There is no required text for this course as the materials covered are too broad to be covered by a single text book. Lecture notes will be made available at this site. Two recommended references are:
Other reference books that you may want to have a look at, are:
Computer and system security, authentication, access control, privacy.
CS 556 introduces the principles of computer security. Information is an important strategic and operational corporate asset. These days computers and computer networks, are increasingly being used for storing and retrieving information. Some of these information may be of a sensitive nature. Consequently they need to have adequate security measures that can safeguard sensitive information. In this course, we will begin by investigating some of the security measures that can be employed to safeguard information. For the most part we will look into the theory that goes into designing these measures rather than studying security tools and techniques. This is because there are too many of those tools out there and they are changing frequently. The course examines how system designs, network protocols, and software engineering practices can result in vulnerabilities. The course explores how to better design and implement future systems in order to mitigate vulnerabilities. In addition, the course explores how to detect and mitigate vulnerabilities in existing systems.
Understanding security requires understanding system concepts such as memory and network access models, stacks, and buffers. Although the official pre-requisite for this course is CS 455 or an equivalent undergraduate course, this being an graduate level computer science course, students are expected to have broad understanding of different aspects of how computer systems work. It is strongly recommended that the student have a working knowledge in computer networks. The student should also feel comfortable with algorithmic concepts and modular arithmetic. If they do not, they are strongly encouraged to refresh their skills in these areas. Experimentation involving programming exercises in C/C++/Python and scripting languages is one of the activities of the course. Students should be ready with these skills.
By the end of the course, students should be able to:
The course is geared toward graduate students and seniors in computer science, math, and information technology students who already have exposure to system design principles.
tentative schedule for this class. Note that as the term
progresses we are most likely to digress from this schedule quite
a bit. However, dates for term paper/project and exams are fixed
and will not change.
Week 1 -
Introduction, security concepts, threats, risk modeling and
Week 2 - Access control models: Discretionary and mandatory access control
Week 3 - Access control models: Covert channels and Chinese Wall
Week 4 - Access control models: Clark-Wilson, RBAC, ABAC
Week 5 - Introduction to cryptography Week 6 - Secret key cryptosystems
Week 7 - Key escrow
Week 8 - Modular Arithmetic and Public key cryptosystems
Week 8 - Public key cryptosystems
Week 9 - Diffie-Hellman, RSA, El-Gammal
Week 10 - Pairing based cryptosystems, IBE and attribute-based encryption
Week 10 - Message digests, Merkle hashes, digital signatures
Week 11 - Identification and authentication, Passwords, Biometrics
Week 11 - One-time passwords and challenge response schemes, Kerberos
Week 12 - Kerberos, SSL, SSH
Week 13 - Wireless Security
Week 14- Privacy
familiarize yourself with the following deadlines related to exams
and term paper/project submission. These are firm deadlines. Due
dates for project submissions will be announced as and when the
projects will be assigned.
|January 16, Tuesday
||First day of class
|February 1, Thursday
||Term paper / project topic
|February 27, Tuesday
||Term paper / project abstract
|March 9, Friday
|| Takehome Midterm Examination distributed
|March 10, Saturday
||Spring Break Begins
|March 14, Wednesday
||Midterm Exam Due
|March 18, Sunday
||Spring Break Ends
|March 19, Monday
||Last day for drop with "W"
|April 3, Tuesday
||Term paper / project update due
|April 26, Thursday
||Term papers / project due
|May 4, Friday
||Takehome Final Examination Distributed
|May 9, Wednesday
||Final Examination Due