FORMAN CHRISTIAN COLLEGE

(A Chartered University)

Spring 2017

COMP 421 – Information Security (3 Credits Hrs)

Course Outline and Lesson Plan

 

Instructor Information:

Name

Dr Saad Bin Saleem

Email

saadsaleem@fccollege.edu.pk

Office

S 214

Office Hours

  • 11:00 am to 12:00 pm on Monday, Wednesday and Friday.
  • Any other time only by appointment.

Teaching Assistant

  • Suneel Amir (TA1)

17-10615@formanite.fccollege.edu.pk

  • Muhammad Ans Qaisar (TA2)

17-10680@formanite.fccollege.edu.pk

 

Course Information:

Code

COMP 421

Credits

3

Title

Information Security

Course Description

The purpose of this course is to help students to gain understanding of basic concepts relevant to information security and to train them to use the protection techniques against malicious attacks. The course will remain focused on three areas cryptography, program security and network security.

Class meet

Tuesday and Thursday: 11:00 am to 12:15 pm

Room: S 210

Category

 

Pre- Requisite

COMP 311 Computer Networks

Course web page

http://saadbinsaleem.com/courses/infosec/Spring 2017/CSIT421.htm

Learning Objectives

Upon the completion of this course, the students are expected to have the following conceptual knowledge and can apply the learned concepts in the real world scenarios.        

  • The understanding of basic concepts relevant to information security.
  •  Able to identify assets in the system and will know the various types of threats to the assets.
  • Knowledge of the basic principles and techniques relevant to authentication and access control.
  • The understanding of basic algorithms of cryptography and will be able to implement the learned algorithms.
  • Able to categories security faults in a program and will have deep understanding about the buffer overflow program fault.
  • Able to perform the denial of service chargen attack on a venerable website. 

Text Book

  • Charles P. Pfleeger and Shari Lawrence Pfleeger, Security in Computing, 5th edition, Prentice Hall, ISBN-13: 978-0132390774.(Download the pdf version of 3rd edition)
  • Ross J. Anderson, Security Engineering: a guide to building Dependable Distributed systems, 2nd Edition, Wiley Publications, ISBN-13: 978-0470068526. The pdf copies of the book chapters are available on the book’s webpage.

 

Reference Books

  • Christof Paar and Jan Pelzl, Understanding Cryptography: A Textbook for Students and Practitioners, 1st edition, Springer Publishing Company, ISBN: 3642041000 9783642041006. Download the pdf copy of the 1st edition.
  • John Viega  and Gary McGraw   (2011), Building Secure Software: How to Avoid Security Problems the Right Way (Paperback) (Addison-Wesley Professional Computing Series), 1st edition, Addison-Wesley Professional.
  • Helen F. Gaines, Cryptanalysis: A Study of Ciphers and Their Solution, Dover Publications, ISBN-13: 978-0-486-20097-2.
  • Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd Edition, Wiley, ISBN-13: 978-0471117094.

Important to know

·         All the assignments are due before midnight on the due date at 11:59 pm.

·         In this course, the students can be called to appear for a viva randomly to determine their knowledge. However, it is compulsory for students to appear in the viva sessions arranged by the instructor. 

·         The late assignments will not be graded, unless previous accommodations have been made with the course instructor.

·         There will be no retake for the quiz, unless previous accommodations have been made with the course instructor.

·         The students are advised to attend all lectures. However, 85% attendance is compulsory for this course. It is entirely the students' responsibility to recover any information or announcements presented in lectures from which they were absent.

·         Any work you submit in this course that should be your own.

·         You are not allowed to submit a work of a fellow or a work which you have done together with a peer.

·         You are allowed to work in the groups only with the permission of course instructor or only if he asks you to form groups in the class. Otherwise an unauthorized group effort will be considered as an academic dishonesty.

·         You may discuss homework in a general way with your fellows. However, you are not allowed to copy or consult anyone else's written work.

·         You are guilty of academic dishonesty if:

                                I.            You examine another's solution to an assignment/quiz/project/exam

                             II.            You allow another student to examine your solution of an assignment/quiz/project/ lab-work or any exam.

                           III.            You fail to take reasonable care to prevent another student from examining your solution and that student does examine your solution.

Course Policy:

In case of unauthorized group efforts, academic dishonesty/fraud, cheating and plagiarism following policy is applicable (All cases of breach of Academic Integrity will be reported to head of department at first instance. The instructor of this course can report such cases to Vice Rectors’ office/AIC) directly. The following are key points of course policy to remember.

 

·         ZERO TOLERANCE POLICY on any academic integrity breach for midterm exam, final exam, assignments, quizzes and project.    

