Tentative Lecture Plan


Tentative lecture flow will be as follows. Some changes may occur depending upon the pace of the class. In the table below, texts highlighted in GREEN in Topics column represent notes I add after the class - in particular with regards to coverage.

Some helpful notes: Some previous experiences of the students and mine that may be helpful to you are as follows:

·         Students who have taken this course have felt that this is a very dense course - primary reason for it being dense is our goal to maintain the NSA IA standards.

·         In earlier offerings of this course, students who lacked strong mathematical background had found the first half of the course, which is focused on theoretical issues, quite challenging. Students are strongly recommended to read the materials before it is covered in the class. Most of the lecture materials will be similar to earlier offerings of the course, with updates and corrections.

·         The second half of the course content is much softer and less effort is needed to understand the concepts - but a lot of reading is required. This helps students to concentrate more on projects and labs/programming assignment.

·         The course is designed primarily with the overall security track in mind. The coverage is also expected to provide a foundational knowledge and broad understanding of security field, if this is the only course the student plan to take.

Tentative Course Schedule







Week 1

Aug 28

Introduction to the course;

Chap 1: Overview of Security


Lecture 1

Chap 9: Basic Cryptography and Network Security




(Lecture 1)


Week 2

Sept 4


Continue lecture 1

Chap 10, 11: Key management, Network security

Last week coverage was only “Introduction”


(Lecture 2)


Week 3

Sept 11


Coverage this week was only till Slide 40 of Lecture 2



Week 4

Sept 18


Intrusion Detection, Auditing, VPN/IPSec

(Guest Lecturer: Nathalie Baracaldo)

Lecture 3 was fully covered


(Lecture 3)


Week 5

Sept 25


Continue lecture 2 (Slide 40 onwards)

Chap 12: Design Principles

Access control in OS


Unix (Garfinkel book in Text book list in main page)

Microsoft Reference(http://technet.microsoft.com/en-us/library/cc781716.aspx)

Mathematical Review (Bishop's brown book has intro on these topics - Logic, Induction and Lattice) + Chapter 2


(Lecture 4)





Week 6

Oct 2

(Continue from Week 3)

Chap 3 : HRU Access Control Model and results


Chap 4 - 6 : Security Policies, Confidentiality and Integrity Models


(Lecture 5)



(Lecture 6)



Week 7

Oct 9

Continue Lecture 6 (DG/UX related lecture was not covered from Lecture 6)

Week 8

Oct 16

Information Privacy

(Guest Lecturer: Amirreza Mosoumzadeh)

(Lecture 7)

(This is old version; Amir will update it tomorrow morning)

Oct 23

Mid Term

Week 9

Oct 30

Chap 6, 7 : Integrity Models, Hybrid Models, RBAC (for RBAC refer to NIST Standard paper in Reading List)

[recommended reading “The Economic Impact of Role-Based Access Control”]

Biba/Integrity model in

FreeBSD (http://www.freebsd.org/cgi/man.cgi?mac_biba)

Windows (http://msdn.microsoft.com/en-us/library/bb625963.aspx)


Authentication, identity, vulnerability analysis (Chap 11, 20)

(Covered till slide 10 of Lecture 9  )

(Lecture 8)



(Lecture 9)


Week 10

Nov 6

Malicious code (Chapters: 19)

Secure coding

(Chapter on String from Seacord’s Secure Programming in C/C++)

(Lecture 10)


Week 11

Nov 13


Risk Analysis

Legal Issues (Stallings book)

Chap 18: Evaluation standards


(Lecture 11)


Week  12

Nov 20


SQL Injection, Cross-site Scripting

Integer Issues

Digital Watermarking


(Lecture 12.1)

(Lecture 12.2)

(Lecture 12.3)

Nov 27



Week  13

Dec 4

Finish remaining slides

Review for exam

Week  14

Dec 11

Final Exam