List of Topics (By Week):
Introduction (1 week)
Role of security. Types of security. Basic definitions: trust,
security, vulnerability, safeguard, countermeasure, etc.
Formalisms (1.5 weeks)
Information flow. Classification schemes. Secure programming issues.
Complexity and analysis.
Policy (1.5 weeks)
Risk Analysis. Policy Formation. Role of audit and control.
Basic cryptography (2 weeks)
Block and stream ciphers. Public and private key systems. Message
digests. Approximate strength of ciphers.
OS Security (2 weeks)
Authentication, authorization and identification. Access control.
Capability and ACL mechanisms. Audit. Viruses and malicious code.
System Design (1 week)
Secure design principles. TCB and security kernel construction.
Least-privilege. Verification and validation. Certification issues.
Network Security (2 weeks)
Authentication. Interception and denial of communications. Distributed
cooperation and commit. Distributed authentication issues: Kerberos,
SESAME, etc. Routing, flooding, spamming. Firewalls.
Intrusion Detection and Response (1 week)
Misuse and intrusion detection: host, network, distributed,
application. Pattern and behavior detection. Distributed attacks and
Physical and Personnel Security (1 week)
Physical threats and countermeasures: fire, flood, theft, etc.
Personnel screening and training. Awareness. Management. Role of
Operational Security (1 week)
Scanning and sweeping. Backups. Maintenance and bug fixes. Upgrade
paths. Training. Role of Randomness.
Legal and Societal Issues (1 week)
Copyright, patent, trade secret. Hacking and intrusion.
Classification. Privacy. Spamming. Information aggregation. Identity