·         Cheating or violation of academic integrity in any exam/project will cause F grade in the course.

·         In this course, the instructor will take attendance quiz randomly without announcing in advance.

·         In this course, the instructor can judge the discipline of a student and can deduct discipline marks whenever necessary.

·         All the assignments should be submitted to the email fcc.submissions@gmail.com with subject COMP 421 Spring 2017.

·         You should name your document with your roll number for each assignment while sending on the “fcc.submissions@gmail.com”.  

 

Grading Policy:

·         The relative method of grading will be adopted in this course.

·         One percent from the overall 5 percent absolute attendance marks will be deducted if you are absent during the attendance quiz.

·         Misbehavior or disturbance in the class will lead to the deduction of 1% absolute mark from the overall discipline marks.

·         In this course, all the assignments and all the quizzes will be added in the overall grading.

·         In this course, 7% is the weight of each assignment and 2.5% is the weight of each quiz.

   

Assessment Criteria

Attendance quizzes

5%

Discipline

5%

Quizzes

10%

Assignments

20%

Project

10%

Midterm exam

20%

Final exam

30%

Total

100.00%

Lesson Plan

Week no

Contents

Activities and Deadlines

1 and 2

Course Introduction:

  • The objectives of course.
  • Why students need to study this course.
  • How this course will help students in shaping their careers.
  • The teaching strategy I am adopting.
  • The course assessment criteria.

 

Introduction to Security in Computing

  • What is mean by the security?
  • What is Computer security
  • What is Information Security? 
  • Why we need to study Information Security?
  • Assets in Computer and Values of assets.
  • Threats, vulnerabilities and controls.
  • Confidentiality, Integrity, availability and Accountability (CIAA).  
  • Types of threats.
  • Types of attackers.

 

 

 

 

 

 

 

 

 

 

 

 

Quiz 1 will be held in the 2nd week.

3, 4 and 5

 

Authentication and Authorization

  • Introduction to Authentication.

o   What is Authentication?

o   Identification versus Authentication.

o   Categories of Authentication.

o The Authentication Mechanism.

  • Authentication Methods.  

o Single Sign-on Authentication.

o Introduction to Authorization or Access control.

o   The basic access control model.

o   Elementary access operations.

  • Access Control Methods.

o   Discretionary Access Control (ACL and C-List).

o   Mandatory Access Control (MAC).

o   Role-Based Access Control (RBAC).

 

 

 

 

Quiz 2 will be held in the 4th week.

 

 

 

Note: Your quiz 2 will be held on Thursday 23rd February. The lecture3, lecture4 and lecture5 will be the part of the quiz.

6, 7 and 8

Cryptography in Detail 

  • Terminology and Background

o  Basic communication

o   Threats to messages

o   Basic terminology and notations

o   Requirements for crypto protocols

o   Representing characters

  • Basic types of Ciphers

Symmetric encryption

  • Substitution ciphers

o  The Caesar cipher

o   Vigenere tableau cipher

o  On-Time pad ciphers

1.      Vernam cipher

2.      Book cipher

  • Transposition cipher
  • Product ciphers

o  Stream cipher

o  Block cipher

  • Advanced Encryption Standard (AES) Algorithm.

Asymmetric encryption

 

Assignment 1 Description

(Deadline is 11:59 Monday 27th March, 2017.)

 

9

 

Revision Midterm Exam

 

 

 

 

The date for your Midterm exam will be announced in the class.

 

10, 11 and 12

Program Security

  • Introduction to program security.
  • Taxonomy of programming flaws.
  • Unintentional (no malicious programming flaws).

o  Buffer overflow.

o  Integer overflow.

o Incomplete mediation.

  • Buffer overflows in detail.
  • Introduction to malicious code.

(Viruses, Worms, Trojan horses, Time bomb, Logic bomb, Rabbit, Bacterium).  

 

 

Quiz 3 will be announced in the class.

 

 

Assignment 2 Description

 

The deadline for the Assignment 2 is Tuesday 16th May, 2017.

 

11, 12 and 13

Security in Networks

  • Introduction to network.

o   ISO OSI reference model.

  • Security issues in internet protocols.
  • Threats in Networks.

o   Network Vulnerabilities

o   Who Attacks Networks

o   Denial of service (Web failure, Flooding attacks).

  • Distributed denial of service (Scripted denial of service attacks).  
  • Network Security Controls

o   Firewalls.

o   Intrusion Detection.  

 

 

Quiz 3 will be announced in the class.

 

 

 

 

 

 

 

 

14

Final Exam

Project Description

 

The final deadline for your project is Tuesday 16th May, 2017.

 

Your final exam will be held as per the University schedule.