C11T2105: Introduction to Computer Security

Instructor: Mwiigo Daniel Class Hours: 9:00AM-11:00AM

Semester: 2nd 2024
Office: CSIT

A. Course Description:

General concepts and applied methods of computer security, especially as they relate to
confidentiality, integrity, and availability of information assets. Topics include system security
analysis, access control and various security models, identification and authentication, protection
against external and internal threats, network protocols and Internet security.

B. Course Objectives:

This course provides a broad introduction to a variety of topics in applied computer, network, and
system security. These include system/software vulnerabilities, applied cryptography, host-based
and network-based security, privacy, anonymity, usability, security economics, risks and
vulnerabilities, policy formation, controls and protection methods, and issues of law and privacy.

C. Course Outline (TENTATIVE):

1. Introduction to computer security

o Overview of Computer Security Concepts and Foundations
o Threats, Attacks, and Assets
2. Computer Security Technology and Principles
o User Identification and Authentication
o Access Control
o Database and Cloud Security
o Malicious Software
o Denial-of-Service Attacks
o Intrusion Detection
o Firewalls and Intrusion Prevention Systems
3. Software Security and Trusted Systems
o Buffer Overflow
o Software Security
o Operating System Security
o Database Security
o Trusted Computing and Multilevel Security
4. Management Issues
o Security Management and Risk Assessment
o Human Resources Security
 oLegal and Ethical Aspects
5. Cryptographic Algorithms
o Symmetric Encryption and Message Confidentiality
o Public-Key Cryptography and Message Authentication
6. Networking and Distributed System Security
o Internet Security Protocols and Standards
o Network and Web Security
o Distributed System Components and Security

D. Textbook and Materials:

(1) Dieter Gollman, “Computer Security”, 3rd edition, 2011

(2) William Stallings, Lawrie Brown, "Computer Security: Principles and Practice", Prentice
Hall, 3rd edition

E. Grading (Tentative):

Your semester grade will be based on a combination of homework and lab assignments, quizzes,
attendance, midterm exam, and a final exam. The approximate percentages are as follows:

Grading Policy

• 30% - Assignments
• 70% - Exams
Course Outcomes:

1. Describe the functioning of various types of malicious code, such as viruses, worms,
trapdoors.
2. Enumerate programming techniques that enhance security.
3. Explain the various controls available for protection against internet attacks, including
authentication, integrity check, firewalls, intruder detection systems.
4. Describe the different ways of providing authentication of a user or program.
5. Describe the mechanisms used to provide security in programs, operating systems,
databases and networks.
6. Describe the background, history and properties of widely-used encryption algorithms.
7. Describe legal, privacy and ethical issues in computer security.
8. List and explain the typical set of tasks required of an information security professional.
9. Describe the principles of steganography and watermarking
 Application and Analysis

1. Compare different access control, file protection or authentication mechanisms.

2. Set up file protections in a Unix or Windows file system to achieve a given purpose.
3. Incorporate encryption, integrity check and/or authentication into a given program or
algorithm.
Synthesis and Evaluation
1. Appraise a given code fragment for vulnerabilities.
2. Appraise a given protocol for security flaws.
3. Assess risk for a given network system using publicly available tools and techniques.