MET CS 654, Network and Software Security, Fall 2003

MET CS 654 C1 - Network and Software Security - Fall 2003
(Wednesday, Main Campus, General Classroom Building 206, 750 Commonwealth Ave, 6:00-9:00 PM)

Instructors

Suresh Kalathur, Ph.D., E-mail: kalathur@bu.edu URL: http://people.bu.edu/kalathur
Lubomir T. Citkusev, Ph.D. E-mail: LTC@bu.edu
Tanya Zlateva, Ph.D. E-mail: zlateva@bu.edu

Textbooks & Resources

Dieter Gollmann, Computer Security, John Wiley, 1999, Reprinted 2002. ISBN: 0 471 97844 2 (Required)
Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd Edition, Prentice Hall PTR, 2002. ISBN: 0-13-046019-2 (Required)
William Stallings, Network Security Essentials, 2nd Edition, Prentice Hall, 2003. ISBN: 0-13-035128-8 (Reference)
Charles P. Pfleeger, and Shari L. Pfleeger, Security in Computing, 3rd Edition, Prentice Hall PTR, 2003. ISBN: 0-13-035548-8 (Reference)

CourseInfo Web Page

All course materials will be posted using BU's CourseInfo site. This requires all students to have an account with the BU computer system. Click here for instructions if you require an account.
Click here to enter CourseInfo site for this course.

Course Overview

The course provides an in-depth presentation of security issues in computer networks, systems and applications. Internet and intranet topics include security in IP, routers, proxy servers, and firewalls, application-level gateways, Web servers, file and mail servers. Discussion of remote access issues, such as dial-up servers, modems, VPN gateways and clients. Operating System security covers Unix and Windows OS security model, memory protection, access control and authentication, file system security, backup and recovery management, intrusion and virus protection mechanisms. Application level security focuses on language level security and various security policies; conventional and public keys encryption, authentication, message digest and digital signatures and their implementations with Java APIs.
There will be at least six assignments and three in-class exams.

Student Academic Conduct Code

Course Schedule (Tentative)

#

Date

Lecture

Notes

OS Security (Prof. Kalathur)

1 9/3 Introduction, Buffer Overflow Vulnerabilities

2 9/10 Protection in General Purpose Operating Systems (Access control lists, file protection, authentication, etc.) HW1 Assigned

3 9/17 Designing Trusted Operating Systems (Security policies, security models, assurance, examples); Unix/Linux Security HW2 Assigned

4 9/24 Unix/Linux Security (cont), Windows Security HW1 Due

5 10/1 Distributed Systems Security, Exam1 (OS Security) HW2 Due; 2 Hour in-class exam covering OS Security

Network Security (Prof. Citkusev)

6 10/8 Overview of Network Security. Authentication Systems.

7 10/15 Security Standards. Kerberos. Public Key Infrastructure. IPsec. SSL/TLS HW3 Assigned

8 10/22 Electronic Mail Security. PEM, S/MIME. PGP

9 10/29 Web Security. Firewalls. Network Management Security OPNET Lab Report Due

10 11/5 Exam2 (Network Security) -

Application Level Security (Prof. Zlateva)

11 11/12 Language Level Security (Security policies and permissions, access control, secure class loading, security management, Java security architecture) -

12 11/19 Cryptographic Elements (encryption, conventional and public key) -

13 12/3 Message Digest and digital signature (Implementation with Java APIs) -

14 12/10 Key Management (Implementation with Java APIs) -

15 12/17 Exam3 (Application Level Security) -

Course Grading
The actual grade will be determined based on the performance in the home works and the three exams.