Courses Catalogue

Network & Information Security

COURSE CODE: ITE 320
COURSE CREDIT UNIT: 3
ACADEMIC PROGRAMME: Computer Science, B.Sc
COLLEGE/SCHOOL/FACULTY: School of Mathematics and Computing
STATUS: Core
PROGRAMME TYPE: Undergraduate

Course Content and Outline

Course Topics:

1. Introduction 2hrs

  • Course introduction (syllabus, policies, projects, and recent cyber threats overview)
  • An overview of information security: confidentiality, integrity, and availability

2.         Understanding the Threats 2hrs

  • Malicious software (Viruses, trojans, rootkits, worms, botnets)
  • Memory exploits (buffer overflow, heap overflow, integer overflow, format string)

3.         Formalisms 2hrs

  • Access control theory, access control matrix
  • Information flow

1.             Policy 3hrs

  • Security policies
  • Confidentiality policies (BLP model)
  • Integrity policies (Biba, and Clark-Wilson model)
  • Hybrid policies (Chinese Wall model, role-based access control)

2.             Implementation I: Cryptography 6hrs

  • Block and stream ciphers
  • Cryptographic hash functions, Message Authentication Codes (MAC)
  • Public and private key systems
  • Message digests. Approximate strength of ciphers
  • Authentication
  • Password system

3.              Implementation II: Systems 6hrs

  • Secure design principles (Least-privilege, fail-safe defaults, complete mediation, separation of privilege)
  • TCB and security kernel construction
  • System defense against memory exploits
  • UNIX security and Security-Enhanced Linux (SELinux)
  • Windows security

4.             Network Security 6hrs

  • TCP/IP security issues
  • DNS security issues and defenses
  • TLS/SSL
  • Network Intrusion detection and prevention systems
  • Firewalls

 

5.            Software Security 6hrs

  • Vulnerability auditing, penetration testing
  • Sandboxing
  • Control flow integrity

6.            Web Security 6hrs

  • User authentication, authentication-via-secret and session management
  • Cross Site Scripting, Cross Site Request Forgery, SQL Injection

7.            Legal and Ethical Issues 6hrs

  • Cybercrime and computer crime
  • Intellectual property, copyright, patent, trade secret
  • Hacking and intrusion
  • Privacy, identity theft.