MET CS 895 Developing Secure Systems
Last updated: Monday, May 5, 2006. The most recent updates are usually in red type
Description: This course is designed for Information professionals who intend to be experts in security policies, procedures, and techniques. It provides the basis for specialization in areas of security.
| Background of Instructors red if changed | Learning Objectives red if changed |
| Evaluation of Students red if changed | Plagiarism red if changed |
| Forum red if changed | Policies for class red if changed |
| Home page for Eric Braude | Textbooks and Materials red if changed |
| Homework and due dates red if changed | Topics, Class Dates, and Readings red if changed |
| How to Contact Eric Braude red if changed |
- Meeting Time: Wednesdays Noon through 3:00 pm EST
- Meeting Place: Andover
- Prerequisites: The prerequisites are as follows, but can be superseded with the consent of the instructor.
-
- A course in or experience with programming, preferably in Java, C++ or C#
- Knowledge of data communication fundamentals
Learning Objectives: Students will …
- Understand the principles of security
- Recognize and evaluate security threats
- Understand the source of security threats
- Understand the basics of security-aware design and development
- Plan for security threat mitigation
Textbook and Materials
“Security in Computing,” Third Edition (Hardcover) by Charles P. Pfleeger, Shari Lawrence Pfleeger; Prentice Hall PTR (December 2, 2002); ISBN: 0130355488
Reference Material
An Alternative to the Textbook:
Computer Security (Paperback) by Dieter Gollmann; John Wiley & Sons; 2 edition (January 18, 2006); ISBN: 0470862939
Security in Networks:
Network Security Essentials (2nd Edition); by William Stallings; Prentice Hall; 2 edition (November 20, 2002); ISBN: 0130351288
Policy (Not technical)
Information Security Policies and Procedures: A Practitioner’s Reference, Second Edition; by Thomas R. Peltier; AUERBACH; 2 edition (May 20, 2004); ISBN: 0849319587
Design (Very technical)
Secure Systems Development with UML; by Jan Jürjens; Springer; 1 edition (November 23, 2004)
ISBN: 3540007016
Background of Instructors
Please see the links as shown.
Background of Eric Braude
Background of Lou Chitkushev
Background of Suresh Kalathur
Background of Anatoly Temkin
Evaluation of Students
There will be a midterm, a final, and homework assignments. The exact weights will be determined during the first third of the course, and will be in the following range.
| weight | |
| Midterm | 35-50% |
| Final | 35-50% |
| Homework’s | 10-30% |
Parts of assignments are evaluated equally unless otherwise stated.
Late homework is not accepted unless there is a reason why it was impossible to perform the work. In that case, the written reason should be attached to the homework, which will be graded on a pass/fail basis.
Please also read detailed information about grade averaging method.
Plagiarism
Please cite all references and uses of the work of other. All instances of plagiarism must be reported to the College for action. See plagiarism policy and reference.
Topics, Class Dates, and Readings
| Class
# |
Date | Instructor | Textbook Readings | Topic |
| 1 | May 3 | Eric Braude | Chapter 1
Chapters 3 and 9 are additional background |
The Context of Security
A review of the threat environment |
| 2 | May 10 | Eric Braude | Chapter 8
Except 8.2
|
Policies and Procedures
We will review the kinds of overall policies and specific procedures that organizations devise in order to counter security threats. |
| 3 | May 17 | Eric Braude | Chapter 9 is general background | Security Among Web Services
This class reviews various methods for designing securely on the Internet, from HTTPS to the WS-Security specifications. |
| 4 | May 24 | Eric Braude | Pages 160-162, | Specifying Secure Requirements Designs
How design notations, including the Unified Modeling Language, can specify security. |
| 5 | May 31 | Lou Chitkushev | Chapter 8 | Developing Security in Distributed Systems |
| 6 | June 7 | Anatoly Temkin | Chapters 2 and 10 | Applying Cryptographic Elements
Encryption, conventional and public key; message digest and digital signature; key management |
| 7 | June 14 | Lou Chitkushev | Chapter 8
|
Developing Network Security
Authentication systems, security standards, Kerberos, public key infrastructure; IPsec, SSL/TLS; PEM, S/MIME; PGP; Firewalls |
| 8 | June 21 | Eric Braude | Midterm | |
| 9 | June 28 | Eric Braude | Applying Language Level Security;
Testing for Security Security policies and permissions, access control, secure class loading, security management |
|
| 10 | July 5 | Eric Braude | Section 8.2
|
Developing Security Risk Analyses
Definitions, factors, risk types |
| 11 | July 12 | Eric Braude | Section 8.2
|
Applying Security Risk Analysis
Risk calculations; trade-offs |
| 12 | July 19 | Suresh Kalathur | Chapter 4
|
Developing Protection in General Purpose Operating Systems
Access control lists; file protection; authentication |
| 13 | July 26 | Suresh Kalathur | Chapter 5
|
Designing Trusted Operating Systems
Security policies; security models; assurance; examples |
| 14 | August 2 | Eric Braude | Final |
Forum
Web Site: http://groups.yahoo.com/group/895Su06/
| Post message: | 895Su06@yahoogroups.com |
| Subscribe: | 895Su06-subscribe@yahoogroups.com |
| Unsubscribe: | 895Su06-unsubscribe@yahoogroups.com |
| List owner: | 895Su06-owner@yahoogroups.com |