COE 449: Network Security Engineering


Instructor   Dr. Adnan GutubEmail:  adnangutub 'at'


Course Objective:

Develop a fundamental understanding of concepts underlying the field of network security.



Consent of Instructor.


Helpful Books:

Introduction to Computer Security, Matt Bishop, Book site , Slides ppt


Grading Policy:

      Attendance 5%

      Assignments & Quizzes 50%

      Paper Summary & presentation 15%

      Exam 30%


Grades of Term 081: pdf


Paper Summary & Presentation:

v     Each student needs to give the instructor three papers to choose from for their ppt presentation. These three papers should be submitted before the end of Week 6 (15 November 2008).

v     The instructor will assign a paper for the student to work on. The chosen paper should be understood in depth and a one page summary report is to be submitted. The report should be in the students own words and not copied from the resources. This summary report should be submitted by the end of Week 10 (20 December 2008).

v     Note that the papers should be on related topic to the course, from reputable journals or conferences, and should not be more than two years old.

v     The presentations are to be arranged for minimum 15 min and not to exceed 20 min.

v     Selected Paper & Presentation Schedule (Evaluation form: pdf)


Late Attendance:

Attendance will be taken at the beginning of the lectures. If you are late, you are recommended to attend with some marks lost from the attendance grade (please inform the instructor to mark you late and not absent - by the end of the lecture).



      HW 1 - Due 27 October 2008. pdf

      HW 2 - Due 10 November 2008. pdf

      HW 3 - Due 17 November 2008. pdf

      HW 4 - Due 29 November 2008. pdf

      HW 5 - Due 12 January 2009. pdf




Q     Quiz 1 on Ch.1, Monday 27 October 2008. pdf

Q     Quiz 2 on Ch.2 & 4, Monday 10 November 2008. pdf

Q     Quiz 3 on Ch.8, Monday 29 December 2008. pdf

Q     Quiz 4 on Ch.8 & 9, Monday 5 January 2009. pdf

Q     Quiz 5 on Ch.11 & 12 & 19, Saturday 17 January 2009. pdf

Q     Quiz 6 on Ch.21 & 22 & 23, Monday 26 January 2009. pdf




Lectures Topics:

         Overview of Computer Security (Ch 1) pdf week1

o       Components: C I A; Threats; Policy & Mechanism; Assurance; Operational Issues; Human Issues

         Access Control (Ch 2, 14) pdf week2,3

o       Protection State; Access Control Matrix Model; Protection State Transitions: Commands

o       Access Control Mechanisms: Access control lists, Capabilities, Locks and keys, Ring-based access control

         Polices (Ch 4, 5, 6, 7) pdf weeks 4,5

o       Security Policies: Authorized & Unauthorized, Secure system, C I A, Examples of Security policy & Mechanism, 4-Types of policies, Trust, Types of Access Control, E-Mail Policy

o       Confidentiality Polices: BLP Model, Read/Write & Security Levels: Property & *Property

o       Integrity Policies: 5 Requirements of Policies, 3 Principles of Operation, Biba Integrity Model & Example, Clark-Wilson Integrity Model, Model Components: CDI, UDI, IVP, TP & Rules

o       Hybrid Polices: Chinese Wall (CW) Model, CD & COI classes, CW Example, CW-Simple Security Condition, CW-*-Property, comparisons to other models

         Cryptography I (Ch 8) pdf weeks 6,7,8

o       Basic Cryptography: Crypto Terminologies, Attack means, Kerckhkoffs Principle, Crypto services

o       Symmetric Key Cryptography: Substitution (Caesar), Transposition, Enigma Machine, Vigenere, Block (Hill), Vernam (one time pad)

o       Data Encryption Standard - DES, Rijndael: Advanced Encryption Standard - AES

o       Random Number Generation (RNG)

o       Asymmetric Key Cryptography RSA: Idea, Integer Factorization Problem, Algorithm, Key generation, Examples: Encryption/Decryption, Digital Signature

o       Intro on: Elliptic Curve Cryptography ECC, Elliptic Curve Discrete Logarithm Problem, ECC Encryption & Decryption, ECC Point Operations (graphical analogy)

o       Cryptographic Checksums, Collisions, HMAC

         Cryptography II (Ch 9, 10) pdf weeks 9,10

o       Cipher Techniques: Problems - Three Attacks simple examples

         Cipher types: Stream or block ciphers; Self-Synchronous Stream Cipher, Block Ciphers - problem
Multiple Encryption Block Ciphers.

         Networks & Cryptography: Link vs end-to-end use, Examples: Privacy-Enhanced Electronic Mail (PEM) - Design; Internet Protocol Security (IPSec): Modes Protocols

o       Key Management: Key Distribution Problem: Key exchange, Session vs. interchange keys

         Classical, public key methods, Cryptographic key infrastructure, Certificates, man-in-middle attack, Digital Signatures attack

         Authentication (Ch 11) pdf week 11

o       Basics, Passwords: Generation, Storage, Guessing

         Picking good passwords, proactive password checking,

         Defending attacks: to storage - password salting, defending attacks as normal users four methods

o       Challenge-Response: one time password, Hardware support, CAPTCHA

o       Biometrics, Location, Multiple Methods

         Secure Design Principles (Ch 12) pdf week 12

o       Least Privilege, Fail-Safe Defaults, Economy of Mechanism, Complete Mediation, Open Design, Separation of Privilege, Least Common Mechanism, Psychological Acceptability

         Malicious Logic (Ch 19) pdf week 12

o       Defining malicious logic

o       Types: Trojan horses, Computer viruses and worms

         Other types: Rabbits/Bacreria, Logic Bombs

o       Defenses

         Characteristics, Trust, Countermeasures, Anti-Virus Software

         Auditing (Ch 21) pdf week 13

o       Definitions: Logger, Auditing - Auditing System Structure: Logger, Analyzer, Notifier

         Intrusion Detection (Ch 22) pdf week 14

o       History, Goals; Types: Misuse, Anomaly, Specification; Source of Data: Network, Host

o       Agents, Comparisons

         Network Security (Ch 23) pdf week 15

o       Need & Situation; Security Policy & Design : Classes (Data + User), simplified access control matrix

         Type of policies, consistency, interpretation

         Network organization: DMZ, firewalls, proxy, applications of principles