George Mason University
Computer
Science Department
Course Number: CS469
Course Title: Security Engineering
Course Time: Thursday 4:30 to 7:10 pm
Room: Merten Hall 1200
Instructor: Arun Sood
Office: Engineering 5327
Office Phone: 703-993-1524
Office Hours: Thursday 3:00 to 4:15 PM.
E-mail: asood (at) gmu (dot) edu.
E-messages must include CS469 as the first 5
characters of the Subject line. Generally e-mail is good for clarifying
or confirming information. I prefer short and precise messages, and
you can expect similar responses. If you find that the reply is too terse, and
requires clarification - do not hesitate to see the instructor. If you require
more details, a face to face meeting is strongly recommended. E-mail is not a
substitute for face to face meetings.
\Course Text: Introduction to Computer Security By: Matt Bishop. You
can read this FREE through GMU's Safari
Online
Supporting
Book The Art of Intrusion: The
Real Stories Behind the Exploits of Hackers, Intruders and Deceivers By: Kevin D. Mitnick; William L. Simon.
You can read this FREE through GMU's Safari
Online
Catalog description:
Covers the software subsystems that are involved in defending computer systems.
Studies threats and architecting solutions against them, including but not
limited to access control and identity management, network and system security,
intrusion detection and recovery systems, monitoring and forensic systems.
Senior Computer Science Elective
Pre-requisites: C or better in CS 330, CS 367, and STAT 344.. Students not satisfying the prerequisites will be
dropped from the class.
Course Content:
Modern enterprise computers are constantly under attack. A number
of devices and subsystems are deployed in the enterprise defense. This
course covers the software sub-systems that are involved in defending computer
systems. We will cover the threats, access control and identity
management, network and system security, intrusion detection and recovery
systems, monitoring and forensic systems.
This course will follow the text, although supplementary
material will be required to cover some of the topics.
1. Security Challenges: Threat
models
2. Access control systems
3. Security policies
4. Intro to basic crypto and key
management
5. Identity management systems: Authentication,
passwords, biometrics
6. Network security protocols:
DNSSEC
7. System security: Host based
defense: Virtualization and end point defenses.
8. Malicious logic: Vulnerability
Analysis
9. Intrusion detection
10. Network security
11. Auditing
12. Resilience and intrusion
tolerance
13. Designing Enterprise Security
14. Legal, ethical and social issues
Course
Outcomes:
Students
should be able to
Lecture
Strategy
Your
active participation in the class discussions is encouraged. The instructor is
interested in encouraging participation of ALL the students, and any
suggestions that will facilitate this effort are solicited.
At
the beginning of each class a few minutes will be used to review market and
technology trends that have a security implication. To show the connection
between the lectures and existing architectures, students will be required to
explore the internet and obtain information about commercial systems.
Homework
All
homework must be prepared using a word processor.
Late
Policy
Late
homework will be accepted with a penalty of 20% per day within 3 days after
deadlines and will not be accepted three days after due date, unless under
prearranged conditions.
Grade
The
grade will be computed on the following basis:
Exam
I: 20%; Exam II: 20%; Final: 25%; Quizzes and Homework: 25%, and Class
Participation: 10%.
Class
Participation is recorded on a daily basis.
Tentative grade cut-offs: A >90%,
B > 80%, C >65%, D >50%.
Grade Appeal
Policy:
If you feel you deserve a better grade on an assignment or exam, you can appeal
your grade in writing. Written grade appeals will only be accepted within 7
days of you receiving the grade. The appeal should clearly explain why you feel
you deserve a higher grade. I will never lower your grade due to an appeal, but
I may or may not raise your grade depending on your justification.
Exam Content
The exams in general will include questions relating to concepts, definitions,
analysis and design. You are strongly urged to solve the problems at the end of
each chapter. You should not be surprised to find some questions similar to
these problems in the various exams.
Exams Schedule (Tentative):
Exam 1: March 7; Exam 2: April 25, Final: May 9: 4:30 – 7:15 pm
Last Class: May 2.
Spring Break – March 11 to March 17
School Calendar http://registrar.gmu.edu/calendars/
Make - up exams are
strongly discouraged.
There will be
several short quizzes.
Award of IN
grade:
The IN grade policy as indicated in the catalog will be strictly adhered to.
You must provide the necessary back-up documentation (e.g. medical certificate)
for your application to be considered favorably. In all circumstances the
written request, with all the back up documentation,
must be received before the final exam week.
Honor Code
Honor Code procedures will be strictly adhered. Students are required to be
familiar with the honor code. You must not utilize unauthorized material or
consultation in responding to your tests. Violations of the honor code will be
reported. Unless otherwise stated, homework assignments must be based on the
student’s own effort. Information on the university honor code can be found here. In addition to the GMU
Honor Code, students in Computer Science courses must adhere to the Computer Science policies described on this wiki page.
Similarity detection software may be used to assist me in finding honor code
violations, should they occur.
Links to the
University Catalog and the University Policies website:
University Catalog: http://catalog.gmu.edu/
University Policies: http://universitypolicy.gmu.edu/