MET CS 654, Network and Software Security, Spring 2004

MET CS 654 D1 - Network and Software Security - Spring 2004
(Thursday, Main Campus, SMG 240, 595 Commonwealth Ave, 6:00-9:00 PM)

Instructors

Suresh Kalathur, Ph.D., E-mail: kalathur@bu.edu URL: http://people.bu.edu/kalathur
Lubomir T. Citkusev, Ph.D. E-mail: LTC@bu.edu
Tanya Zlateva, Ph.D. E-mail: zlateva@bu.edu

Textbooks & Resources

Dieter Gollmann, Computer Security, John Wiley, 1999, Reprinted 2002. ISBN: 0 471 97844 2 (Required)
Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd Edition, Prentice Hall PTR, 2002. ISBN: 0-13-046019-2 (Required)
William Stallings, Network Security Essentials, 2nd Edition, Prentice Hall, 2003. ISBN: 0-13-035128-8 (Reference)
Charles P. Pfleeger, and Shari L. Pfleeger, Security in Computing, 3rd Edition, Prentice Hall PTR, 2003. ISBN: 0-13-035548-8 (Reference)

CourseInfo Web Page

All course materials will be posted using BU's CourseInfo site. This requires all students to have an account with the BU computer system. Click here for instructions if you require an account.
Click here to enter CourseInfo site for this course.

Course Overview

The course provides an in-depth presentation of security issues in computer networks, systems and applications. Internet and intranet topics include security in IP, routers, proxy servers, and firewalls, application-level gateways, Web servers, file and mail servers. Discussion of remote access issues, such as dial-up servers, modems, VPN gateways and clients. Operating System security covers Unix and Windows OS security model, memory protection, access control and authentication, file system security, backup and recovery management, intrusion and virus protection mechanisms. Application level security focuses on language level security and various security policies; conventional and public keys encryption, authentication, message digest and digital signatures and their implementations with Java APIs.
There will be at least six assignments and three in-class exams.

Student Academic Conduct Code

Course Schedule (Tentative)

#

Date

Lecture

Notes

Application Level Security (Prof. Zlateva)

1 1/15 Language Level Security (Security policies and permissions, access control, secure class loading, security management, Java security architecture) -

2 1/22 Cryptographic Elements (encryption, conventional and public key) -

3 1/29 Message Digest and digital signature (Implementation with Java APIs) -

4 2/5 Key Management (Implementation with Java APIs) -

5 2/12 Exam1 (Application Level Security) -

OS Security (Prof. Kalathur)

6 2/19 Introduction, Buffer Overflow Vulnerabilities

7 2/26 Protection in General Purpose Operating Systems (Access control lists, file protection, authentication, etc.) -

8 3/4 Designing Trusted Operating Systems (Security policies, security models, assurance, examples); Unix/Linux Security -

9 3/18 Unix/Linux Security (cont), Windows Security -

10 3/25 Distributed Systems Security, Exam2 (OS Security) -

Network Security (Prof. Citkusev)

11 4/1 Overview of Network Security. Authentication Systems.

11 4/8 Security Standards. Kerberos. Public Key Infrastructure. IPsec. SSL/TLS

13 4/15 Electronic Mail Security. PEM, S/MIME. PGP

14 4/22 Web Security. Firewalls. Network Management Security

15 4/29 Exam3(Network Security) -

Course Grading
The actual grade will be determined based on the performance in the home works and the three exams.