CSC 474/574 Information Systems
Room 250 Venture III (in Suite 243), Centennial Campus
ning (at) csc.ncsu.edu
hours: Tuesdays and Thursdays, 3:00 pm – 4:00 pm
will be able to :
1. State the basic concepts in information security,
including security policies, security models, and various security mechanisms.
2. Explain the basic number theory required for
cryptographic applications as well as various cryptographic systems.
3. Manually compute using Fermat's theorem,
Euler's theorem, Euclid's algorithm, extended Euclid's algorithm.
4. Manually encrypt/decrypt and sign/verify signatures
for small messages using RSA, Diffie-Hellman, and DSA algorithms.
5. State the requirements and mechanisms for
identification and authentication.
6. Explain and compare the various access control
policies and models as well as the assurance of these models.
7. State the characteristics of typical security
architectures, including multi-level security systems.
8. State the criteria of evaluating secure information
systems, including evaluation of secure operating systems and secure network
9. List the database security issues and solutions,
including models, architectures, and mechanisms for database security.
10. List network and distributed systems security issues
and solutions, including authentication, key distribution, firewalls, and
network security protocols.
11. State program security issues, including virus, worm,
and logical bombs.
12. State the basic concepts and general techniques in
security auditing and intrusion detection.
13. State the issues related to administration security,
physical security, and program security.
14. Determine appropriate mechanisms for protecting
information systems ranging from operating systems, to database management
systems, and to applications.
- Matt Bishop. Computer Security: Art and
Science. Addison-Wesley, 2003.
- Handouts (All handouts are accessible on-line)
- Sandhu, R.S. Lattice-based access control models, IEEE Computer, 26(11): 9 –19, Nov. 1993.
- Sandhu, R.S.; Coyne, E.J.; Feinstein, H.L.;
Youman, C.E. Role-based access
control models, IEEE Computer, 29(2): 38 –47, Feb. 1996.
- Brewer, D.F.C.; Nash, M.J. The Chinese Wall
Security Policy, In Proceedings of IEEE Symposium on Security and
Privacy, pages 206-214, 1989.
- E. Bertino, P. Samarati, and S. Jajodia, An
extended authorization model for relational databases, IEEE Trans. on
Knowledge and Data Engineering, 9(1):85-101, 1997.
- N. R. Adam and J. C. Wortmann. Security-control
methods for statistical databases: A com- parative study. ACM
Computing Surveys, 21(4):
515–556, December 1989.
- B. Mukherjee, L.T. Heberlein, and K.N. Levitt.
Network Intrusion Detection, IEEE Network, 8(3): 26-41, May 1994.
- RSA Data Security Inc., RSA Laboratories'
Frequently Asked Questions About Today's Cryptography, Version 4.1, 2000.
Accessible at http://www.rsasecurity.com/rsalabs/faq/index.html.
- A. J. Menezes, P. C. van Oorschot, and S. A.
Vanstone, Handbook of Applied Cryptography. CRC Press. ISBN:
Course Organization and Scope:
(Assume each lecture takes 75 minutes. The
following topics need 30 lectures (or 15 weeks).)
- Basic Security
Concepts (1 lectures)
policies, security mechanisms, assurance
and Its Applications (5 lectures)
- Basic number
- Secret key
- Public key
- Hash function
and Authentication (2 lectures)
concepts of identification and authentication
- Access Control
concepts of access control
access control and mandatory access control
- Chinese Wall
- Role based
- Mid-term Review: topics 1 - 4
- Assurance and
Evaluation of Secure Information Systems (2 lectures)
- Introduction to
Database Security (1 lectures)
requirements in databases
control and authorization in databases.
- Network and
Distributed Systems Security (5 lectures)
- Issues in
Network and Distributed Systems Security
to IPSEC, SSL, ISAKMP/Oakley, etc.
to Firewall, Virtual Private Network, Secure Email, etc.
- Program Security (Virus and
other malicious software) (2 lectures)
Auditing and Intrusion Detection
Security (2 lectures)
- Malicious logics
- Developing secure software
- Risk Analysis.
- Security Planning.
- Organizational Security
- Physical Security and Beyond (1 lecture)
- Physical security, TEMPEST, legal and ethical
issues in security, environmental issues, etc.
Schedule of Reading Assignments:
not specifically identified, the following chapters refer to those in the first
textbook. We refer to the second textbook as Abrams et al.
Topic 1: Chapter 1.
Topic 2: Chapters 2.4.1
– 2.4.4 in handout 8; Chapters 9, 10 and 11.
Topic 3: Chapter 12;
Chapters 2.2.2 and 2.2.5 in handout 7.
Topic 4: Chapters 2 – 7;
handouts 1 – 3.
Topic 5: Chapters 18,
19, and 21.
Topic 6: Handouts 4 and
Topic 7: Chapters 11.4,
26, and 27.
Topic 8: Chapters 22 and
Topic 9: Chapters 24 and
25; Handout 6.
Topic 10: Chapters 23.
Topic 11: TBD.
Schedule of homework due dates, quizzes and exams:
are 5 homework assignments and 2 exams. Quizzes are given in the form of pop
quizzes. Pop quizzes are adopted to encourage the students to study during the
non-exam weeks. The results of pop quizzes are not counted in the final grade.
- Homework 1: topics 1 and 2, due by week 5
- Homework 2: topic 3, due by week 7
- Homework 3: topic 4, due by week 9
- Homework 4: topics 5 – 7, due by week 11
- Homework 5: topics 8 – 10, due by week 13
- Mid-term exam: week 8
- Research project report: due by week 15
- Final exam: decided by the university.
- CSC 474: Assignments 20%,
midterm 40%, final 40%.
- CSC 574: Assignments 15%,
project 15%, midterm 35%, final 35%.
- The final grades are computed according to the
A+: >= 95%
A: >= 90% and <
A-: >= 85% and <
B+: >= 80% and <
B: >= 75% and <
B-: >= 70% and <
C+: >= 66% and <
C: >= 63% and <
C-: >= 60% and <
D+: >= 56% and <
D: >= 53% and <
D-: >= 50% and <
F: < 50%.
Policies on late assignments:
and project deadlines will be hard. Late homework will be accepted with a 10%
reduction in grade for each class period they are late by. However, once a
homework assignment is discussed in class, submissions will no longer be
accepted. All assignments must be turned in before the start of class on the
Policies on absences (excused and unexcused) and
scheduling makeup work:
The university policy on absences
will be enforced. See the university policy at the following URL.
students are responsible for discussing makeup exams if they miss exams
due to excused absence. The instructor will choose a mutually agreed date
and time for the makeup exam.
submission of homework assignments due to excused absences is not subject
to the policies on late assignments.
CSC 401, CSC 440.
university, college, and department policies against academic dishonesty will
be strictly enforced. You may obtain copies of the NCSU Code of Student
Conduct from the Office of Student Conduct, or from the following URL.
“Reasonable accommodations will be made for students with verifiable
disabilities. In order to take advantage of available accommodations, students
must register with Disability Service for Students at 1900 Student Health
Center, Campus Box 7509, 515-7653.
For more information
on NC State’s policy on working with students with disabilities, please see
Laboratory Safety or Risk Assumption: Not Applicable.
“Pass-through” Charges: Not applicable.