(last updated on 5 / 8 / 2006. The answer for HW4, question 2 has been changed) .
The new slides will be post after class.
|
Time: |
Tuesday 4:30pm - 7:10pm |
|
Location: |
ST2, 9 |
| Instructor: | Dr. Duminda Wijesekera |
|
Email: |
dwijesek@gmu.edu (please include "isa662" in your subject line) |
|
Office: |
S&T-II Room 351 |
|
Office phone: |
(703) 993-1578 |
|
Office hours:
TA: Office:
Office hours: |
Monday 3:00-4:00PM, Tuesday3:00~4:00PM
Jiang Wang jwanga@gmu.edu Central Module, Room 22 (Since I haven't got key for room 432 yet, the room changed to Central Module, Room 22 in recent weeks). Thu. 10:am-12:am or by appointment (The office hour changes to Tue (4/25). 10:00am-12:00pm for this week) |
| Webpage: |
http://www.ise.gmu.edu/~duminda/classes/spring06/isa662/index.htm |
Description:
Study of security policies, models, and mechanisms for secrecy, integrity, and availability. Topics include operating system models and mechanisms for mandatory and discretionary controls, data models, concepts and mechanisms for database security, basic cryptography and its applications, security in computer networks and distributed systems and control and prevention of viruses and other rogue programs.
Prerequisites:
Must have completed INFS 601 (concurrent enrollment is not sufficient). Must be familiar with discrete mathematics, and be Web and PDF capable.
Textbook:
M.Bishop, Computer Security. Art and Science, Addison-Wesley 2003, ISBN 0-201-44099-7
(Make sure you check out the errata at: http://nob.cs.ucdavis.edu/book/book-aands/index.html)
References:
M. D. Abrams, S. Jajodia, and H. J. Podell, eds., Information Security: An Integrated Collection of Essays. IEEE Computer Society Press, 1995
A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996
E. Amoroso, Fundamentals of Computer Security Technology, Prentice Hall, 1994
C.Kaufman, R.Perlman, and M.Speciner. Network Security: Private Communication in a Public World. 2nd ed. Prentice Hall, 2002
R.Anderson, Security Engineering, John Wiley and Sons 2001
H.X.Mel, D.Baker, Cryptography Decrypted, Addison-Wesley 2001
M.E.Whitman, H.J.Mattord, Principles of Information Security, Thomson Course Technology 2003
D. E. Denning, Cryptography and Data Security, Addison Wesley 1982
Grading Policy (tentative):
|
Academic Integrity: |
All students must follow the university, school and department's policies regarding academic integrity. Violation of the Honor Code will result in a grade of F for the course and penalties imposed by the university and/or the ISE department.) |
|
Grading: |
The grades are based on four homework assignments (4 x 7.5%), a midterm exam (closed-book in-class, 30%), and a final exam (closed-book in-class, 40%). The final grades will be assigned by "curving" the overall class performance. |
|
Policy: |
Late homework will be accepted with 10% penalty for each day past due, but the submission will no longer be accepted once the homework is discussed in class. You are excused from an exam ONLY under a university-approved condition, such as sickness with a doctor's note. Other events such as a business travel are not excused. |
Schedule (subject to change without notice):
|
Date |
Topic |
Readings |
Suggested Exercises |
Handout |
Homework Assignment | Note |
|
01/24 |
Introduction |
Chapter 1 and 2 |
Ch1(1,4,9,10) Ch2(1,4,5) | handout1 | Page 25,31,32 of the handouts have been updated since first posted. Page 37 of the textbook has errors. See errata here and here. | |
|
01/31 |
Foundational Results and Mechanisms | Chapter 3.1-3.2, 15.1-15.2 | Ch15(1,2,3,6) | handout2 |
|
the HRU Paper (not required) |
|
02/07 |
Security Policies/Confidentiality Policies |
Chapter 4 |
Ch4(3,4,5,6) Ch5(2) | handout3 | HW1
Solution Due 02/21 |
the FAF Paper (not required). Page 23 and 41 of the handouts have been updated. |
|
02/14 |
Integrity Policies and Hybrid Policies |
Chapter 5 |
Ch6(2,3,10) Ch7(1,7) | handout4 |
|
|
| 02/21 |
Role base access control (RBAC)
|
1. Presentation on RBAC standard (courtesy Wilfredo Alvarez) 2."A Proposed Standard for Role Based Access Control from The RBAC Standard |
1. (ppt) 2. (PDF) |
HW2 Solution Due 03/7
For Question 4, pls read this handout p 57-68 |
Page 53,55,56 of handouts are updated. the LBAC Paper , RBAC96 RBAC97 (not required) The RBAC Standard | |
|
02/28 |
Integrity Policies and Hybrid Policies |
Chapter 6, 7.1, 7.4 (skip 7.2-7.3)
|
Ch9(2,6) Ch11(3) | handout5 |
|
FIPS 46-2 (DES) The Enigma Cipher |
| 03/07 | Midterm Exam | Material to Date | ||||
|
03/14 |
Spring break |
|
||||
|
03/21 |
Cryptography
II (Public-key Crypto) |
Chapter 9 |
Ch9(16,18.20) | handout6 | HW3 Solution | SHA-1 Collision Breaking RSA easier than factoring PRIMES is in P Crypto FAQ |
|
03/28 |
Key Management |
Chapter 10 |
Ch10(7) | handout7 | Needham-Schroeder Otway-Rees Kerberos@MIT X.509 | |
|
04/04 |
Protocols | Chapter 11.3-11.4 | Ch11(10) | handout8 |
|
Internet Is Already Too Secure SSL3.0 IPsec |
|
04/11 |
Authentication and
Identity |
Chapter 12, 14 |
Ch12(6,7,8,12,13) | handout9 | HW4 Solution | UNIX password Lamport's Scheme EKE Gummy Bears Beat Biometrics Lamport Animation |
|
04/18 |
Information Flow and |
Chapter 16, 17 (skip 16.4, 17.3.1-17.3.2) |
Ch16(1) | handout10 |
|
VoIP tracing Denning76 Foley89 Denning277 |
| 04/25 | Noninterference and Policy Composition | Chapter 8 | handout11 | |||
|
05/02 |
To be determined |
|
FinalReview | |||
|
05/09 |
Final Exam |
Material
After Midterm |
(The handouts will borrow heavily from M.Bishop's slides that can be found here. The handouts will also contain materials by Dr. Sushil Jajodia)