Data Security - myweb - Long Island University
Transcription
Data Security - myweb - Long Island University
Computer Security Syllabus CS 678 – Data Security Spring 2015 Course Schedule: Saturday 9:00 - 11:35 AM Classroom: Cook Lab (LLC 207) I. INSTRUCTOR INFORMATION Instructor: Prof. Ping-Tsai Chung Contact Information - Office Room: LLC 206R Office Hours: Monday, Wednesday, 4:00 - 6:00 PM or by appointment E-mail: [email protected] Tel: (718) 488-1073 Course Web Site: http://myweb.brooklyn.liu.edu/pchung/ Blackboard: http://blackboard.liu.edu/ Email access is essential in communicating with the instructor and your peers. Please activate your LIU e-mail account. For each homework submission, you should send your answer file to [email protected] ([email protected]). Also, you should submit one hard copy to me in class on the due day to facilitate my grading work. II. RESOURCES Textbook: (Required) Introduction to Computer Security, Michael T. Goodrich and Roberto Tamassia, Addision Wesley, ISBN 0-13-978-0-321-51294-9, 2011. The companion website http://www.securitybook.net/ References: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, Dafydd Stuttard and Marcus Pinto, Second Edition, Wiley, ISBN: 978-1118-026447-2, 2011. Available at https://leaksource.files.wordpress.com/ Useful Resources: (1) Network Security Essentials : Applications and Standards, 4th Edition, William Stallings, Prentice-Hall, ISBN 0-13-610805-9, 2011. (2) http://williamstallings.com/NetworkSecurity/ http://williamstallings.com/NetworkSecurity/NetSec4e-Student/index.html http://williamstallings.com/NetSec/NetSec3e.html 1 (3) Computer Security – Art and Science, Matt Bishop, Addison-Wesley. http://nob.cs.ucdavis.edu/book/book-aands/slides/index.html (4) Computer Networks, Fourth Edition, Andrew S. Tanenbaum, Prentice-Hall. http://authors.phptr.com/tanenbaumcn4/ Library: Campus library resources tailored for computer science are available at http: //www2.brooklyn.liu.edu/library/wlp/LibPortal-CS-BC.htm. III. BUSINESS CONTEXT Keywords: Computer Security, Cryptography, Physical Security, Operating Systems Security, Malware, Network Security, Web Security, Security Models and Practice, and Distributed-Applications Security. IV. INSTRUCTIONAL DESIGN Course Description: A consideration of security problems in computing, with emphasis on legal issues. Topics include cryptography fundamentals and data security; NPcompleteness and security of cryptosystems; DES; IDEA; hashes and message digests; RSA; authentication of people and systems; signature schemes; access controls, information flow controls, and inference controls; Operating Systems Security, Malware, Network Security, Web Security, Security Models and Practice, and DistributedApplications Security such as Database Security, E-mail security, and Social Networking. Course Objectives: (O1) Could have a comprehensive understanding of Computer Security, Cryptography, Physical Security, Operating Systems Security, Malware, Network Security, Web Security, Security Models and Practice, and Distributed-Applications Security. (O2) Could have a clear understanding of the security ramifications of using computers and the Internet in their daily lives (e.g., for online banking and shopping), as well as the potential threats to individual privacy (as seen in recent debates on electronic voting, for example), and possibly to democracy itself, that may arise from inappropriate use of computer security technology. Course Structure: This course is a lecture based course which is consist of lectures, readings, homework assignments, Term projects, and one Exam. 2 Weekly Outline: Schedule Topics Covered Lecture 1 (1/24) Introduction Lecture 2 (1/31) Cryptography 1.1 Fundamental Concepts 1.2 Access Control Models 1.3 Cryptographic Concepts 1.4 Implementation and Usability Issues Lecture 3 (2/7) 1 Symmetric Cryptography 2 Public-Key Cryptography 3 Cryptographic Hash Functions 4 Digital Signatures 5 Details on AES and RSA Lecture 3 (2/14) Physical Security Lecture 4 (2/21) Operating Systems Security 1 Physical Protections and Attacks 2 Locks and Safes 3 Authentication Technologies 4 Direct Attacks Against Computers 5 Special-Purpose Machines 6 Physical Intrusion Detection Resources Assignments Chapter 1 and Notes Chapter 8 and Notes Homework 1 Chapter 2 and Notes Chapter 3 and Notes Homework 2 1 Operating Systems Concepts 2 Process Security 3 Memory and Filesystem Security 4 Application Program Lecture 5 (2/28) Malware 1 Insider Attacks 2 Computer Viruses 3 Malware Attacks Chapter 4 and Notes 3 4 Privacy-Invasive Software 5 Countermeasures Lecture 6 (3/7) Network Security I 1 Network Security Concepts 2 The Link Layer 3 The Network Layer 4 The Transport Layer 5 Denial-of-Service Attacks Chapter 5 and Notes Homework 3 (3/14) Spring Recess - NO CLASS Lecture 7 (3/21) Network Security II Lecture 8 (3/28) Web Security Lecture 9 (4/4) Security Models and Practice 1 The Application Layer and DNS 2 Firewalls 3 Tunneling 4 Intrusion Detection 5 Wireless Networking 1 The World Wide Web 2 Attacks on Clients 3 Attacks on Servers Chapter 6 and Notes Chapter 7 and Notes Homework 4 Chapter 9 and Notes Homework 5 1 Policy, Models, and Trust 2 Access Control Models 3 Security Standards and Evaluation 4 Software Vulnerability Assessment 5 Administration and Auditing 6 Kerberos 7 Secure Storage Lecture 10 (4/11) DistributedApplications Security Chapter 10 and Notes 1 Database Security 2 Email Security 4 3 Payment Systems and Auctions 4 Digital Rights Management 5 Social Networking 6 Voting Systems Lecture 11 (4/18) Course Review Lecture 12 (4/25) Exam - Contents will be discussed in the Class. (5/2) Term Practical Project Presentation I (5/9) Term Project Presentation II for the Web Application from Hacker's Handbook Based on all Homeworks and Examples of Class Notes V. GRADING CRITERIA, GUIDELINES, AND ASSIGNMENTS Course Grading: Class Participation, Attendance, Assignments: 20%, Exam : 30%. Project: 50%. Note 1 (Grading Grid for Final Grades): 90% and higher (A), 75% – 89.99% (B), 60 74% (C), below 60% (F). Intermediate grades (A-, B+, …, etc. ) will be given. Note 2 (Classroom): All face-to-face classes will meet at Classroom: LLC207 (Cook Lab). Note 3 (Class Attendance): Student should attend all classes include all Lectures, Examinations. Note 4 (Homework Submissions): All homeworks and final project should be submitted through internet, please forward your homework to me at [email protected] (or [email protected]) before the specified deadline. No late homework will be accepted. . Also, you should submit one hard copy to me in class on the due day to facilitate my grading work. 5 VI. (A) ACADEMIC INTEGRITY AND REGULATIONS Plagiarism: Plagiarism is the use or presentation of ideas, works, or work that is not one's own and that is not common knowledge, without granting credit to the originator. Plagiarism is a practice that is not only unacceptable, but which is to be condemned in the strongest terms possible on the basis of moral, educational and legal grounds. Under University policy, plagiarism may be punishable by a range of penalties from a failing grade in the assignment or course to dismissal from the School of Business, Public Administration and Information Sciences. All students are required to read the handbook on avoiding plagiarism by visiting the URL: www.liu.edu/~/media/Files/Brooklyn/Academics/Schools/Business/Plagiarism.ashx. Cheating: Cheating includes, but not limited to the following: falsification of statements or data; listing sources that have not been used; having another individual write your paper or do your assignments; writing a paper or creating work for another student to use without proper attribution; purchase of paper or research work for one’s submission as his/her own work; using written, verbal, or electronic or other sources of aid during an examination (except when expressly permitted by the instructor depending on the nature of the examination) or knowingly providing such assistance to aid other students. Attendance and Participation: Attendance and participation are essential to learning and fulfilling the outcomes of the course. Students are advised to inform the instructor in advance of any anticipated absence(s). In some instances, you may be required to submit supporting documents. Punctuality: Classes will begin promptly as scheduled. It is important that you be present on time. As with absences, late arrival(s) will adversely impact your learning as well your grade. VI. (B) ACCOMMODATIONS FOR STUDENTS WITH DISABILITY Long Island University seeks to provide reasonable accommodations for all qualified persons with disabilities. This University will adhere to all applicable federal, state and local laws, regulations and guidelines with respect to providing reasonable accommodations as required to afford equal educational opportunity. It is the student's responsibility to register with Special Education Services (SES) as early as possible and to provide faculty members with the formal communication from SES for suitable accommodations. All accommodations must be approved through SES. Contact Information: Special Education Services, Pharmacy Building Basement, 718-488-1221 or 718-488-1044. VI. (C) STUDENT RESOURCES The School of Business, Public Administration and Information Sciences and the University have a wide range of resources which are available through the School of Business Advisement Page: http://www.liu.edu/Brooklyn/Academics/Schools/SBPAIS/Advisement.aspx and the University Resources Page: http://www.liu.edu/Brooklyn/About/Resources.aspx. DISCLAIMER: The syllabus is a tentative schedule and the instructor reserves the right to make any changes to fulfill the objectives of the courses and meet students’ needs. 6