CSC 421 COURSE COMPACT
Course Code:
Course Title:
Status:
Course Unit:
CSC 421
Computer Security
Compulsory
2
Contact Details
Two hours’ lectures per week for 15 weeks (30 hours)
Lecturer’s Data
Name: Dr. D.T. Akomolafe
Qualification: PhD
College: College of Science and Engineering (Adjunct)
Email: dtakomolafe@yahoo.com
Fridays: 11am-1pm
Lecture period:
Course Outline
Introduction: Objectives, privacy and ethics, risk analysis in computer security, threats and
security, security measures, physical protection (natural disaster, physical facility, access
control), hardware and software security control, viruses (trojan horses, worms and logic
bomb), encryption and cryptography techniques. Developing Secured Computer System:
External security measures, issue, security models (specification and verification, Bell and
LaPadulla Model, Clark-Wilson Model, Goguen-Meseguer, TCSEC), discretionary access
requirements, mandatory access requirements, user authentication, access and information
flow control, auditing and intrusion detection, damage control and assessment, microcomputer
Security. Network and Telecommunication Security: Fundamentals, issue, objective and threats,
security services, distributed system security, trusted network interpretation, TNI security
services, AIS interconnection issues, firewalls-gateways, application, cost and effectiveness.
Database Security: Security requirements to Databases, designing the security, methods of
protection, security of multilevel Database. Legal Issue and Current Legislation: Computer
crime, software violation, crimes, privacy considerations, corporate policy, managerial issues,
government-based security standards.
Description
Nowadays, many organizations and companies rely heavily on information systems to ensure
that they work effectively and efficiently at any given time. Additionally, Information and
Communication Technologies (ICTs) are increasingly intertwined in our daily activities. Some of
these ICT systems, services, networks and infrastructures form a vital part of the economy and
society, either by providing essential goods and services or constituting the underpinning
platform of other critical infrastructures. Often, ICT systems are part of critical information
infrastructures where their disruption or destruction would have a serious impact on vital
societal functions. Often, security breaches were performed by competitors and insiders,
especially former employees. Further more, cyber criminals are also increasing their efforts to
1
steal sensitive corporate data and information. Criminals are daily devising sophisticated means
to take advantage of employees, new technologies and software vulnerabilities.
Consequently, this course covers fundamental issues and first principles of security that are
capable of making attacks impossible. The course will look at the security policies, models and
mechanisms related to confidentiality, integrity, authentication, identification, and availability
issues related to information.. Other topics covered include basics of cryptography (e.g., digital
signatures), Developing Secured Computer System, and network security (e.g., intrusion
detection and prevention), risk management, and secure design principles. It will also cover
topics in network and telecommunication security and database security. Issues such as
organizational security policy, legal and ethical issues in security, standards and methodologies
for security evaluation and certification will also be covered.
Justification
Computer security is an emerging field of computer science and engineering with a
concentration on the security issues in computer systems. Computer Security is gaining
prominence due to an increase in criminal activity affecting computer systems. ICT systems are
part of critical information infrastructures where their disruption or destruction would have a
serious impact on corporate organizations. Their multiplier effects are better imagined than
experienced.Also, with the advent of networks and expansion of cyber space, security and trust
have become a central challenge in computation and in information systems.Security breaches
can have dire consequences both in financial and societal terms, therefore, securing the
systems is of utmost importance. This applies both to the containment of everyday risks such as
the failure of individual components and to the prevention of malicious attacks from outside
the systems. This course will provide an overview of the crucial concepts and techniques of
securing our systems either as a standalone or in network
Course Objectives
By the end of this course, students will be able to:
a. State the basic concepts in information security, including security policies, security
models, and security mechanisms.
b. Explain concepts related to applied cryptography, including plain-text, cipher-text, the
four techniques for crypto-analysis, symmetric cryptography, asymmetric cryptography,
digital signature, message authentication code, hash functions, and modes of encryption
operations.
c. Explain the concepts of malicious code, including virus, Trojan horse, and worms and
common vulnerabilities in computer programs
d. Outline the requirements and mechanisms for identification and authentication and
discuss issues about password authentication, including dictionary attacks (password
guessing attacks), password management policies, and one-time password mechanisms.
2
e. Compare security mechanisms for conventional operating systems, including memory,
time, file, object protection requirements and techniques and protection in
contemporary operating systems and identify the requirements for trusted operating
systems
f. Describe security requirements for database security, and describe techniques for
ensuring database reliability and integrity, secrecy, inference control, and multi-level
databases.
g. Describe threats to networks, and explain techniques for ensuring network security,
including encryption, authentication, firewalls, and intrusion detection.
Prerequisites
Basic knowledge of operating systems, data structures, database systems and networks.
Course Delivery Method
Lectures, individual assignments and group presentation
Evaluation Components
Students must attend classes regularly and punctually too, read the assigned reading before
class and participate in class discussions and presentations. The course will be graded as follows
at the end of semester.
o
o
o
o
10% Group presentations,
5%class participation and attendance
15% Continuous Assessments
70% Final Exam
Week 1-2
Security Basics
Objectives
Present general overview of computer security
Understand some basic definitions and some related terms
Week 3-5
Threats and security,
3
Objectives
Explain threats, disasters and the component of threats
Identify and explain security measures
Discuss hardware and software protections
Week 6
Continuous assessment Test
Objective
To test student knowledge on what they have been taught so far
Week 7-9
Basic Cryptography and Network security
Objectives
Explain authentication, protocols and key management
Discuss and illustrate encryption and cryptography technique
Week 10
Presentations
Objective
To test students’ knowledge on some basic concepts and principles of Security
Week 11-13
Developing Secured Computer System
Objectives
Discuss design principles
Explain Security Mechanisms
Understand the concept of Auditing Systems
Explain Risk analysis
Get used to System verification and evaluation
4
Week 14 – 15
Network and Telecommunication Security
Objectives
Identify and explain Network threats such as eavesdropping, spoofing, modification, denial of
service attacks
Explain network security techniques: firewalls
Discuss Intrusion Detection and Response
Text books
i. Charlie Kaufman, Radia Perlman and Mike Speciner, Network Security (Prentice Hall
2002, 2nd ed.)
ii.
ColinBoyd and Anish Mathuria, Protocolsfor Authentication and Key
Establishment(Springer 2003)
iii.
Charles P. Pfleeger and Shari L. Pfleeger. Security in Computing (3rd edition). PrenticeHall.2003.
iv. Computer Security: Art and Scienceby Matt Bishop (ISBN: 0-201-44099-7), AddisonWesley 2003
5