Date
|
Lecture No.
|
Slides |
Readings |
| 8/24/07 |
Lecture 1 |
Introduction to Information Assurance
(
pdf)
|
"Security in Computing" (SC) Chapter 1 |
| 8/29/07 |
Lecture 2 |
Security planning and risk analysis
(pdf)
|
SC Chapter 8.1 and 8.2.
|
| 8/31/07 |
Lecture 3 |
Enigma movie
|
Link to movie will be posted to newsgroup.
|
| 9/5/07 |
Lecture 4 |
First half will be a presentation from David Madeo, VP of Application
Infrastructure from Morgan Stanley, on practical issues
they deal with for identity management.
The second half of the lecture time will be on
Classical Cryptographic methods
(pdf)
|
SC 2.1 - 2.3
|
| 9/7/07 |
Lecture 5 |
Private Key Cryptography
(pdf)
|
SC 2.4-2.6, SC 12.2
|
| 9/12/07 |
Lecture 6 |
Public Key Cryptography and Crypto Hashes
(pdf)
|
SC 2.7-2.8, SC 12.3
|
| 9/14/07 |
Lecture 7 |
Certificates and key exchanges and
other fun tricks with cryptography
(pdf)
|
SC 2.8
|
| 9/19/07 |
Lecture 8 |
Security Policies
(pdf)
|
|
| 9/21/07 |
Lecture 9 |
Review
(pdf)
Exams keys from last year:
Exam 1 included risk analysis and policy and
Exam 2 included cryptography.
Original exams (without the answers) at
exam1 and
exam2.
|
|
| 9/26/07 |
Exam 1
|
Exam will be given in the evening (7-8:15pm) in
112 and 114 of the
Transportation Building
|
Exam key and comments |
| 9/28/07 |
Lecture 10 |
General OS Security:
memory protection and access control
(pdf)
Updated direct control privilege rules as pointed out by Tim.
|
SC 4.1-4.4
Intel 64 and IA-32 Architectures Software Developer's Manual
Sections 4.5 through 4.8
|
| 10/3/07 |
Lecture 11 |
General OS Security:
authentication
(pdf)
|
SC 4.5
and Handbook of Applied Cryptography chapter 10
|
| 10/5/07 |
Lecture 12 |
Trusted OS: policies and models
(pdf)
|
SC 5.1-5.3
|
| 10/10/07 |
Lecture 13 |
Trusted OS:
Trusted OS Design
(pdf)
and
Evaluation Frameworks
(pdf)
|
SC 5.4-5.5
|
| 10/12/07 |
Lecture 14 |
Example trusted operating systems
(pdf)
|
Optional readings noted in slides. |
| 10/17/07 |
Lecture 15 |
Malicious Code
(pdf)
|
SC 3.1-3.4
|
| 10/19/07 |
Lecture 16 |
Building security in
(pdf)
|
SC 3.5 plus threat modeling reading posted to compass
|
| 10/24/07 |
Lecture 17 |
Finishing up material from previous two lectures.
Computer Law and ethics is postponed until after the exam.
|
SC 11
|
| 10/26/07 |
Lecture 18 |
Exam 2 review
(pdf)
Exams keys from last year:
Exam 1 included trusted policies and models
Exam 2 included authentication.
Original exams (without the answers) at
exam1 and
exam2.
|
|
| 10/31/07 |
Exam 2 |
Exam will be given in the evening (7-8:15pm) in
112 and 114 of the
Transportation Building
|
Exam key and comments |
| 11/2/07 |
Lecture 19 |
Network Security: Overview and threats
(pdf)
|
SC 7.1-7.2
|
11/7/07 |
Lecture 20 |
Network security architecture and control mechanisms
(pdf)
|
SC 7.3-7.5
|
| 11/9/07 |
Lecture 21 |
Completing Network Security Architecture and Controls
|
|
| 11/14/07 |
Lecture 22 |
Security and Law
(pdf)
|
SC 11, reading on compass, and CyberLaw Web Course
|
| 11/16/07 |
Lecture 23 |
Database Security
(pdf)
|
SC 6
|
| 11/28/07 |
Lecture 24 |
Physical security and EMSEC
(pdf)
|
SC 8.4, reading on forensics posted to compass,
Soft Tempest
|
| 11/30/07 |
Lecture 25 |
Finish up with EMSEC (from the previous slide set).
WEP, a case study of how to put together good crypto badly.
(pdf)
|
Several papers in the slides. One of them is
Unsafe at any key size; An analysis of WEP encapsulation
|
| 12/5/07 |
Lecture 26 |
Lars Olson will guest lecture on additional database security
issues including SQL injection attacks and additional issues in
database access control.
slides
|
|
| 12/7/07 |
Lecture 27 |
Review
(pdf)
|
Last year's final and
key
Our topics are slighly different from last year. Namely, we did not
cover TPM, the details of the HRU model, the details of IPSec, or
privacy/anonymity.
|
| 8-11am 12/12/07 |
Final Exam |
Last name A-K in room 32 Psychology.
Last name L-Z in room 245 Wohler Hall.
|
