Tentative Lecture Plan


Tentative lecture flow will be as follows. Some changes may occur depending upon the pace of the class. In the table below, texts in GREEN in Topics column represent notes I add after the class - in particular with regards to coverage.

Some helpful notes: Some previous experiences of the students and mine that may be helpful to you are as follows:

         Students who have taken this course have felt that this is a very dense course - primary reason for it being dense is our goal to maintain the NSA IA standards.

         In earlier offerings of this course, students who lacked strong mathematical background had found the first half of the course, which is focused on theoretical issues, quite challenging. Students are strongly recommended to read the materials before it is covered in the class. Most of the lecture materials will be similar to earlier offerings of the course, with updates and corrections.

         The second half of the course content is much softer and less effort is needed to understand the concepts - but a lot of reading is required. This helps students to concentrate more on projects and labs/programming assignment.

         The course is designed primarily with the overall security track in mind. The coverage is also expected to provide a foundational knowledge and broad understanding of security field, if this is the only course the student plan to take.

Tentative Course Schedule









Week 1

(Aug 30)


Introduction to the course;

Chap 1: Overview of Security

CSI/FBI Survey (Click here for the site from where to download) 


[Covered till Slide 32; CSI slides not covered]

(Lecture 1)




Week 2

(Sept 6)


Im attending conference;


Hassan Takabi

will be teaching


Chap 12: Secure Design Principles

Chap 2.2  Access Control Matrix


Access control in OS


Unix (Garfinkel book in Text book list in main page)


Microsoft Reference (http://technet.microsoft.com/en-us/library/cc781716.aspx)


(Lecture 2)


Week 3

(Sept 13)


Mathematical Review

(Bishop's brown book has intro on these topics - Logic, Induction and Lattice)

+ Chapter 2


(Lecture 3.1)



(Lecture 3.2)


Week 4

(Sept 20)


Chap 3 : HRU Access Control Model and results

Chap 4 - 6 : Security Policies, Confidentiality and Integrity Models

[Covered Lecture 4 and till Slide 24 of Lecture 5]


(Lecture 4)


(Lecture 5)


Week 5

(Sept 27)

Chap 4 - 6 : Security Policies, Confidentiality and Integrity Models (continued from last week)

Take Grant model this is Chapter 3.3 from Brown book (it is not included in green book)

(Lecture 6)


Week 6

(Oct 5)

Chap 9: Basic Cryptography and Network Security

(Lecture 7)


(Oct 11)

 Fall Break (No Class)

Week 8

(Oct 18)

Im attending conference;


Review and Lecture 7 continued

Week 9

(Oct 25)

Midterm (based on the coverage so far)

Week 10

(Nov 2)

Key management, Network security

(Lecture 8)

Week 11

(Nov 8)

Slides for Chinese Wall, Clark-Wilson & RBAC (not covered this day)

(Lecture 9)

Week 12

(Nov 15)

Continue Lecture 8, 9

Chap 6, 7 : Integrity Models, Hybrid Models, RBAC (for RBAC refer to NIST Standard paper in Reading List)

[recommended reading The Economic Impact of Role-Based Access Control]



(Lecture 10)

Week 13

(Nov 22)

Lecture 10: Authentication, identity, vulnerability analysis (Chap 11, 20)

Lecture 11: IDS, Auditing, Firewalls (Chap 22, 21) --- THIS WAS NOT COVERED IN CLASS (RECOMMENDED READING)

(Lecture 11)

Week 14

(Nov 29)


(Chapter on String and Integer in the following book available online:


Secure coding, Malicious code

(Reading assignment: Chapters: 19)


(Lecture 12)


Week 15

(Dec 6)

Privacy (by Amir), Risk Mgmt & Misc (by Nathalie)


(Lecture 13)

(Lecture 14)

Week 15

(Dec 13)

Final Exam