| |
|
Introduction
- Course introduction (syllabus, policies, and projects)
- An overview of information
security: confidentiality, integrity, and availability
Cryptography
- Classical ciphers
- One-time Pad, Stream Ciphers
- Block Ciphers, Modes of using block
ciphers.
- Message Integrity: cryptographic
hash functions, Message Authentication Codes (MAC)
- Public key encryption
- Digital signatures
- Public key certificates and key agreement
Security Basics
- Authentication, access control, and audit
- Unix Security Basics
Web Application Security
- User authentication and session management
- Cross Site Scriting, Cross Site Request Forgery, SQL Injection
Software Security
- Software vulnerabilities: buffer overflow, format string bugs, integer overflow, race
conditions, etc.
- Secure programming
Malware
- Viruses, worms, rootkits, botnets
Access Control Theory
- Harrison-Ruzzo-Ullman
- Bell-LaPadula model
- Integrity protection models: Biba and Clark-Wilson
Access Control Practice
- Domain Type Enforcement and SELinux
- Usable Mandatory Integrity Protection and Information Flow Enhanced Discretionary Access Control
- Role-Based Access Control
Network Security
- TCP/IP security issues
- DNS security issues and defenses
- TLS/SSL
- Firewalls
- Intrusion detection and prevention systems
Other topics
- Database security
- Information hiding and covert channels
|