Instructor: Clay Shields
Email:clay at cs dot georgetown dot edu
Phone: (202) 687-2004
Office: Reiss 222
Mailbox: Reiss 240
Office Hours: Monday and Wednesday 2:15 - 3:30, Friday by appointment
This course is intended to introduce students to means of assuring the confidentiality, integrity, and availability of information through mechanisms of technology, policy, and education. Topics will include: access control; authentication; security policies and enforcement; security design principles; malicious logic; vulnerability analysis; intrusion detection and response; audit; risk assessment; personnel and physical security; and legal, ethical, and social issues.
Prerequisites: COSC 173.
This semester we will be using:
Practical Unix and Internet Security, 2nd Edition, by Garfinkel and Spafford.
While this is not the most current book out there, it is very comprehensive and could be a valuable reference for the future.
Topics and Readings:
While I do not expect the material in this class to be difficult, there is quite a bit to cover. Additional readings will be given on particular topics during the semester; most will be available on-line. Students will also be expected to subscribe to the following two mailing lists for the semester:
This is a list that carries discussion of security problems of exisiting systems. It is relatively high volume, so I suggest that you subscribe to the digest version. The easiest way to do this is to send a blank e-mail
This is a relatively low-volume mailing lists that carries discussions of the risks of computer error, misuse, and malfunction to humans and society. You may receive this any number of ways, through the web, through the newsgroup comp.risks, or by e-mail.
|Introduction to Information Assurance||
University Computer Systems Acceptable Use Policy
Practical Threat Analysis and Risk Management
|Physical and Personnel Security||
||Employment Background Checks|
|Identity and Authentication||
Password Security: A Case History
Observing Reusable Password ChoicesPasswords: The Weakest Link?
BiometricsImpact of Artificial "Gummy" Fingers on Fingerprint Systems
Body Check: Biometric Access Protection Devices and their Programs Put to the Test
to 0wn the Internet in Your Spare Time
Reflections on Trusting Trust
|Secure System Design and Implementation||
Smashing the Stack for Fun and Profit
Common Vulnerabilites and Exposures
Secure Programming for Linux and Unix Howto
Protecting sensitive data in memory
Protecting Passwords part 1, part 2
Preventing buffer overflows
|Audit and Integrity||
Weakness in the 4.2BSD Unix TCP/IP Software
A Simple Active Attack against TCP
Evasion, and Denial of Service
|Denial of Service||
do we mean by network denial of service?
|Response to Attacks||
Random other links:
Things that came up in class that you might like to read.
TiVo Thinks You Are Gay, Here's How to Set It Straight
to obscure any URL