 |
|
||||||||||||||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
|
|||||||||||||||
|
|
||||||||||||||||||||||
|
|
||||||||||||||||||||||
|
|
||||||||||||||||||||||
CSE409
| Course | CSE409 |
| Title | Computer System Security |
| Credits | 3 |
| Course Coordinator | |
| Current Catalog Description | Principles and practice of computer system security: Operating system security, Authentication and access control, Capabilities, Information flow, Program security, Database security, Cryptographic key management, Auditing, Assurance, Vulnerability analysis and intrusion detection. |
| Prerequisite | CSE 306 or CSE 376 or equivalent |
| Course Goals | Learn to design, develop and administer secure software and computer systems. Understand fundamental concepts in security such as authentication, access control and information flow. Understand the mechanism and means by which these concepts are implemented in operating systems, databases and other application software. Develop software that implements sample security mechanisms and services chosen by the instructor. Be able to identify security vulnerabilities in existing systems and develop means to mitigate these vulnerabilities. |
| Textbook | Introduction to Computer Security by Matt Bishop Computer Security: Art and Science |
| Major Topics Covered in Course | Introduction: What is security ? What isn't security ? Security by obscurity. Cryptographic Primitives (1): single-key encryption, DES. Cryptographic Primitives (2): two/multi-key crypto (RSA), crypto-hashes. Communication Security: layers: PEM/SSL/IPSec Catch-up Session: continue with Kerberos, do overview of previous lectures Access Control (2): ACLs, capabilities. Policies (2): integrity, Biba, Clark-Wilson. Midterm Review Authentication: definition, passwords, biometrics, location. Sandboxing: confinement, isolation, covert channels. Audits: mechanisms, implementations. Advanced Topics: Proof-Carrying Code. |
| Laboratory Projects | Not Applicable |
| Course Webpage |
