Syllabus - ICS 8 - Practical Computer Security
Michael T. Goodrich
- Course description.
Principles of practical computer security to enable students to
defend themselves against malicious threats. Firewalls, anti-virus,
secure setup of a wireless access point. Cryptography basics and its
application. Embedded devices and related security issues.
Network technologies and their vulnerabilities.
- Course goals.
All students, and most of the general population, use computers and
computer-based systems everyday, and entrust those systems with
life-critical and cost-critical functions. In spite of the high level
of trust placed in computer-based systems, even advanced computer
users have little awareness of their exposure to security threats.
The general lack of understanding of basic computer security concepts
leads to increased risk and costs involved in using computers. This
course will introduce computer security basics in a practical way and
give students the understanding that they need to protect themselves,
and their data, from malicious attack.
Students will learn about the mechanisms behind most computer attacks
and they will learn about standard defense tools including firewalls
and anti-virus programs. The course will provide a practical
introduction to a broad range of computer security topics.
- Coursework. Coursework will consist of homeworks and
quizes, a midterm exam, and a comprehensive final exam. The overall grade
will be determined as follows:
5% from attendance and participation,
15% from quizes,
20% from homeworks,
30% from the midterm,
30% from the final.
- Cheating policy.
Performance must be 100% individual effort on all quizes and exams,
no collaboration is allowed on quizes or exams. Any collaboration or copying
will be considered cheating.
Group work on homeworks is permitted, but each
student must list his or her collaborators in writing for each
problem, using a phrase like "In collaboration with Jane Doe...".
If a student turns in a solution without listing
the others who helped produce this solution,
this act will be considered cheating (for it is plagarism).
Late homework assignments will not be accepted without a medical or
other life-emergency excuse.
In addition to the procedures of the
Cheating Policy, students caught cheating will be given a
zero on the homework, quiz or exam in question and have a letter filed
with their associate dean for academic affairs.
- Text. Goodrich and Tamassia,
Introduction to Computer Security,
- Add/drop policy.
Drops will be accepted only up to the end of the third week.
Once your drop card has been
signed, further coursework from you will not be graded. After the
seventh week of classes, withdrawals will be allowed only by
petition and under documented extenuating circumstances.
- Week 1:
Security principles, access control models,
basic cryptographic concepts.
- Reading: G-T, Chapter 1.
- Week 2:
Locks, smart cards, RFIDs, eavesdropping, computer forensics.
- Reading: G-T, Chapter 2.
Operating Systems Security.
Monitoring, filesystem security, buffer-overflow attacks.
- Reading: G-T, Chapter 3.
Logic bombs, Trojan horses, viruses, worms, rootkits, adware,
- Reading: G-T, Chapter 4.
Network Security I.
Basic Internet technology, spoofing, sniffing, session hijacking,
- Reading: G-T, Chapter 5.
Network Security II.
DNS, indruders, firewalls, wireless security.
- Reading: G-T, Chapter 6.
Web Browser Security.
phishing, cross-site scripting attacks,
tracking cookies, privacy.
- Reading: G-T, Chapter 7.
Symmetric encryption, public-key cryptography, hash functions,
- Reading: G-T, Chapter 8.
Email, payment systems.
- Reading: G-T, Chapter 10, part 1.
Voting systems, digital rights management, social networking.
- Reading: G-T, Chapter 10, part 2.
Copyright © 2010
Michael T. Goodrich, as to all lectures.
Students are prohibited from
recording the audio or video content of lectures and from
selling (or being paid for taking) notes during this course to or by any
person or commercial firm without the express written permission of the
professor teaching this course.