University: Jinka University

College/Faculty: Natural and Computational Science

Course title: Computer Security

Course code: COSC4035

Credit hours: 3 ECTS: 5 Contact hrs: 2 Lab hrs: 3 Tutorial hrs: 1

Prerequisite: CoSc2032-Data Communications and Computer Networks

Course category: compulsory

Year: IV Semester: I

Course Description

To familiarize students with the security issues and technologies involved in modern information
systems, including computer systems and networks and the various ways in which information systems
can be attacked and tradeoffs in protecting networks.
Course objectives

By the end of this course, students will be able to:

 Understand the basic concepts in information security, including security attacks/threats, security
vulnerabilities, security policies, security models, and security mechanisms
 Understand the concepts, principles and practices related to elementary cryptography, including
plain-text, cipher-text, the four techniques for crypto-analysis, symmetric cryptography,
asymmetric cryptography, digital signature, message authentication code, hash functions, and
modes of encryption operations.
 Understand issues related to program security and the common vulnerabilities in computer
programs; including buffer overflow vulnerabilities, time-of-check to time-of-use flaws,
incomplete mediation.
 Explain and compare security mechanisms for conventional operating systems, including
memory, time, file, object protection requirements and techniques and protection in
contemporary operating systems.
 Understand the basic requirements for trusted operating systems, and describe the independent
evaluation, including evaluation criteria and evaluation process.
 Describe security requirements for database security, and describe techniques for ensuring
database reliability and integrity, secrecy, inference control, and multi-level databases.
 Describe threats to networks, and explain techniques for ensuring network security, including
encryption, authentication, firewalls, and intrusion detection.
 Explain the requirements and techniques for security management, including security policies,
risk analysis, and physical threats and controls.
 Course outline

Chapter 1: Introduction to Computer Security (3 hrs) Chapter 3: Cryptography and Encryption Techniques

1.1 Basic concepts of computer security 3.1 Basic cryptographic terms

1.2 Threats, vulnerabilities, controls, risk 3.2 Historical background
1.3 Goals of computer security 3.3 Cipher Techniques
1.4 Security attack 3.3.1 Transposition Cipher
1.5 Security policies and mechanisms 3.3.2 Substitution Cipher
1.6 Prevention, detection, and deterrence 3.4 Conventional encryption algorithms
1.7 Software security assurance 3.5 Cryptanalysis
Chapter 2: Computer Threat (4 hrs) 3.6 Cryptographic Systems
3.6.1 Symmetric key cryptography
2.1 Malicious code
3.6.1.1 DES
2.1.1 Viruses
3.6.1.2 3DES
2.1.2 Trojan horses
3.6.1.3 AES
2.1.3 Worms
3.6.1.4 Block Cipher Modes
2.1.4 Spy-wares, etc.
3.6.2 Public key cryptography
2.2 Class of Attacks
3.6.2.1 Diffie-Hellman
2.2.1 Reconnaissance
3.6.2.2 RSA
2.2.2 Access
3.6.3 Digital Signature
2.2.3 Denial of Service, etc.
3.6.3.1 Using Public Key
2.3 Program flaws
3.6.3.2 Using Message Digest
2.3.1 Buffer overflows
3.6.3.2.1 MD4family
2.3.2 Time-of-check to time-of-use flaws
3.6.3.2.2 SHA family
2.3.3 Incomplete mediation
3.6.3.2.3 RIPEMD
2.4 Controls to protect against program flaws in execution
3.6.4 Public key Infrastructure (PKI)
2.4.1 Operating system support and administrative
3.6.4.1.1 Trusted Third Party
controls
3.6.4.1.2 Certification
2.5 Program Security Defenses
3.6.4.1.3 Key Distribution
2.5.1 Software development controls and Testing techniques
3.6.4.1.4 PKI Topology
2.5.2 Database management systems security
3.6.4.1.5 Enrollment and
Revocation Procedures
Chapter 4: Network Security (4 hrs) 6.1.2.1 Fingerprint
6.1.2.2 Palm Scan
4.1 Network security basics
6.1.2.3 Hand Geometry
4.2 Threats on network
6.1.2.4 Iris Scan
4.3 Trust, Weaknesses, Risk and Vulnerabilities
6.1.2.5 Signature Dynamics
4.4 TCP/IP Suit Weaknesses and Buffer Overflows
6.1.2.6 Voice Print
4.5 Network security protocols
6.1.2.7 Facial Scan
4.5.1 Application layer security
6.1.2.8 Hand Typography
4.5.1.1 Web security
6.1.3 AAA server
4.5.1.2 E-mail security
6.1.4 Smart card and memory cards
4.5.2 Transport layer security
6.1.5 Kerberos
4.5.3 Network layer security
6.2 Access control basics
4.5.4 Link layer security
6.3 Access control models
4.5.5 Physical security
6.3.1 Discretionary Access Control (DAC)
4.6 Wireless security
6.3.2 Mandatory Access Control (MAC)
Chapter 5: Security Mechanisms (3 hrs)
6.3.3 Role-Based Access Control (RBAC)
5.1 Firewall
5.2 Proxy server Chapter 7: Administering security (2 h
5.3 IDS/IPS 7.1 Security planning
5.4 Virtual Private network 7.2 Risk analysis
Chapter 6: Authentication and Access control (3 hrs) 7.3 Security policies
6.1 Authentication basics 7.4 Cyber security
6.1.1 Password and Passphrase 7.5 Ethics
6.1.2 Biometrics
Lab content: using OpenSSL

Lab 1: Installing and configuring OpenSSL

Lab 2: Introduction and commands used in OpenSSL

Lab 3: Encryption using conventional algorithms

Lab 4: Symmetric encryption with OpenSSL

Lab 5: Encrypting file using DES

Lab 6: Asymmetric encryption with OpenSSL

Lab 7: Encrypting file using RSA

Lab 8: Combination of DES and RSA

Lab 9: Digital Certification with OpenSSL

Lab 10: Digital Signature

Assessment methods

Assignment/quizzes 10 %

Mid semester examination 20%

Project ` 20%

Final examination 50%

Text books:

 Security in Computing, Charles P. Pfleeger and Shari L. Pfleeger. (3rd edition), Prentice-Hall,
2003
References:

1. Computer Security, Dicter Gouman, John Wiley & Sons

2. Computer Security: Art and Science, Mathew Bishop, Addison-Wesley
3. Principles of Information Security, Whitman, Thomson.
4. Network security, Kaufman, Perl man and Speciner, Pearson Education
5. Cryptography and Network Security, 5th Edition William Stallings, Pearson Education
6. Introduction to Cryptography, Buchmann, Springer.