutorial Solutions: (Brief answers)

<-- Table of Contents

Class Schedule

26^th July (Week 0): No Lecture

2^nd Aug (Week 1): Introduction to Computer Security

• Reading: Pfleeger Chapter 1

4^th Aug (Week 2): Cryptography I  8.00am - 10.00am @ LT33   Note: make-up class for August 9^th

• Reading: Pfleeger Chapter 3.1-3.6

16^th Aug (Week 3): Cryptography II

• Reading: Pfleeger Chapter 3.7-3.10, 4.5

  Assignment 1: Digital Signature Implementation (Due Aug 27)

18^th Aug (Week 4): Security Protocols   8.00am - 10.00am @ LT33   Note: make-up class for August 23^rd

• Reading: Pfleeger Chapter 4.1-4.4

30^th Aug (Week 5): Program Security

• Reading: Pfleeger Chapter 5

  Assignment 2: Computer Virus Programming Assignment (Due Sep 24)

6^th Sep Semester Break

13^th Sep (Week 6): Operating Systems Security I

• Reading: Gollman Chapter 3

15^th Sep AM: Midterm Examination  8.30am @ LT33 (Tut groups 1-7) & LT34 (Tut groups 8-14)

This will be an open-book exam and it will be based on the material covered till Aug 30 (which is Program Security).

20^th Sep (Week 7): Operating Systems Security II

• Reading: Gollman Chapter 4 (& Pfleeger Chapter 7 optional)

27^th Sep (Week 8): Operating Systems Security III

• Reading: Gollman Chapter 5 (& Pfleeger Chapter 6 optional)

  Assignment 3: Security Protocol Design Assignment (Due Oct 22)

4^th Oct (Week 9): Database Security

• Reading: Pfleeger Chapter 8

11^th Oct (Week 10): Distributed Systems Security I

• Reading: Pfleeger Chapter 9.1-9.3

18^th Oct (Week 11): Distributed Systems Security II

• Reading: Pfleeger Chapter 9.5-9.8
• Supplementary reading: Firewalls; Kerberos

20^th Oct (Week 12): Security Policies, Standards & Assurance   8.00am - 10.00am @ LT33   Note: make-up class for October 25^th

• Reading: Pfleeger Chapter 10

1^st Nov (Week 13): Current Issues & Trends

20^th Nov Late Afternoon: Final Examination

<-- Table of Contents

Frequently Asked Questions

Lectures FAQ
Assignment 1 FAQ
Assignment 2 FAQ
Assignment 3 FAQ

<-- Table of Contents