pittlogo

           

IS-2150/TEL-2810

Introduction to Security

Fall, 2006-2007

Thursday 3:00 - 5:50PM

Room: IS 405

(Has been changed to IS 404)

Instructor:
James Joshi

 

Contact Info:
706A, IS Building,

Tel:412-624-9982


Email:

jjoshi[AT]mail.sis.pitt.edu 

 

Office Hour

Tuesdays 3:00 - 6:00PM

Or By Appointment

GSA Help
Saubhagya Ram Joshi

srjoshi[AT]mail.sis.pitt.edu

(GIS Lab, 4th Floor)

Wednesdays 2:00-4:00PM

 

Announcement

[Updated: Nov 30]

 

Quiz 2

(Dec 14)

 

Quiz 1

(Nov 16)

 

Previous Finals

Sample 1

Sample 2

OldHW

(For Practice)

 

Project Related

 

Proposal Sample

 

Midterm: Oct 12, 2006

(Sample)

 

Java Special class is postponed to Oct 14

 

Homeworks

Homework 1

(Posted: Sept 9;

Due Date: Sept 17)

 

Homework 2

(Posted: Sept 20;

Due Date: Sept 27)

 

Homework 3

(Posted: Oct 1;

HW Due Date: Oct 8)

 

Lab 1

(Posted: Oct 1;

(New Due Date: Oct 18)

 

Homework 4

(HW Due Date: Oct 30)

 

Lab 2

(Posted: Nov 3;

Due Date: Nov 14)

 

Homework 5

(HW Due Date: Dec 5)

(Some Useful Notes)

(Java Files)

 

List of Assigned/Optional Papers

Paperlist

 

Lectures

Some Java Resources

GSA's Java Tutorial

Important Links

Security Track

LERSAIS

 

 
Course Description
This course covers fundamental issues and first principles of security and information assurance. The course will look at the security policies, models and mechanisms related to confidentiality, integrity, authentication, identification, and availability issues related to information and information systems. Other topics covered include basics of cryptography (e.g., digital signatures) and network security (e.g., intrusion detection and prevention), risk management, security assurance and secure design principles, as well as e-commerce security. Issues such as organizational security policy, legal and ethical issues in security, standards and methodologies for security evaluation and certification will also be covered.

Special note: The coverage of this course has been primarily guided by the requirements of some of the CNSS standards (about 85% of the content). In addition, the course also attempts to cater to students who are interested in taking a single course but would like to gain a broad understanding of issues in information security.

Prerequisites

  • TEL2000 OR Equivalent Background

In essence, the following is expected of the students

  • Basic knowledge of: operating systems, data structures, database systems and networks; Java.

  • Basic mathematics: undergraduate mathematics, some knowledge about mathematical logic, set notation, etc. These issues will be reviewed in the course.

Students not sure about the required background should meet the instructor.

Special note:

  • The course attempts to explore some theoretical issues for which the stated mathematical background is essential.

  • The course will involve some Java programming.

Students are highly encouraged to use office hours (both the Instructor's or the GSA's) and make special arrangements with the instructor, if additional help is needed.

Textbook:

Introduction to Computer Security: by Matt Bishop (ISBN: 0-201-44099-7), Addison-Wesley (Required Text)

This is a simplified version of (some topics have been removed!)

Computer Security: Art and Science by Matt Bishop (ISBN: 0-201-44099-7), Addison-Wesley. If you have a copy of this book, it should be fine too.

Other Reference Material

Security in Computing, 2nd Edition, Charles P. Pfleeger, Prentice Hall
Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001
Inside Java 2 Platform Security: Architecture, API Design, and Implementation
by Li Gong, Gary Ellison, Mary Dageforde

          A list of papers will be provided to supplement the book


Course Outline

Security Basics
  • General overview and definitions
  • Security models and policy issues

Basic Cryptography and Network security

  • Introduction to cryptography and classical cryptosystem
  • Authentication protocols and Key Management
  • IPSec, VPNs, E-commerce issues
Systems Design Issues and Information assurance
  • Design principles
  • Security Mechanisms
  • Auditing Systems
  • Risk analysis
  • System verification and evaluation
Intrusion Detection and Response
  • Attack Classification and Vulnerability Analysis
  • Detection, Containment and Response/Recovery

Legal, Ethical Issues

Overview of Miscellaneous Issues (Time permitting)

  • Malicious code, Mobile code
  • Digital Rights Management, Forensics
  • Emerging issues: E/M-commerce security, Multi-domain Security Issues etc.
Grading

Lab + Homework/Quiz/Paper Review 40%
Two Exams 40%
Paper/Project 20%
Misc. (Seminar, Participation in class) will also be used.
 

If you are having a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services (DRS), 216 William Pitt Union (412-648-7890/412-383-7355) as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.