CENG 418
Information Security
Information Security is a comprehensive study of the principles and practices of computer system security including operating system security, network security, software security and web security. Topics include common attacking techniques such as virus, trojan, worms and memory exploits; the formalisms of information security such as the access control and information flow theory; the common security policies such as BLP and Biba model; the basic cryptography, RSA, cryptographic hash function, and password system; network intrusion detection; software security theory; web security; legal and ethical issues in computer security.
Course Objectives
The main goal of this course is to provide students with a background, foundation, and insight into the many dimensions of information security and to support them to understand information security’s importance in our increasingly computer-driven world.
Recommended or Required Reading
Computer Security: Art and Science, ISBN 0-201-44099-7; Publisher Addison Wesley Professional; Copyright 2003
Learning Outcomes
1. Students learn the common security threats in digital world.
2. Students learn the foundational theories of information security.
3. Students learn what are the basic principles and techniques when designing a secure system.
| Week | Topics |
| 1 | Introduction Course introduction (syllabus, policies, projects, and recent cyber threats overview) An overview of information security: confidentiality, integrity, and availability |
| 2 | Understanding the Threats Malicious software (Viruses, trojans, rootkits, worms, botnets) Memory exploits (buffer overflow, heap overflow, integer overflow, format string) |
| 3 | Formalisms Access control theory, access control matrix Information flow |
| 4 | Policy Security policies Confidentiality policies (BLP model) Integrity policies (Biba, and Clark-Wilson model) Hybrid policies (Chinese Wall model, role-based access control) |
| 5 | Cryptography I Block and stream ciphers Cryptographic hash functions, Message Authentication Codes (MAC) Public and private key systems |
| 6 | Cryptography II Message digests. Approximate strength of ciphers Authentication Password system |
| 7 | Midterm |
| 8 | Systems Secure design principles (Least-privilege, fail-safe defaults, complete mediation, separation of privilege) TCB and security kernel construction System defense against memory exploits UNIX security and Security-Enhanced Linux (SELinux) Windows security |
| 9 | Network Security I TCP/IP security issues DNS security issues and defenses |
| 10 | Network Security II TLS/SSL Network Intrusion detection and prevention systems Firewalls |
| 11 | Software Security Vulnerability auditing, penetration testing Sandboxing Control flow integrity |
| 12 | Web Security User authentication, authentication-via-secret and session management Cross Site Scripting, Cross Site Request Forgery, SQL Injection |
| 13 | Legal and Ethical Issues Cybercrime and computer crime Intellectual property, copyright, patent, trade secret Hacking and intrusion Privacy, identity theft |
| 14 | Final Exam |
Grading
Midterm 25%
Quiz 20%
Homework 20%
Final 35%
- CENG 400
- CENG 411
- CENG 415
- CENG 416
- CENG 421
- CENG 422
- CENG 424
- CENG 431
- CENG 432
- CENG 433
- CENG 434
- CENG 435
- CENG 436
- CENG 437
- CENG 441
- CENG 442
- CENG 443
- CENG 444
- CENG 451
- CENG 452
- CENG 461
- CENG 462
- CENG 463
- CENG 464
- CENG 465
- CENG 471
- CENG 472
- CENG 473
- CENG 481
- CENG 482
- CENG 483
- CENG 484
- CENG 485
- CENG 486
- CENG 487
- CENG 488