CS 426: Computer Security

List of Topics (By Week):

1. Introduction. Issues of terminology and underlying themes. Included are issues of basic threats, vulnerabilities, and goals.

2. Risk analysis and policy formation. Issues of audit and control.

3. Personnel and Physical Security. Issues of how to protect physical information infrastructure, and how to select and protect personnel involved with security.

4. Encryption Basics. Substitution and permutation ciphers. Attacks on encryption. Block vs. stream ciphers.

5. Encryption II. Public key cryptography, digital signatures, escrowed and multi-keyed algorithms.

6. Applying encryption. Key management, electronic commerce and digital cash, end-to-end arguments.

7. Authentication and identification. Who are you and how do we know that?

8. Malicious code. Viruses, worms, etc. Message digests and scanning as protection methods.

9. Models of security. Defining security. Multi-level security. Labeling.

10. Assurance methods. Formal methods, penetration testing, monitoring, auditing.

11. Basic DB security. Coverage of locking, inference protection, and auditing.

12. Network Security I. This is coverage of problems related to computing in a network, including eavesdropping and intrusion.

13. Network Security II. Higher-level problems of security, including secure time, authentication, quality of service, etc.

14. Intrusion and misuse detection and response.

15. Issues of law and ethics. Discussion of legal issues relating to intellectual property, computer abuse, and law enforcement. Also discussion of additional ethical issues not discussed previously in the semester.

1998.08