KING FAHD UNIVERSITY OF PETROLEUM & MINERALS
COLLEGE OF
COMPUTER SCIENCES & ENGINEERING
COMPUTER ENGINEERING DEPARTMENT
COE 449: Network Security Engineering
Instructor Dr. Adnan Gutub. Email: adnangutub 'at' gmail.com
Course Objective:
Develop
a fundamental understanding of concepts underlying the field of network security.
Prerequisite:
Consent of Instructor.
Helpful Books:
Introduction to Computer Security,
Matt Bishop, Book site , Slides ppt
Grading
Policy:
ü
Attendance 5%
ü
Assignments & Quizzes 50%
ü
Paper Summary & presentation 15%
ü
Exam 30%
Grades of Term 081: pdf
Paper Summary & Presentation:
v
Each student needs to give the instructor three
papers to choose from for their ppt presentation. These three papers should be
submitted before the end of Week 6 (15 November 2008).
v
The
instructor will assign a paper for the student to work on. The chosen paper
should be understood in depth and a one page summary report is to be submitted.
The report should be in the students own words and not copied from the
resources. This summary report should be submitted by the end of Week
10 (20 December 2008).
v
Note that the papers should be on related topic
to the course, from reputable journals or conferences, and should not be
more than two years old.
v
The
presentations are to be arranged for minimum 15 min and not to exceed 20
min.
v
Selected Paper & Presentation Schedule (Evaluation form: pdf)
Late Attendance:
Attendance will be taken at the
beginning of the lectures. If you are late, you are recommended to attend with
some marks lost from the attendance grade (please inform the instructor to mark
you late and not absent - by the end of the lecture).
Assignments:
ü
HW 1 - Due 27 October
2008.
pdf
ü
HW 2 - Due 10 November 2008. pdf
ü
HW 3 - Due 17 November 2008. pdf
ü
HW 4 - Due 29 November 2008. pdf
ü
HW 5 - Due 12 January 2009. pdf
Quizzes:
Q Quiz 1 on Ch.1, Monday 27 October 2008. pdf
Q Quiz 2 on Ch.2 & 4, Monday 10 November 2008. pdf
Q Quiz 3 on Ch.8, Monday 29 December 2008. pdf
Q Quiz 4 on Ch.8 & 9, Monday 5 January 2009. pdf
Q Quiz 5 on Ch.11 & 12 & 19, Saturday 17 January 2009. pdf
Q Quiz 6 on Ch.21 & 22 & 23, Monday 26 January 2009. pdf
Lectures Topics:
·
Overview of Computer Security (Ch
1) pdf week1
o
Components: C I A; Threats; Policy &
Mechanism; Assurance; Operational Issues; Human Issues
·
Access Control (Ch 2, 14) pdf week2,3
o
o
Access
Control Mechanisms: Access control lists, Capabilities, Locks and keys,
Ring-based access control
·
Polices (Ch 4, 5, 6, 7) pdf weeks 4,5
o
Security
Policies: Authorized & Unauthorized, Secure system, C I A, Examples of
Security policy & Mechanism, 4-Types of policies, Trust, Types of Access
Control, E-Mail Policy
o
Confidentiality
Polices: BLP Model, Read/Write & Security Levels: Property & *Property
o
Integrity
Policies: 5 Requirements of Policies, 3 Principles of Operation, Biba Integrity
Model & Example, Clark-Wilson Integrity Model, Model Components: CDI, UDI,
IVP, TP & Rules
o
Hybrid
Polices: Chinese Wall (CW) Model, CD & COI classes, CW Example, CW-Simple
Security Condition, CW-*-Property, comparisons to other models
·
Cryptography I (Ch 8) pdf weeks 6,7,8
o
Basic
Cryptography: Crypto Terminologies, Attack means, Kerckhkoffs Principle, Crypto
services
o
Symmetric
Key Cryptography: Substitution (Caesar), Transposition, Enigma Machine,
Vigenere, Block (Hill), Vernam (one time pad)
o
Data Encryption Standard - DES, Rijndael: Advanced
Encryption Standard - AES
o
Random
Number Generation (RNG)
o
Asymmetric
Key Cryptography – RSA: Idea, Integer Factorization Problem, Algorithm, Key
generation, Examples: Encryption/Decryption, Digital Signature
o
Intro
on: Elliptic Curve Cryptography – ECC, Elliptic Curve Discrete Logarithm
Problem, ECC Encryption & Decryption, ECC Point Operations (graphical
analogy)
o
Cryptographic
Checksums, Collisions, HMAC
·
Cryptography II (Ch 9, 10) pdf weeks 9,10
o
Cipher
Techniques: Problems - Three Attacks simple examples
§
Cipher
types: Stream or block ciphers; Self-Synchronous Stream Cipher, Block Ciphers -
problem
Multiple Encryption Block Ciphers.
§
Networks
& Cryptography: Link vs end-to-end use, Examples: Privacy-Enhanced
Electronic Mail (PEM) - Design; Internet Protocol Security (IPSec): Modes –
Protocols
o
Key
Management: Key Distribution Problem: Key exchange, Session vs. interchange
keys
§
Classical,
public key methods, Cryptographic key infrastructure, Certificates,
man-in-middle attack, Digital Signatures attack
·
Authentication (Ch 11) pdf week 11
o
Basics,
Passwords: Generation, Storage, Guessing
§
Picking
good passwords, proactive password checking,
§
Defending
attacks: to storage - password salting, defending attacks as normal users –
four methods
o
Challenge-Response:
one time password, Hardware support, CAPTCHA
o
Biometrics,
Location, Multiple Methods
·
Secure Design Principles (Ch 12) pdf week
12
o
Least
Privilege, Fail-Safe Defaults, Economy of Mechanism, Complete Mediation, Open
Design, Separation of Privilege, Least Common Mechanism, Psychological
Acceptability
·
Malicious Logic (Ch 19) pdf week
12
o
Defining
malicious logic
o
Types:
Trojan horses, Computer viruses and worms
§
Other
types: Rabbits/Bacreria, Logic Bombs
o
Defenses
§
Characteristics,
Trust, Countermeasures, Anti-Virus Software
·
Auditing (Ch 21) pdf week 13
o
Definitions:
Logger, Auditing - Auditing System Structure: Logger, Analyzer, Notifier
·
Intrusion Detection (Ch 22) pdf week
14
o
History,
Goals; Types: Misuse, Anomaly, Specification; Source of Data: Network, Host
o
Agents,
Comparisons
·
Network Security (Ch 23) pdf week
15
o
Need & Situation; Security Policy &
Design : Classes (Data + User), simplified access control matrix
§
Type
of policies, consistency, interpretation
§ Network organization: DMZ, firewalls, proxy, applications of principles