(A Chartered University)

Fall 2016

CSIT 421 – Information Security (3 Credits Hrs)

Course Outline and Lesson Plan


Instructor Information:


Dr Saad Bin Saleem




Office Hours

  • 11:00 am to 12:00 pm on Monday, Wednesday and Friday.
  • Any other time only by appointment.

Teaching Assistant

  • Suneel Amir


Course Information:


CSIT 421




Information Security

Course Description

The purpose of this course is to help students to gain understanding of basic concepts relevant to information security and to train them to use the protection techniques against malicious attacks. The course will remain focused on three areas cryptography, program security and network security.

Class meet

Tuesday and Thursday: 12:30 to 01:45

Room: S-210



Pre- Requisite

COMP 311 Computer Networks

Course web page 2016/CSIT421.htm

Learning Objectives

Upon the completion of this course, the students are expected to have the following conceptual knowledge and can apply the learned concepts in the real world scenarios.        

  • The understanding of basic concepts relevant to information security.
  •  Able to identify assets in the system and will know the various types of threats to the assets.
  • Knowledge of the basic principles and techniques relevant to authentication and access control.
  • The understanding of basic algorithms of cryptography and will be able to implement the learned algorithms.
  • Able to categories security faults in a program and will have deep understanding about the buffer overflow program fault.
  • Able to perform the denial of service chargen attack on a venerable website. 

Text Book

  • Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing, 5th edition, Prentice Hall, ISBN-13: 978-0132390774.(Download the pdf version of 3rd edition)

Reference Books

  • Ross J. Anderson, Security Engineering: a guide to building Dependable Distributed systems, 2nd Edition, Wiley Publications, ISBN-13: 978-0470068526.
  • John Viega  and Gary McGraw   (2011), Building Secure Software: How to Avoid Security Problems the Right Way (Paperback) (Addison-Wesley Professional Computing Series), 1st edition, Addison-Wesley Professional.
  • Helen F. Gaines, Cryptanalysis: A Study of Ciphers and Their Solution, Dover Publications, ISBN-13: 978-0-486-20097-2.
  • Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, Wiley, ISBN-13: 978-0471117094.

Important to know

·         All the assignments are due before midnight on the due date at 11:59 pm.

·         In this course, the students can be called to appear for a viva randomly to determine their knowledge. However, it is compulsory for students to appear in the viva sessions arranged by the instructor. 

·         The late assignments will not be graded, unless previous accommodations have been made with the course instructor.

·         There will be no retake for the quiz, unless previous accommodations have been made with the course instructor.

·         The students are advised to attend all lectures. However, 85% attendance is compulsory for this course. It is entirely the students' responsibility to recover any information or announcements presented in lectures from which they were absent.

·         Any work you submit in this course that should be your own.

·         You are not allowed to submit a work of a fellow or a work which you have done together with a peer.

·         You are allowed to work in the groups only with the permission of course instructor or only if he asks you to form groups in the class. Otherwise an unauthorized group effort will be considered as an academic dishonesty.

·         You may discuss homework in a general way with your fellows. However, you are not allowed to copy or consult anyone else's written work.

·         You are guilty of academic dishonesty if:

                                I.            You examine another's solution to an assignment/quiz/project/exam

                             II.            You allow another student to examine your solution of an assignment/quiz/project/ lab-work or any exam.

                           III.            You fail to take reasonable care to prevent another student from examining your solution and that student does examine your solution.

Course Policy:

In case of unauthorized group efforts, academic dishonesty/fraud, cheating and plagiarism following policy is applicable (All cases of breach of Academic Integrity will be reported to head of department at first instance. The instructor of this course can report such cases to Vice Rectors’ office/AIC) directly. The following are key points of course policy to remember.


·         ZERO TOLERANCE POLICY on any academic integrity breach for midterm exam, final exam, assignments, quizzes and project.    

·         Cheating or violation of academic integrity in any exam/project will cause F grade in the course.

·         In this course, the instructor will take attendance quiz randomly without announcing in advance.

