- Future Students
- Academic Progams
- Undergraduate Program
- Current Semester CS Courses
- New Course Offerings
- Upcoming Semesters
- Previous Semesters
- Canonical Syllabi
- Course Access & Request Policy
- Academic Integrity Policy
- Grad Student Registration
- Variable Title Courses
- Study Abroad
- Professional Practice
- Co-Op Professional Practice
- Non-Co-Op Professional Practice
- ISS Application Process for International Students (CPT, OPT, RCL, Program Extension, COEL)
- Pass/Not Pass Spring 2020
CS 526: Information Security
List of Topics (By Week):
Introduction (1 week)
Role of security. Types of security. Basic definitions: trust, security, vulnerability, safeguard, countermeasure, etc.
Formalisms (1.5 weeks)
Information flow. Classification schemes. Secure programming issues. Complexity and analysis.
Policy (1.5 weeks)
Risk Analysis. Policy Formation. Role of audit and control.
Basic cryptography (2 weeks)
Block and stream ciphers. Public and private key systems. Message digests. Approximate strength of ciphers.
OS Security (2 weeks)
Authentication, authorization and identification. Access control. Capability and ACL mechanisms. Audit. Viruses and malicious code.
System Design (1 week)
Secure design principles. TCB and security kernel construction. Least-privilege. Verification and validation. Certification issues.
Network Security (2 weeks)
Authentication. Interception and denial of communications. Distributed cooperation and commit. Distributed authentication issues: Kerberos, SESAME, etc. Routing, flooding, spamming. Firewalls.
Intrusion Detection and Response (1 week)
Misuse and intrusion detection: host, network, distributed, application. Pattern and behavior detection. Distributed attacks and defenses. Limitations.
Physical and Personnel Security (1 week)
Physical threats and countermeasures: fire, flood, theft, etc. Personnel screening and training. Awareness. Management. Role of policy. Surveillance.
Operational Security (1 week)
Scanning and sweeping. Backups. Maintenance and bug fixes. Upgrade paths. Training. Role of Randomness.
Legal and Societal Issues (1 week)
Copyright, patent, trade secret. Hacking and intrusion. Classification. Privacy. Spamming. Information aggregation. Identity theft.