Rutgers The State University of New Jersey
GSM

Information Security
26:198:685

Fall 2008
Thursdays 1:00 - 3:50pm, Room ENG 213

Instructor Prof. Vijay Atluri

Office

: 200R Ackerson Hall (Newark)
Office Hours : Thursdays 11:00 - 12:30pm and by appointment
Telephone: 973-353-1642
Fax: 973-353-5003
E-mail: atluri at rutgers dot edu
Homepage: http://cimic.rutgers.edu/~atluri

Call 973-353-1766 or 732-932-1766 for Official University/Campus closings due to inclement weather

Course Description: Recent years have witnessed widespread use of computers and their interconnecting networks. This demands additional computer security measures to protect the information and relevant systems. This course prepares the students to meet the new challenges in the world of increasing threats to computer security by providing them with an understanding of the various threats and countermeasures. Specifically, students will learn the theoretical advancements in information security, state-of-the-art techniques, standards and best practices. In particular, the topics covered in this course include: Study of security policies, models and mechanisms for secrecy, integrity and availability; Operating system models and mechanisms for mandatory and discretionary controls; Data models, concepts and mechanisms for database security. Basic cryptology and its applications; Security in computer networks and distributed systems; Identity threat; Control and prevention of viruses and other rogue programs.

Text Book:

  1. Matthew Bishop, Introduction to Computer Security, Addison-Wesley 2004

Reference Books:

  1. Charlie Kaufman, Radia Perlman and Mike Speciner, ``Network Security: Private Communication in a Public World,'' Prentice-Hall, 1995.
  2. Silvana Castano, Mariagrazia Fugini, Giancarlo Martella, and Pierangela Samarati, ``Database Security,'' Addison-Wesley, Reading, MA, 1994.
  3. Plus selected readings

Other sources:

  1. The DBLP Bibiliography An Excellent source for the Research materials in the Database area
  2. Reserch index in the Computer science area
Related Journals and Conferences:
  1. ACM Conference on Computer and Communications Security
  2. IEEE Symposium on Security and Privacy
  3. ACM Symposium on Access Control Models and Technologies
  4. IFIP WG11.3 Working Conference on Data and Application Security
  5. Annual Computer Security Applications Conference
  6. Computer Security Foundations Workshop
  7. ACM Transactions on Information Systems Security
  8. IEEE Transactions on Secure and Dependable Systems
  9. Journal of Computer Security
  10. Computers and Security

Expected Work:

Research Paper and Presentation 50%
Mid term Examination 25%
Final Examination 25%

Tentative Schedule:

Sept 4

Basic Security Concepts
  • Lecture Notes
  • Chapter 1
  • ITPRC.COM The Information Technology Professional's Resource Center
  • Security Tutorials Online
  • CERT

    Sept 11

    Introduction to Cryptography, Secret Key and Public Key Cryptography
  • Lecture Notes
  • Chapters 8 and 9
  • Chapter 4, and chapters 2,3 and 5 from reference book 1.
  • Cryptography FAQ
  • Introduction to Cryptography - 2
  • Demonstration for RSA Cryptography using JavaApplet.
  • AES: The New encryption standard selected by the US govt

    Sept 18

    Digital Signatures and Certificates
  • Chapter 10
  • A nice introduction to digital signatures
  • Article on Elliptic Curve Cryptography

    Sept 25

  • Identification and Authentication
  • Research Paper Title and Outline due
  • Chapters 11
  • Lecture Notes
  • Article on Biometrics
  • Article on Kerberos

    Oct 2

    Internet Security
  • Lecture Notes
  • CyberCop Research Center
  • TCP SYN Flooding and IP Spoofing
  • You will find more information on the attacks at CERT

    Oct 9,16

    Securiy Models
  • Chapters 2,3,4
  • Lecture Notes
  • "M.A. Harrison, W.L. Ruzzo, and J.D. Ullman: Protection in Operating Systems. CACM, August 1976.
  • Access Control: Principles and Practice, Ravi Sandhu & P. Samarati, IEEE Communications, Volume 32, Number 9 /September 1994
  • Lattice-Based Access Control ModelsRavi Sandhu, IEEE Computer, Volume 26, Number 11 (Cover Article) November 1993
  • "D.F.C. Brewer and M.J. Nash: "The Chinese Wall Security Policy", in Oakland'1989
  • "R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-Based Access Control Models. IEEE Computer, 29(2):38--47, February 1996.
  • "D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information Systems Security, 2001.
  • Database Security
  • Chapters 14,15
  • Lecture Notes
  • Database Security -- Concepts, Approaches, and Challenges Elisa Bertino and Ravi Sandhu, IEEE Transactions on Dependable and Secure Computing, Vol. 2, NO. 1, January-March 2005
  • A chapter from "Multilevel secure transaction processing," Kluwer Academic Publishers, by V.Atluri, S. Jajodia and B. George

    Oct 23

  • Mid-term examination
  • Research paper discussions

    Oct 30

  • Privacy Preserving Data Mining, Guest Lecture by Jaideep Vaidya
  • Research Paper Due

    Nov 6

  • Intrusion Detection

    Nov 13

    • Research Paper Presentations

    Nov 20

    • Research Paper Presentations

    Nov 25

    Research Paper Presentations

    Dec 4

    Research Paper Presentations

    Dec 11

    No Class, Reading Day

    Dec 18

    Final Examination

    Topics for the Research paper include:

    1. Authorization Models for New Application domains
    2. Role-based Access Control
    3. Inference Control
    4. Security in Electronic Commerce
    5. Security in WWW
    6. Security for Mobile Systems
    7. Intrusion Detection
    8. Security for Web services
    9. Biometrics
    10. Privacy
    11. Privacy preseving data sharing and mining
    12. Security of Statistical Databases
    13. Viruses
    14. Computer Ethics
    15. Spam and Phishing
    16. Identity theft
    17. .....