·         In this course, the instructor can judge the discipline of a student and can deduct discipline marks whenever necessary.

·         All the assignments should be submitted to the email with subject CSIT421 Spring 2016.

·         You should name your document with your roll number for each assignment while sending on the “”.  


Grading Policy:

·         The relative method of grading will be adopted in this course.

·         One percent from the overall 5 percent absolute attendance marks will be deducted if you are absent during the attendance quiz.

·         Misbehavior or disturbance in the class will lead to the deduction of 1% absolute mark from the overall discipline marks.

·         In this course, all the assignments and all the quizzes will be added in the overall grading.

·         In this course, 10% is the weight of each assignment and 2.5% is the weight of each quiz.


Assessment Criteria

Attendance quizzes








Midterm exam


Final exam




Lesson Plan

Week no


Activities and Deadlines


Course Introduction:

  • The objectives of course.
  • Why students need to study this course.
  • How this course will help students in shaping their careers.
  • The teaching strategy I am adopting.
  • The course assessment criteria.


Introduction to Security in Computing

  • What is mean by the security?
  • What is Computer security
  • What is Information Security? 
  • Why we need to study Information Security?
  • Assets in Computer and Values of assets.
  • Threats, vulnerabilities and controls.
  • Confidentiality, Integrity, availability and Accountability (CIAA).  
  • Types of threats.
  • Types of attackers.






2, 3 and



Authentication and Authorization

  • Introduction to Authentication.

o   What is Authentication?

o   Identification versus Authentication.

o   Categories of Authentication.

o The Authentication Mechanism.

  • Authentication Methods.  

o Single Sign-on Authentication.

  • Introduction to Authorization or Access control.

o   The basic access control model.

o   Elementary access operations.

  • Access Control Methods.

o   Discretionary Access Control (ACL and C-List).

o   Mandatory Access Control (MAC).

o   Role-Based Access Control (RBAC).


Quiz 1 results







Quiz 2 results

4, 5 and 6

Cryptography in Detail 

  • Terminology and Background

o  Basic communication

o   Threats to messages

o   Basic terminology and notations

o   Requirements for crypto protocols

o   Representing characters

  • Basic types of Ciphers

Symmetric encryption

  • Substitution ciphers

o  The Caesar cipher

o   Vigenere tableau cipher

o  On-Time pad ciphers

1.      Vernam cipher

2.      Book cipher

  • Transposition cipher
  • Product ciphers

o  Stream cipher

o  Block cipher

  • Advanced Encryption Standard (AES) Algorithm.

Asymmetric encryption



 Assignment1 Description

(Deadline: 1st November, 2016 at 11:59 pm)










Understanding Cryptography. (A book by Professor Christof Paar and Jan Pelzl.)






Assignment1 Results



Revision Midterm Exam






Your midterm will be held on Thursday 27th October, 2016.


8, 9 and 10

Program Security

  • Introduction to program security.
  • Taxonomy of programming flaws.
  • Unintentional (no malicious programming flaws).

o  Buffer overflow.

o  Integer overflow.

o Incomplete mediation.

  • Buffer overflows in detail.
  • Introduction to malicious code.

(Viruses, Worms, Trojan horses, Time bomb, Logic bomb, Rabbit, Bacterium).  



Quiz 3 will be announced in the class.



Assignment2 Description (Deadline: 30th November, 2016.)


11, 12 and 13

Security in Networks

  • Introduction to Networks.

o   ISO OSI reference model.

  • Security issues in internet protocols.
  • Network security.

o   Network Vulnerabilities

o   Who Attacks Networks

o   Denial of service (Web failure, Flooding attacks).

  • Distributed denial of service (Scripted denial of service attacks).  
  • Network Defense tools

o   Firewalls.

o   Intrusion Detection.  



Assignment3 Description (Deadline: 11th December, 2016)


Final Exam


Your final exam will be held on Monday 19th December, 2016 from 2:00 pm to 4:00 pm.