CISC 490

Topics in Computer Science: Cyber Security

Fall 2018

Announcements : 

Instructor

Email: iqbal@cs.queensu.ca
Office: Goodwin 662
Hompepage: http://cs.queensu.ca/~iqbal/

Office Hours: TBA

TA

TBA

Email:
Office:

Table of Content:

• Lecture Schedule
• Marking Schema
• Projects
• Course Outline

• Monday: 10:30 - 11:30 Goodwin 254
• Wednesday: 9:30 - 10:30 Goodwin 254
• Friday: 8:30 - 9:30 Goodwin 254

Marking Schema

• Projects/Assignments - 55%
• Writtem Tests - 45%

Projects

• Cryptography
• Software Security
• Web Security
• Network Security

Course Outline

Description
Overview of computer security, privacy and trust, types of security, confidentiality, integrity, and availability. User authentication and access control. Software security, secure software development. Operating system security. Malicious software. Cryptography and network security, intrusion detection systems. Security management.
Prerequisite: CISC 324/3.0

Objective
The objective of this course is to have an in depth discussions about the most common computer security issues which mainly include security of software, operating systems, networks, and web applications. In this course, the students will learn causes of security problems and methods to prevent those and study the state-of-the-art principles and techniques to defend against attacks.

Topics

Introduction

• Security, privacy, and trust
• Types of security
• Confidentiality, integrity, and availability
• Threats, Attacks, and Assets
• Security requirements and design principles

User Authentication

• Password and token-based authentication
• Biometric authentication
• Remote user authentication

Access Control

• Access control principles
• Discretionary access control
• Role and attribute-based access control

Software Security

• Buffer overflow
• Handling program input
• Writing safe code
• Secure software development

Operating System Security

• System security planning
• Operating system hardening
• Application security
• Security maintenance

Malicious Software

• Types of malware
• Advanced persistent threats
• Malware propagation and payload
• Countermeasures

Cryptography

• Symmetric encryption
• Message authentication and hash functions
• Public-key encryption
• Digital signatures and key management

Network security

• Internet security protocols and standards
• Wireless network security
• Denial of Service attacks
• Intrusion detection systems

Security Management

• IT security management and risk assessment
• Infrastructure and human resource security
• Legal and ethical aspects

Required Textbook

• Computer Security: Principles and Practice, William Stallings and Lawrie Brown, 4th Edition, Pearson, 2018.
  

Reference

• Security in Computing, Charles P. Pfleeger and Shari Lawrence Pfleeger, Jonathan Margulies, 5th Edition, Prentice Hall, 2015.

All contents copyright © 2018, Shahrear Iqbal.
All rights reserved.