MET CS 895: Developing Secure Systems

Last updated: Monday, May 5, 2006.  The most recent updates are usually in red type

Description: This course is designed for Information professionals who intend to be experts in security policies, procedures, and techniques.  It provides the basis for specialization in areas of security.

 

Background of Instructors red if changed

Learning Objectives red if changed

Evaluation of Students red if changed

Plagiarism red if changed

Forum red if changed

Policies for class  red if changed

Home page for Eric Braude

Textbooks and Materials red if changed

Homework and due dates red if changed             

Topics, Class Dates, and Readings red if changed

How to Contact Eric Braude red if changed

 
  • Meeting Time: Wednesdays Noon  through 3:00 pm EST             
  • Meeting Place: Andover
  • Prerequisites: The prerequisites are as follows, but can be superseded with the consent of the instructor.
    • A course in or experience with programming, preferably in Java, C++ or C#
    • Knowledge of data communication fundamentals             

Learning Objectives: Students will …

·        Understand the principles of security

·        Recognize and evaluate security threats

·        Understand the source of security threats

·        Understand the basics of security-aware design and development

·        Plan for security threat mitigation

Textbook and Materials

“Security in Computing,” Third Edition (Hardcover) by Charles P. Pfleeger, Shari Lawrence Pfleeger; Prentice Hall PTR (December 2, 2002); ISBN: 0130355488

 

Reference Material

 

An Alternative to the Textbook:

Computer Security (Paperback) by Dieter Gollmann; John Wiley & Sons; 2 edition (January 18, 2006); ISBN: 0470862939

 

Security in Networks:

Network Security Essentials (2nd Edition); by William Stallings; Prentice Hall; 2 edition (November 20, 2002); ISBN: 0130351288

 

Policy (Not technical)

Information Security Policies and Procedures: A Practitioner's Reference, Second Edition; by Thomas R. Peltier; AUERBACH; 2 edition (May 20, 2004); ISBN: 0849319587

 

Design (Very technical)

Secure Systems Development with UML; by Jan Jürjens; Springer; 1 edition (November 23, 2004)

ISBN: 3540007016

Background of Instructors

Please see the links as shown.

Background of Eric Braude

Background of Lou Chitkushev

Background of Suresh Kalathur

Background of Anatoly Temkin

Evaluation of Students

There will be a midterm, a final, and homework assignments.  The exact weights will be determined during the first third of the course, and will be in the following range.

 

weight

Midterm 

35-50%

Final

35-50%

Homework’s

10-30%

Parts of assignments are evaluated equally unless otherwise stated.

Late homework is not accepted unless there is a reason why it was impossible to perform the work. In that case, the written reason should be attached to the homework, which will be graded on a pass/fail basis.

Please also read detailed information about grade averaging method.

Plagiarism

 

Please cite all references and uses of the work of other.  All instances of plagiarism must be reported to the College for action.  See plagiarism policy and reference.

 

Topics, Class Dates, and Readings

Class

#

Date

Instructor

Textbook Readings

Topic

1

May 3

Eric Braude

Chapter 1

Chapters 3 and 9 are additional background

The Context of Security

A review of the threat environment

2

May 10

Eric Braude

Chapter 8

Except 8.2

 

Policies and Procedures

We will review the kinds of overall policies and specific procedures that organizations devise in order to counter security threats.

3

May 17

Eric Braude

Chapter 9 is general background

Security Among Web Services

This class reviews various methods for designing securely on the Internet, from HTTPS to the WS-Security specifications.

4

May 24

Eric Braude

Pages 160-162,

Specifying Secure Requirements Designs

How design notations, including the Unified Modeling Language, can specify security.

5

May 31

Lou Chitkushev

Chapter 8

Developing Security in Distributed Systems

6

June 7

Anatoly Temkin

Chapters 2 and 10

Applying Cryptographic Elements

Encryption, conventional and public key; message digest and digital signature; key management

7

June 14

Lou Chitkushev

Chapter 8

 

Developing Network Security

Authentication systems, security standards, Kerberos, public key infrastructure; IPsec, SSL/TLS; PEM, S/MIME; PGP; Firewalls

8

June 21

Eric Braude

 

Midterm

9

June 28

Eric Braude

 

Applying Language Level Security;

Testing for Security

Security policies and permissions, access control, secure class loading, security management

10

July 5

Eric Braude

Section 8.2

 

Developing Security Risk Analyses

 

Definitions, factors, risk types

11

July 12

Eric Braude

Section 8.2

 

Applying Security Risk Analysis

 

Risk calculations; trade-offs

12

July 19

Suresh Kalathur

Chapter 4

 

Developing Protection in General Purpose Operating Systems

 

Access control lists; file protection; authentication

13

July 26

Suresh Kalathur

Chapter 5

 

Designing Trusted Operating Systems

 

Security policies; security models; assurance; examples

14

August 2

Eric Braude

 

Final

Forum

Web Site: http://groups.yahoo.com/group/895Su06/

Post message:

895Su06@yahoogroups.com

Subscribe:

895Su06-subscribe@yahoogroups.com

Unsubscribe:

895Su06-unsubscribe@yahoogroups.com

List owner:

895Su06-owner@yahoogroups.com