Total Contact Hours

advertisement
1.
Title of subject
Computer Security
2.
Subject code
TMX 7053
3.
Status of subject
Elective
4.
Credit hour
3 (42 Hours of Lecture)
LAN Credit Hours Equivalence: 3.00
5.
Semester
Year 1, Module 3
6.
Pre-Requisite
TCO7010 Data Communications and Computer Networks
7. Methods of teaching
42 Hours of Lecture
8. Assessment
60% Coursework
40% Final Exam
Total 100%
Mr. Sethuramalingam . M .V
Mr. Asaad Abdallah Yuosof Malik Abusin
Mr. Md. Safi Uddin
9.Teaching staff (Proposed)
10. Objective of subject
To introduce students to concepts regarding computer security and
computer auditing by exploring common threats to computer
security, and means to encounter these problems in order to
construct a secure system.
11.Synopsis of subject
The major areas covered are fundamentals of computer auditing and
computer security, methods of defence, encryption and decryption,
protocols and practices in using encryption, protection in generalpurpose operating systems, designing trusted operating systems,
network and telecommunication security, database security and
auditing, and programming languages for computer security.
Bidang pengajian meliputi asas-asas pengauditan dan keselamatan
data, teknik-teknik keselamatan, penyulitan data, protokol
penyulitan data, perlindungan sistem pengendalian cakera, reka
bentuk sistem pengendalian cakera, keselamatan rangkaian dan
telekomunikasi, keselamatan dan pengauditan pengkalan data dan
bahasa pengaturcaraan untuk keselamatan komputer.
12. Learning Outcomes
By the end of the subject, students should be able to :
 Understand all the possible security weaknesses in
computer systems according to security goals.
 Study methods of defence for computer systems
 Learn different encryption/decryption methods, protocols
and practices.
 Understand the protective measures, security policies in
the operating systems,

Understand network security and database security
weaknesses and protective measures.
 Study network security programming concepts.
13.Details of subject
Topics Covered
1.
2.
3.
4.
5.
6.
Fundamentals of Computer Auditing and
Computer Security
What is Computer Auditing, Security Problems in
Computing [Characteristics of Computer
Intrusion, Kinds of Security Breaches, Security
Goals and Vulnerabilities, Plan of Attack]
Methods of Defence
System and Security Administration, System
Design, Hardware Security Auditing, Software
Security Auditing and Controls [Internal
Auditing, Practical Approach, Writing Simple
Auditing Programs]
Encryption and Decryption
Terminology and Background, Classical
Cryptography, Number Theory Applications to
Cryptography, Public Key Encryption Systems
[Merkle-Hellman Knapsacks, Rivest-ShamirAdelman Encryption], Symmetric Cryptography,
Data Encryption Standard
Using Encryption: Protocols and Practices
Protocols, Protocols to Solve Problems [Key
Distribution, Digital Signatures, Contract
Signing, Certified Mail, How to Use Encryption
[Amount of Secrecy, Key Management, Lost
(Revealed) Keys, Complexity to Encrypt,
Propagation of Errors, Size of Ciphertext
Protection in General-Purpose Operating
Systems
Protected Objects and Methods of Protection,
Protecting Memory and Addressing, protecting
Access to General Objects, File Protection
mechanisms, User Authentication
Designing Trusted Operating Systems
Definition of a Trusted System, Security Policies,
Models of Security, Design of Trusted Operating
Systems, Assurance in Trusted Operating
Systems, Implementation Examples
Hours
2
2
6
4
5
5
7.
8.
9.
14.Text
8
Network and Telecommunication Security
Threats in Networks, Detecting Threats [Security
Violation, Misrouted Data, Components Failure,
Signal Interception], Network Security Control,
Privacy Enhanced Electronic Mail, Firewalls,
Multilevel Security on Networks
8
Database Security and Auditing
Security Requirements, Inference Problem,
Multilevel Databases, Comparison of Database
and Operating System Access, Field Checks,
Change
Logs,
Integrity
Checks,
User
Authentication, Precision Checks, Access Control
Procedures, Proposals for Multilevel Security
2
Programming Languages for Computer
Security
Review of Basic Programming Concepts,
Examples of the Use of Programming
Languages and Libraries such as Java in Writing
Software for Computer Security
Purposes
Total Contact Hours
42
1. Cooper, J. A. , “Computer &
Communications Security”, McCompulsory
Graw Hill, 1989.
2. Deborah, R., “Computer Security
Basics”, O’Reilly & Associates, 1991.
3. Edward, A. “Fundamentals of
Computer Security”, Technology,
Prentice Hall, 1994.
1.
References
2.
3.
Forcht, K. A., “Computer Security
Management”, 1994.
Pfleeger, C. P., “Security in
Computing”, Prentice Hall, 1997.
Watne, D. A. and Turney, P. B. B.,
“Auditing EDP Systems”, 2nd edition,
Prentice-Hall, 1990.
Download