COSC 352
Information Assurance
Spring 2002
4:15 - 5:30 Tuesday, Thursday
Reiss 112


Instructor: Clay Shields
Email:clay at cs dot georgetown dot edu
Phone: (202) 687-2004
Office: Reiss 222
Mailbox: Reiss 240
Office Hours: Wednesday, 2 -4, and by appointment

Description:

This course is intended to introduce students to means of assuring the confidentiality, integrity, and availability of information through mechanisms of technology, policy, and education. Topics will include: access control; authentication; security policies and enforcement; security design principles; malicious logic; vulnerability analysis; intrusion detection and response; audit; risk assessment; personnel and physical security; and legal, ethical, and social issues.

Prerequisites: COSC 173.

Texts:

This semester we will be using two different text books. One, available at the bookstore, is:

Practical Unix and Internet Security, 2nd Edition, by Garfinkel and Spafford.

While this is not the most current book out there, it is very comprehensive and could be a valuable reference for the future.

The second book has not yet been published, but we will be working with a pre-print that will be available on Blackboard. This book is:

Computer Security: Art and Science, by Matt Bishop.

Topics and Readings:

While I do not expect the material in this class to be difficult, there is quite a bit to cover. Readings in the Bishop book and the Garfinkel and Spafford book are listed with the topic. Additional readings will be given on particular topics during the semester; most will be available on-line. Students will also be expected to subscribe to the following two mailing lists for the semester:

Bugtraq:
This is a list that carries discussion of security problems of exisiting systems. It is relatively high volume, so I suggest that you subscribe to the digest version. The easiest way to do this is to send a blank e-mail
message to:

bugtraq-digest-subscribe@securityfocus.com

RISKS Digest:

This is a relatively low-volume mailing lists that carries discussions of the risks of computer error, misuse, and malfunction to humans and society. You may receive this any number of ways, through the web, through the newsgroup comp.risks, or by e-mail.

http://catless.ncl.ac.uk/Risks
 
Topic
Bishop
Garfinkel 
and Spafford
Other
Introduction to Information Assurance
1
1
Policy Issues
4, 5.1, 5.2, 7.1, 7.4
A
Physical and Personnel Security
12, 13
 
Cryptography Overview
9
6
Key Management
10
Identity and Authentication
12, 14
3, 4
Acess Control 
15
Malicious Code
18 
11
Confinement
17
Secure System Design and Implementation
13
23, 18(parts)
Audit and Integrity
20
9,10
TCP/IP Security
16, 17
Firewalls
21
Intrusion Detection
21
Denial of Service
25
Response to Attacks
24, 26
Vulnerability Analysis
19
Trust
27

Other readings:
 
A.  Georgetown University Computer Systems Acceptable Use Policy,  http://www.georgetown.edu/technology/use/

Projects:
 

Project
Due date
Educational module development Part 1: January 31st, in class
Part 2: February 12, in class (or before, by e-mail)
Crypto tools Due February 19, by e-mail, prior to class
Password  Protected File Due March 14th, by e-mail, prior to class.
Part 2 of Password Program Due April 2nd, by e-mail, prior to class.

Grading:
 
Homework and
Assigned projects:
25%
Individual Project 20%
Midterm
February 28,2002
25%
Final 30%