|
Campus
|
MCS
|
|
Programs
|
PG
|
|
Session
|
Fall Semester 2016
|
|
Course Title
|
Computer Security
|
|
Course Code
|
IS-820
|
|
Credit Hours
|
3+0
|
|
Pre-Requisutes
|
|
|
Course Objectives
|
To introduce the traditional Computer Security, Operating Systems, Intrusion Detection and the Security Models.
|
|
Detail Content
|
- Introduction to secure computing Introduction to Computer Security , Basic Components , threat classes Policies and Mechanism, Trust assumptions in modern computing systems, Types of mechanism, operational Issues , Human issues , Identification and AuthenticationWhy Computer systems are not secure , Internal and External Security , The System Boundary and the Security Perimeter, Automated tools for computer system related attacks, Pieces of security puzzle
- Security Policies and Models Types of policies , Trust , Trust in formal verification methods , Types of Access control method(DAC,MAC,ORCON) , Example English Policy, Confidentiality Policies , Role of a Security Model , Characteristics of a Security Model , Types of Security Models , Bellapadula model , Integrity Policies : BIBA Model, Clark Wilson Model
- Authentication Passwords and their management , Token devices , Synchronous and Asynchronous devices , Time based synchronous devices , Cryptographic keys, Memory and Smart cards , pin protected cards, one time passwords, Biometrics etc., Windows Password Security, Unix Password Security, Types of Attacks on Passwords, Password hardening techniques
- Access Control Systems and Methodology Access control fundamentals , Biometrics , Discretionary access control, Access control lists (ACLs) and capabilities, implementation of access control, confinement and revocation, Mandatory access control, MAC models and their implementation, Role-based Access Control (RBAC), Multilevel Security, Access Criteria , Single Sign on Technologies , Kerberos , SESAME, Thin Clients , comments , Directory Services , Centralized Access Control Methodologies , RADIUS , TACASC, TACACS+ , Diameter , Technical Access Control Mechanisms , Unauthorized disclosure of information (Object reuse, TEMPEST etc)
- Computer Security Evaluation Standards Assurance Rating , TCSEC(Trusted Computer Security Evaluation Criteria) , Rainbow Series , ITSEC(Information Technology Security Evaluation Criteria), CC(Common Criteria), Certification and Accreditation
- Computer Security Attacks Understanding Covert Channel Attacks, Loki attack, Trapdoors, Timing Attacks , Buffer Overflow attacks, Data Validation attacks, Trojan Horses , Viruses and Worms.
|
|
Text/Ref Books
|
- 1. Computer Security by Dieter Gollman (latest edition available)
- Introduction to Computer Security by MATT Bishop
- CISSP
- Computer Security Basics by Rick Lehtinen and G.T. Gangemi Sr.
- Security Strategies in Linux Platforms and Applications (Information Systems Security & Assurance)by Michael H. Jang
- Guide to Operating Systems Securityby Michael J. Palmer
|
|
Time Schedule
|
Fall Semester 2015
|
|
Faculty/Resource Person
|
Lec Mian Muhammad Waseem Iqbal, MS
National University of Science and Technology, Islamabad
Discipline: Information Security
Specialization: Information Security
|
|