George Mason
University
Computer Science Department
Course Number: CS469
Course Title: Security Engineering
Instructor: Arun Sood
Office: Engineering 5327
Office Phone: 703-993-1524
Office Hours: Wednesday 2:00 to 2:45 PM.
E-mail: asood (at) gmu (dot) edu.
E-messages must include CS469 as the first 5 characters of the Subject line. Generally e-mail is good for clarifying or confirming information. I prefer short and precise messages, and you can expect similar responses. If you find that the reply is too terse, and requires clarification - do not hesitate to see the instructor. If you require more details, a face to face meeting is strongly recommended. E-mail is not a substitute for face to face meetings.
Course Text: Introduction to Computer Security: Matt Bishop.
Supporting Book: The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy: Patrick Engebretson
Pre-requisites: C or better in CS 330, CS 367, and STAT 344.. Students not satisfying the prerequisites will be dropped from the class.
Course Content:
Modern enterprise computers are constantly under attack. A number of devices and subsystems are deployed in the enterprise defense. This course covers the software sub-systems that are involved in defending computer systems. We will cover the threats, access control and identity management, network and system security, intrusion detection and recovery systems, monitoring and forensic systems.
This course will follow the text, although supplementary material will be required to cover some of the topics.
1. Security Challenges: Threat models
2. Access control systems
3. Security policies
4. Intro to basic crypto and key management
5. Identity management systems: Authentication, passwords, biometrics
6. Network security protocols: DNSSEC
7. System security: Host based defense: Virtualization and end point defenses.
8. Malicious logic: Vulnerability Analysis
9. Intrusion detection
10. Network security
11. Auditing
12. Resilience and intrusion tolerance
13. Designing Enterprise Security
Course Outcomes:
Students should be able to
Lecture Strategy
Your active participation in the class discussions is encouraged. The instructor is interested in encouraging participation of ALL the students, and any suggestions that will facilitate this effort are solicited.
At the beginning of each class a few minutes will be used to review market and technology trends that have a security implication. To show the connection between the lectures and existing architectures, students will be required to explore the internet and obtain information about commercial systems.
Homework
All homework must be prepared using a word processor.
Late Policy
Late homework will be accepted with a penalty of 20% per day within 3 days after deadlines and will not be accepted three days after due date, unless under prearranged conditions.
Grade
The grade will be computed on the following basis:
Exam I: 20%; Exam II: 20%; Final: 25%; Quizzes and Homework: 25%, and Class Participation : 10%.
Class Participation is recorded on a daily basis.
Tentative grade cut-offs: A >90%, B > 80%, C >65%, D >50%.
Exam Content
The exams in general will include questions relating to concepts, definitions, analysis and design. You are strongly urged to solve the problems at the end of each chapter. You should not be surprised to find some questions similar to these problems in the various exams.
Exams Schedule (Tentative):
Exam I: September 26; Exam II: October 31; Final: December 17 1:30 pm – 4:15 pm.
Last Class: December 5.
Columbus Day recess (Monday classes/labs meet Tuesday. Tuesday classes do not meet this week): October 8
Make - up exams are strongly discouraged.
Award of IN grade:
The IN grade policy as indicated in the catalog will be strictly adhered to. You must provide the necessary back-up documentation (e.g. medical certificate) for your application to be considered favorably. In all circumstances the written request, with all the back up documentation, must be received before the final exam week.
Honor Code
Honor Code procedures will be strictly adhered. Students are required to be familiar with the honor code. You must not utilize unauthorized material or consultation in responding to your tests. Violations of the honor code will be reported. Unless otherwise stated, homework assignments must be based on the student’s own effort.
Please be sure that you are aware of all
provisions of the GMU Honor Code
http://www.gmu.edu/catalog/apolicies/honor.html and Computer Science Department Honor Code
http://cs.gmu.edu/wiki/pmwiki.php/HonorCode/CSHonorCodePolicies
Office of Disability Services: http://ods.gmu.edu/ty
GMU Diversity Statement: http://cte.gmu.edu/Teaching_at_Mason/DiversityStatement.html
Here are some relevant links
How to Activate Your Memo Mail Account Using the Web
Client
How to Set Up Automatic Forwarding on Your Memo Mail
Account
Using the GMU MEMO E-mail from the WWW (new system)