INFSCI 2935: Introduction to Computer Security

Fall 2003-04

James B. D. Joshi

Contact Info:
721, IS Building, Tel:412-624-9982

My Office Hours
2pm - 4pm

TA: Ratchata Peechavanish
Office Hours

2:15pm - 4:15pm
2nd Floor Lounge

October 16

(updated Dec 11)

Final Exam
December 11


lecture 1
Slides, pdf)

lecture 2
Slides, pdf)

lecture 3
Slides, pdf)

lecture 4
Slides, pdf)

lecture 5
Slides, pdf)

lecture 6
Slides, pdf)

lecture 7
Slides, pdf)

lecture 8
Slides, pdf)

lecture 9
Slides, pdf)

lecture 10
Slides, pdf)

lecture 11
Slides, pdf)

lecture 12
Slides, pdf)

lecture 13
Slides, pdf)


Due: Sept 18, '03

Due: Sept 26, '03


Due: Oct 5, '03


Due: Oct 14, '03


Jave class files
Due: Oct 14, '03

Project Proposal
Submit By Nov 15, '03

(Firewall Lab)
Should be done by Nov 20, '03

(Reading Assignment)
Read any Three of the NSTISSPs
from here

Submit Project
By Dec 13, '03

Quiz Solution 1

Quiz Solution 2

Quiz Solution 3

Quiz Solution 4

Quiz Solution 5

Quiz Solution 6

Quiz Solution 7


List of Relevant Papers

(Click Here)

Catalogue Description
This course covers fundamental issues and first principles of security and information assurance (confidentiality/privacy, integrity, authentication, identification, authorization, availability, access control). Business issues of risk analysis and management of resources are discussed. Topics covered are issues in information system security; analysis, design, and coding of information systems/networks for security; techniques for building secure organizational systems; e-commerce related security issues; policy, legal and ethical issues in security.

Although it is currently indicated that there are no pre-requisites for this course, to benefit the most from the course, students taking this course are expected to have the following backgorund

  • Basic knowledge of : operating systems, data structures, database systems and networks. 
  • Basic mathematics: undergraduate mathematics, some knowledge about mathematical logic

Students not sure about the required background should meet the instructor.


Computer Security: Art and Science by Matt Bishop (ISBN: 0-201-44099-7), Addison-Wesley 2003

Other Reference Material

Security in Computing, 2nd Edition, Charles P. Pfleeger, Prentice Hall
Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, Wiley, John & Sons, Incorporated, 2001

Building Secure Software: How to avoid the Security Problems the Right Way, John Viega, Gary McGraw, Addison-Wesley, 2002

          A list of papers will be provided to supplement the book

Course Outline

Security Basics
  • General overview and definitions
  • Security models and policy issues
Basic Cryptography and Network security
  • Introduction to cryptography and classical cryptosystem
  • Authentication protocols and Key Management
Systems Design Issues and Information assurance
  • Design principles
  • Security Mechanisms
  • Auditing Systems
  • Risk analysis
  • System verification and evaluation
Intrusion Detection and Response
  • Attack Classification and Vulnerability Analysis
  • Detection, Containment and Response/Recovery
Miscellaneous Issues
  • Malicious code, Mobile code
  • Computer Forensics, Legal and Ethical Issues
  • Physical Security, Security Planning, Disaster Recovery/Contingency Planning
  • Emerging issues: Multidomain Security / Interoperability
Lab + Homework/Quiz/Paper review 30%
Midterm 20%

Paper/Project 15%
Comprehensive Final 35%

If you are having a disability for which you are or may be requesting an accommodation, you are encouraged to contact both your instructor and the Office of Disability Resources and Services (DRS), 216 William Pitt Union (412-648-7890/412-383-7355) as early as possible in the term. DRS will verify your disability and determine reasonable accommodations for this course.