CS 526 Syllabus

(Fall 2013)


   

Introduction

  • Course introduction (syllabus, policies, and projects)
  • An overview of information security: confidentiality, integrity, and availability

Cryptography

  • Classical ciphers
  • One-time Pad, Stream Ciphers
  • Block Ciphers, Modes of using block ciphers.
  • Message Integrity: cryptographic hash functions, Message Authentication Codes (MAC)
  • Public key encryption
  • Digital signatures
  • Public key certificates and key agreement

Security Basics

  • Authentication, access control, and audit
  • Unix Security Basics

Web Application Security

  • User authentication and session management
  • Cross Site Scriting, Cross Site Request Forgery, SQL Injection

Software Security

  • Software vulnerabilities: buffer overflow, format string bugs, integer overflow, race conditions, etc.
  • Secure programming

Malware

  • Viruses, worms, rootkits, botnets

Access Control Theory

  • Harrison-Ruzzo-Ullman
  • Bell-LaPadula model
  • Integrity protection models: Biba and Clark-Wilson

Access Control Practice

  • Domain Type Enforcement and SELinux
  • Usable Mandatory Integrity Protection and Information Flow Enhanced Discretionary Access Control
  • Role-Based Access Control

Network Security

  • TCP/IP security issues
  • DNS security issues and defenses
  • TLS/SSL
  • Firewalls
  • Intrusion detection and prevention systems

Other topics

  • Database security
  • Information hiding and covert channels