Mahadevan Gomathisankaran

TA: Anju Suryawanshi AnjuSuryawanshi@my.unt.edu

Office Hours: Tu Th 2 - 3 PM and by appointment

Class Hours: Tu Th 3:30 - 4:50 PM @ NTDP B190

Announcements

• 12/02/09 - Final Exam scheduled on Thursday 12/17/2009 1:30 PM.
• 12/01/09 - Assignments 3 and 4 graded. Project Submission due on 12/4/09 5 PM.
• 11/12/09 - Assignments 4 and 5 (optional) due date extended to 11/20/09 5 PM.
• 11/03/09 - Assignments 4 and 5 (optional) due date extended by 1 week to 11/12/09.
• 10/22/09 - Assignment 4 posted. Due on 11/05/09 5 PM.
• 10/15/09 - Reading assignment: A Taxonomy of Computer Program Security Flaws, with Examples
• 10/09/09 - Assignment 3 posted to Blackboard, due on 10/20/09 5 PM.
• 09/24/09 - Assignment 1 graded. Collect your graded solutions.
• 09/22/09 - Assignment 2 posted in Blackboard course webpage. Due on 09/30/09 5 PM. Submit your solutions online in Blackboard.
• 09/15/09 - Midterm Exam scheduled on 10/13/09. It will be a inclass, closed book, closed notes exam.
• 09/15/09 - An example detailing the cryptanalysis of a Monoalphabetic cipher.
• 09/11/09 - Assignment 1 posted in Blackboard course webpage. Due on 09/18/09 5 PM. Submit your solutions online in Blackboard.
• 09/10/09 - An example detailing the cryptanalysis of a Vignere cipher.
• 09/01/09 - Reading assignments: Information System Security: A Comprehensive Model and A Model for Information Assurance: An Integrated Approach

Grade Distribution

Assignments	20%
Projects	25%
Mid Term Exam	25%
Final Exam	30%

Syllabus

The aim of this course is to introduce the concepts and principles of computer security - including program, OS and network security - security threats and countermeasures against them; to implement some basic computer security applications and to gain hands on experience.

The following topics will be covered in the course:

• Introduction to basic concepts of computer security
• Cryptography used as a tool to provide security
• • Classical and modern cryptography
  • Symmetric encryption
  • Asymmetric encryption
  • Basic cryptographic protocols
• Basic network security
• • Security in TCP/IP protocol suite layers
  • Network security tools such as nmap, snort, nessus
• Program security
• • Buffer overflow
  • Viruses
  • Covert Channels
• OS security
• • Access Control Lists
  • TCSEC - Orange book, European ITSEC
• Security Policies
• • Clark-Wilson Commercial Security Policy
  • Chinese Wall Security Policy
• Security Models
• • Bell-La Padula Confidentiality Model
  • Biba Integrity Model
  • Harrison-Ruzzo-Ullman Model
  • Take Grant System
• Security management
• • Risk analysis
  • Policies
  • Auditing
• Legal issues involving law, privacy and ethics

References

• Textbook: Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing, 4th edition, Prentice Hall, 2007. ISBN: 0-13-239077-9
• Mark Stamp, Information Security: Principles and Practice, John Wiley & Sons, 2006. ISBN: 978-0471738480
• Ross Anderson, Security Engineering, John Wiley & Sons, Inc., 2001. ISBN: 0471389226
• William Stallings, Cryptography and Network Security, 4th edition, Prentice Hall, 2006. ISBN: 0131873164
• Paul Garrett, Making, Breaking Codes, An Introduction to Cryptology, Prentice Hall, 2001. ISBN: 978-0130303691
• James F. Kurose, Keith W. Ross, Computer Networking A Top Down Approach, Pearson, 2008. ISBN: 978-0321497703
• Alfred Menezes, Paul C. van Oorschot, Scott A. Vanstone, "Handbook of Applied Cryptography", CRC-Press , 1996. ISBN: 0849385237

Prerequisites

• CSCE 1040 Computer Science II: Proficiency in simple data as stacks, queues, trees and linked lists. Also, requirement to design, implement and test relatively large programs.
• CSCE 2610 Computer Organization: Acquaintance with multiple layers of abstraction in modern computer, the h/w - s/w interface, also the memory hierarchies and hardware separation mechanisms.

Policies

Academic Dishonesty:

Cheating in exams/assignments, plagiarism in exams/assignments, collusion and falsification of academic records or the attempt to do these things constitute academic dishonesty. Students need to include proper citation for books and/or Internet based resources on their submissions. All submissions will be checked against plagiarism via SafeAssign tool. Any direct copying from a book, from an Internet site, from a paper, etc. without proper citation to the author (of the book or the Internet article) is considered as plagiarism. All assignments need to be done individually. Any type of academic dishonesty will be handled immediately and strictly, resulting in a zero on the exam/assignment and an F in the class, and will be referred to the Dean for further disciplinary action.

Students with Disabilities:

Students in need of academic accommodations for disability can refer to the UNT Policy Manual for initiating the required arrangements based on ADA terms. Also, disabled students can arrange an appointment with me to discuss their special needs for academic accommodation during office hours (to ensure confidentiality).

Observation of Religious Holidays:

In accordance with Texas state law, a student absent due to the observance of a religious holiday may take examinations or complete assignments scheduled for the days missed, including those missed for travel, within a reasonable time after the absence. Students should notify the instructor in each course of the date of the anticipated absence as early in the semester as possible. Only holidays or holy days observed by a religion whose place of worship is exempt from property taxation under Section 11.20 of the Tax Code may be included. A student who is excused under this provision may not be penalized for the absence, but the instructor may appropriately respond if the student fails satisfactorily to complete the assignment or examination.