ISS
Information Systems Security
Objectives
Provide students with skills in identifying and estimate risks associated to the components of a computer system. Implement security perimeters and appropriate corrective measures to adequately mitigate the risk. Recognize the core skills and good-practices for security in system administration. Provide students with skills in modeling and mapping security requirements at the various stages of the information lifecycle and the systems supporting it. Recognize common programming failures that lead to security vulnerabilities, and development practices leading to increased security. To establish the security of a system with respect to a security model (security properties/adversarial model). To select cryptographic techniques and protocols to achieve different security requirements
Program
Security concepts: properties, vulnerabilities, models, risks, attacks and controls. Access control: identification, authentication, authorization, structures and reference monitor. Operating system security: resource protection, hardening and restricted execution environments. Network security: secure architectures and defense mechanisms. Services and application security: common errors, good-practices, sandboxing and virtualization. Cryptography and information security: terminology, elementary concepts and security models. Symmetric cryptography: stream and block ciphers, one-way functions; MACs. Asymmetric cryptography: key agreement; public-key ciphers; digital signatures; public-key certificates.
Bibliography
Dieter Gollmann. 2011. Computer Security (3rd Edition). John Wiley & Sons, Inc., New York, NY, USA. Charles P. Pfleeger, Shari Lawrence Pfleeger, and Jonathan Margulies. 2015. Security in Computing (5th Edition). Prentice Hall Press, Upper Saddle River, NJ, USA. Ross Anderson. 2010. Security Engineering: A Guide to Building Dependable Distributed Systems (2nd Edition). Wiley (https://www.cl.cam.ac.uk/~rja14/book.html). Secure Programming for Linux and Unix HOWTO, by David Wheeler, (http://www.dwheeler.com/secure-programs/). Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. 2001. Handbook of Applied Cryptograph. CRC Press. (http://cacr.uwaterloo.ca/hac/). Katz-Lindell. 2007. Introduction to Modern Cryptography, CRC Press. รง