|
Tentative
Lecture Plan
Tentative
lecture flow will be as follows. Some changes may occur depending upon the
pace of the class. In the table below, texts in GREEN in
Topics column represent notes I add after the class - in particular with
regards to coverage.
Some helpful notes: Some previous experiences of
the students and mine that may be helpful to you are as follows:
·
Students who have taken this course have
felt that this is a very dense course - primary reason for it being dense is
our goal to maintain the NSA IA standards.
·
In earlier offerings of this course,
students who lacked strong mathematical background had found the first half
of the course, which is focused on theoretical issues, quite challenging.
Students are strongly recommended to read the materials before it is covered
in the class. Most of the lecture materials will be similar to earlier
offerings of the course, with updates and corrections.
·
The second half of the course content is
much softer and less effort is needed to understand the concepts - but a lot
of reading is required. This helps students to concentrate more on projects
and labs/programming assignment.
·
The course is designed primarily with the
overall security track in mind. The coverage is also expected to provide a foundational
knowledge and broad understanding of security field, if this is the only
course the student plan to take.
Tentative Course Schedule
|
|
Lecture/Date
|
Topics
|
Slides
|
|
Week 1
(Jan 9))
|
No
Class (SFS)
|
|
|
Week 2
(Jan 16)
|
Introduction to the
course;
Chap 1: Overview of
Security
Chap 12: Design
Principles
|
(Lecture 1)
(PDF)
|
|
Week 3
(Jan 23)
|
Access
control in OS
Unix
(Garfinkel book in Text book list in main page)
Microsoft
Reference(http://technet.microsoft.com/en-us/library/cc781716.aspx)
Mathematical Review
(Bishop's brown book has intro on these topics - Logic, Induction and
Lattice) + Chapter 2
|
(Lecture 2)
(PDF)
(Lecture 3.1 )
(PDF)
|
|
Week 4
(Jan 30)
|
(Continue from Week 3)
Chap 3 : HRU Access Control Model and
results
|
(Lecture 3.2, PDF)
(Lecture 4, PDF)
|
|
Week 5
(Feb 6)
|
(continue Lecture 4 from last week)
Chap 4 - 6 : Security Policies,
Confidentiality and Integrity Models
|
(Lecture 5, PDF)
|
|
Week 6
(Feb 13)
|
Chap 9: Basic Cryptography and Network
Security
|
(Lecture 6, PDF)
|
|
Week 7
(Feb 20)
|
Key management, Network security
|
(Lecture 7, PDF)
|
|
Week 8
(Feb 27)
|
Continue
Lecture 7
(Covered
till Slide 41)
|
|
|
Week 9
(March 6)
|
Midterm
Will Cover everything Covered so far (i.e., Upto
Slide 41 of Lecture 7)
|
|
|
Week 10
|
Spring break
|
|
|
Week 11
(March 20)
|
Lecture 9: Authentication, identity,
vulnerability analysis (Chap 11, 20)
|
(Lecture 8, PDF)
|
|
Week 12
(March 27)
|
Malicious
code (Chapters: 19)
Secure
coding
(Chapter
on String from Seacord’s Secure Programming in
C/C++)
|
(Lecture 9, PDF)
|
|
Week 13
(April 3)
|
Chap
6, 7 : Integrity Models, Hybrid Models, RBAC (for RBAC refer to NIST Standard
paper in Reading List)
[recommended reading “The Economic Impact of Role-Based Access
Control”]
|
(Lecture 10, PDF)
|
|
Week 14
(April 10)
|
Privacy
IDS, Auditing, Firewalls (Chap 22, 21)
|
(Privacy: Lecture
11, PDF)
(Lecture
12, PDF)
|
|
Week 15
(April 17)
|
(We
will cover Lecture 11 and 12 – which were not finished last week)
Will touch on the following
if time permits:
Risk
Analysis
Legal
Issues (Stallings book)
Chap
18: Evaluation standards
|
|
|
Week 16
(April 24)
|
Final Exam
|
|