CMPS 4620 Network and Computer Security
Catalog Description
CMPS 4620 Network and Computer Security (4)
Fundamentals of network and computer security and information assurance. Topics covered include basic cryptography, authentication, access control, formal security policies, assurance and verification, trusted OS design, and network attacks. Methods to provide better security at both the system and network level will be presented, particularly with respects to risk analysis, cost-benefit analysis, and psychological acceptability. Ethics and legal issues related to security research will also be discussed. Prerequisite: CMPS 2020 with a C- or better and either CMPS 3620 or 3650
Prerequisites by Topic
Knowledge of a high-level programming language
TCP/IP networking
Familarity with the command-line environment
Units and Contact Time
4 semester units. 3 units lecture (150 minutes), 1 unit lab (150 minutes).
Type
Selected elective for CS
Required Textbook
Security Engineering, 2nd edition. Ross Anderson. Wiley, 2008. ISBN-13: 978-0-470-06852-6.
Recommended Textbook and Other Supplemental Materials
The full first edition of the textbook and selected portions of the second edition are available at the author's website: http://www.cl.cam.ac.uk/~rja14/book.html
Coordinator(s)
Melissa Danforth
Student Learning Outcomes
This course covers the following ACM/IEEE CS2013 (Computer Science) Body of Knowledge student learning outcomes:

CS-HCI/Human Factors and Security
CS-IAS/Foundational Concepts in Security
CS-IAS/Principles of Secure Design
CS-IAS/Defensive Programming
CS-IAS/Threats and Attacks
CS-IAS/Network Security
CS-IAS/Cryptography
CS-SP/Professional Ethics

ABET Outcome Coverage
The course maps to the following performance indicators for Computer Science (CAC/ABET):
3e. An understanding of professional, ethical, legal, security, and social issues and responsibilities.
3f. An ability to communicate effectively with a range of audiences.
3i. An ability to use the current techniques, skills, and tools necessary for computing practice.
Lecture Topics and Rough Schedule
WeekChapter(s)Topics
1Outside material Ethics of security research, Responsible disclosure, Legal foundations
2Chapter 5 Basics of cryptography, Historic ciphers, Block ciphers
3Chapter 5 Block chaining, DES and AES, Hash functions
4Chapter 5 Public key encryption, Uses of cryptography
5Chapters 2 and 3 Identity, Authentication, Secure authentication
6Chapters 2 to 4 Passwords, Access control
7Chapter 8 Bell-LaPadula model, Biba model, Lattice model
8Chapters 9 and 10 Conflict of interest model, Clark-Wilson model
9Chapter 22 Secure design, Trusted operating systems
10Chapters 22 and 23 Saltzer-Schroeder principles, Evaluation of OSes, Formal vs informal evaluation
11Chapter 23 Red Book, Green Book, British Criteria, Common Criteria
12Chapter 21 Network attacks, Types of malware
13Chapter 21 Vulnerability classification, Prevention and mitigation
14Chapter 21 Intrusion detection and prevention systems, Project presentations
15None Project presentations
Design Content Description
Not applicable to this course.
Prepared By
Melissa Danforth on 31 July 2014
Approval
Approved by CEE/CS Department on [date]
Effective Fall 2016