Fall 2021

Computer Security
INFSCI 2150 / TELCOM 2810
School of Computing and Information – University of Pittsburgh

Administration
Class Time: Thursdays at 6:00PM EST
Location: SCI Room 501
Instructor: Tyler Brooks
E-Mail: [email protected]
Office Hours: By appointment

Course Overview
This course covers fundamental issues and first principles of security and
privacy. The course will look at the security & privacy policies, models and
mechanisms related to confidentiality, integrity, authentication,
identification, and availability issues related to information and information
systems. Other topics covered include basics of cryptography (e.g., digital
signatures) and network security (e.g., intrusion detection and prevention),
risk management, security assurance and secure design principles, as well
as e-commerce security. Issues such as organizational security policy,
legal and ethical issues in security, standards and methodologies for
security evaluation and certification will also be covered.
Learning Objectives
- Recognize, analyze and evaluate security problems and challenges
in networks and systems.
- Apply knowledge to synthesize possible approaches to solve the
problems in an integrated way.
- Analyze and evaluate the fundamentals of security (and privacy)
policy models and mechanisms, and their need for different types of
information systems and applications
- Apply the basics of Cryptographic techniques and network security
for ensuring the basic security goals of security of information
systems.
- Recognize the various security issues/terminologies related to
software, networks and applications to show how they are interrelated
and available techniques and approaches to solve/tackle security
problems.
- Describe/identify the various social, legal and non-technical
dimensions of security and its relation to technical counterparts.

Prerequisites
* Students not sure about the required background should meet the instructor.
- TEL 2000, INFSCI 1070, or Equivalent Background; Instructor
Permission
- Basic knowledge of: operating systems, data structures, database
systems and networks.
- Basic mathematics: undergraduate mathematics, some knowledge
about mathematical logic, set notation, etc. These issues will be
reviewed in the course.
- Some experience programming in Java.
Textbook

* This textbook is available for free in the O’Reilly Online Library with a valid University
of Pittsburgh email address and password.
Computer Security: Art and Science 2nd Edition
by Matt Bishop
ISBN-13: 978-0321712332
ISBN-10: 0321712331

Other Reference Material

* Some of these are available online for free
- Security in Computing, 5th Edition
Charles P. Pfleeger, Prentice Hall
- Security Engineering: A Guide to Building Dependable Distributed
Systems, 2nd Edition
Ross Anderson, Wiley, John & Sons, Incorporated
- Practical Unix and Internet Security
Simon Garfinkel and Gene Spafford (Online)
- Additional readings will be provided throughout the course

Grading
Labs … 15%
Readings … 10%
Homework … 20%
Quizzes … 10%
Programming Project … 15%
Midterm + Final Exam … 30%
Course Outline
Security/Privacy Basics
General overview and definitions
Security models and policy issues
Privacy models/policies

Basic Cryptography and Network security

Introduction to cryptography and classical cryptosystem
Authentication protocols and Key Management, IPSec, VPNs, etc.

Systems Design Issues and Information assurance

Security Mechanisms
Auditing Systems
Risk analysis
System verification and evaluation

Intrusion Detection and Response

Attack Classification and Vulnerability Analysis
Detection, Containment and Response/Recovery

Legal, Ethical Issues

Information Privacy and Data Anonymization

K-Anonymity and L-Diversity

Overview of Miscellaneous Issues

Malicious code
Social Network and Location-Based Privacy
 Schedule

Week / Date Topic

Week 1 Introduction and Overview

Sep 2, 2021 Why Information Security?
Common Terminology
Considerations When Implementing Security
Secure Design Principles

Related Chapters: 1, 14
Introduce Yourself! Assigned

Week 2 Access Control Models

Sep 9, 2021 Foundational Unix Security
Foundational Windows Security
Trusted Operating Systems
Math Review
Mathematical Induction

Related Chapters: 2, 16
Homework 1 Assigned
Lab 1 Assigned

Week 3 Protection Systems

Sep 16, 2021 Decidable Security

Related Chapters: 3
Quiz 1
Reading Assignment 1
Homework 2 Assigned

Week 4 Security Policies

Sep 23, 2021 Types of Access Control
Confidentiality Policies & Tranquility
Integrity Policies
Chinese Wall Model

Related Chapters: 4 ,5, 6, 8

Lab 2 Assigned
 Week 5 Secure Information Transmission
Sep 30, 2021 Fundamental Cryptographic Mathematics
Basic Cipher Systems
Attacking Classical Cryptosystems
One-Time Pads

Related Chapters: 10
Homework 3 Assigned

Week 6 Computational Feasibility

Oct 7, 2021 Data Encryption Standard
Public Key Cryptography
Cryptographic Checksums

Related Chapters: 10
Quiz 2

Week 7 Key Exchange Protocols

Oct 14, 2021 Kerberos
Digital Certificates
Digital Signatures
Transport Layer Security
IPSec

Related Chapters: 11, 12

Reading Assignment 2

Week 8 Midterm Exam

Oct 21, 2021

Week 9 No Class
Oct 28, 2021
Programming Project Assigned

Week 10 Authentication Systems

Nov 4, 2021 Vulnerabilities
Vulnerability Classification Schemas
Risk Analysis
Cyber Legislation
Ethics

Related Chapters: 13, 24

 Week 11 Physical Security
Nov 11, 2021 Privacy
Data Anonymization
Privacy in Location-Based Services
Privacy in Social Networks

Reading Assignment 3

Week 12 Viruses
Nov 18, 2021 Worms
Advanced Malware
Social Engineering

Related Chapters: 23
Quiz 3
Homework 4

Week 13 String Vulnerabilities

Dec 2, 2021 Buffer Overflow
Race Conditions
SQL Injection
Cross-site Attacks

Week 14 Intrusion Detection

Dec 9, 2021 Intrusion Response
Auditing
Firewalls
Network Security Mechanisms

Quiz 4

Week 15 Final Exam

Dec 16, 2021
Academic Integrity
Students in this course will be expected to comply with the University of Pittsburgh’s Policy
on Academic Integrity. Any student suspected of violating this obligation for any reason
during the semester will be required to participate in the procedural process, initiated at the
instructor level, as outlined in the University Guidelines on Academic Integrity. This may
include, but is not limited to, the confiscation of the examination of any individual suspected
of violating University Policy. Furthermore, no student may bring any unauthorized materials
to an exam, including dictionaries and programmable calculators .To learn more about
Academic Integrity, visit the Academic Integrity Guide for an overview of the topic. For hands
on practice, complete the Understanding and Avoiding Plagiarism tutorial.

Disability Services
If you have a disability for which you are or may be requesting an accommodation, you are
encouraged to contact both your instructor and Disability Resources and Services (DRS),
140 William Pitt Union, (412) 648-7890, [email protected], (412) 228-5347 for P3 ASL
users, as early as possible in the term. DRS will verify your disability and determine
reasonable accommodations for this course.

Accessibility
The Canvas LMS platform was built using the most modern HTML and CSS technologies,
and is committed to W3C's Web Accessibility Initiative and Section 508 guidelines. Specific
details regarding individual feature compliance are documented and updated regularly.

Copyright Notice
These materials may be protected by copyright. United States copyright law, 17 USC section
101, et seq., in addition to University policy and procedures, prohibit unauthorized
duplication or retransmission of course materials. See Library of Congress Copyright Office
and the University Copyright Policy.