CS3235: Computer Security

Course Home Page

Semester I, 2001-2002 (Thursday 2 pm - 4 pm, LT27)

Last update: Friday, 17-May-2002 15:09:23 +08


Table of Contents



General Information

Lecturer: Mohan S Kankanhalli

Tutors: Li Qiming , Hugh Anderson

Lectures: 26 Hours (Thursday, 2pm - 4pm, LT27)

Tutorials: 10 Tutorial Sessions

Closed Laboratory: Nil

Open Laboratory: 13 Hours (3 assignments)

Midterm Examination: 15th September, AM

Final Examination: 20th November, Late Afternoon

Aims and Objectives:

This course aims to develop an appreciation of the basic computer security issues and an understanding of techniques available to address them. This involves understanding of fundamentals of cryptography, general system security issues and security modeling/evaluation techniques.

Brief Description:

With the widespread use of computers and internet as well as the rapid spread of electronic commerce, computer security has become very important. The aim of this course is to provide the basic knowledge about computing systems security. The topics covered in this course include cryptography fundamentals, threats to computer systems, authentication of computer systems, access control, intrusion detection, program security, operating system security, database security, network & distributed systems security fundamentals and security evaluation criteria. While the course does provide all the necessary mathematical background in cryptography, it concentrates more on the systems security aspects. Therefore the primary focus will be on the design of computing systems from the security perspective.

Grading information:

Assignments: 30%
Midterm Exam: 20% [open book]
Final Exam: 50% [open book]

Pre-requisites:

Office consultation hours:

<-- Table of Contents


Brief Course Outline

* Introduction to Computer Security (2 hrs)
    Background; security goals and threats
* Cryptography Fundamentals (4 hrs)
  
Number theory background; RSA Public-key cryptography; Digital Signatures; Data Encryption Standard
* Security Protocols (2 hrs)
  
Fundamentals; Key-distribution protocols; Digital Signature Protocols; Advanced Protocols; Cipher-chains
* Program Security (2 hrs)
  
Viruses and other malicious code; Controls against program threats
* Operating Systems Security (6 hrs)
  
Access control models; Security models & policies; OS Security mechanisms & design principles
* Database Security (2 hrs)
  
Requirements; reliability and integrity of data
* Distributed Systems Security (4 hrs)
  
Network security basics; IP Security; Firewalls; Kerberos
* Security policies, standards & assurance (2 hrs)
  
Security evaluation; Security management, planning & disaster recovery
* Security: current issues & trends (2 hrs)

<-- Table of Contents


Course Material

The main textbook for the course will be:

The course will be centered around the above textbook, supplemented by material from elsewhere wherever required. I hope to cover almost the whole of the book which is rather ambitious. In addition, you may wish to look at this (more recent) excellent book on computer security:

It is not necessary to buy Gollman's book. I will be covering the OS Security lectures from Gollman's book with Pfleeger's book being the secondary material. Copies of the slides will be made available through the coop. In addition, occasional supplementary material will be provided in order to facilitate your grasp of a particular topic and will help provide a deeper understanding of the lecture content. However, this material may contain advanced concepts not covered in the lecture. But as far as exams are concerned, you are responsible only for the material covered in the class.

<-- Table of Contents


Tutorial Information

The class has been divided into 14 tutorial groups:

  Tutorial 1: Tutorial on Crypto I (Week of Aug 13th)
  Tutorial 2: Tutorial on Crypto II (Week of Aug 20th)
  Tutorial 3: Tutorial on Security Protocols (Week of Aug 27th)
  Tutorial 4: Tutorial on Program Security (Week of Sep 10th)
  Tutorial 5: Tutorial on OS Security I (Week of Sep 17th)
  Tutorial 6: Tutorial on OS Security II (Week of Sep 24th)
  Tutorial 7: Tutorial on OS Security III (Week of Oct 1st)
  Tutorial 8: Tutorial on Database Security (Week of Oct 8th)
  Tutorial 9: Tutorial on Distributed Sys Security I (Week of Oct 15th)
  Tutorial 10: Tutorial on Distributed Sys Security II (Week of Oct 22nd)

  Tutorial Solutions: (Brief answers)

<-- Table of Contents


Class Schedule

26th July (Week 0): No Lecture

2nd Aug (Week 1): Introduction to Computer Security

4th Aug (Week 2): Cryptography I  8.00am - 10.00am @ LT33   Note: make-up class for August 9th


16th Aug (Week 3): Cryptography II

  Assignment 1: Digital Signature Implementation (Due Aug 27)

18th Aug (Week 4): Security Protocols   8.00am - 10.00am @ LT33   Note: make-up class for August 23rd


30th Aug (Week 5): Program Security

  Assignment 2: Computer Virus Programming Assignment (Due Sep 24)

6th Sep Semester Break

13th Sep (Week 6): Operating Systems Security I

15th Sep AM: Midterm Examination  8.30am @ LT33 (Tut groups 1-7) & LT34 (Tut groups 8-14)

This will be an open-book exam and it will be based on the material covered till Aug 30 (which is Program Security).

20th Sep (Week 7): Operating Systems Security II

27th Sep (Week 8): Operating Systems Security III

  Assignment 3: Security Protocol Design Assignment (Due Oct 22)

4th Oct (Week 9): Database Security

11th Oct (Week 10): Distributed Systems Security I

18th Oct (Week 11): Distributed Systems Security II

20th Oct (Week 12): Security Policies, Standards & Assurance   8.00am - 10.00am @ LT33   Note: make-up class for October 25th

1st Nov (Week 13): Current Issues & Trends

20th Nov Late Afternoon: Final Examination

<-- Table of Contents


Frequently Asked Questions

Lectures FAQ
Assignment 1 FAQ
Assignment 2 FAQ
Assignment 3 FAQ

<-- Table of Contents