NORFOLK STATE UNIVERSITY
700 PARK AVENUE * NORFOLK, VIRGINIA * 23504
Robinson Technology Center (RTC)
Office:: (757) 823-9454     Fax: (757) 823-9229
Email: CompSci@nsu.edu

Computer Science Courses

DEPARTMENT OF COMPUTER SCIENCE SYLLABUS

COURSE NUMBER & TITLE:
CSC-435   Computer Security
COURSE CREDITS:
3
PREREQUISITES:
CSC 430 (Data Communications) or permission of the instructor.
CO-REQUISITES:
See Instructor
COURSE DESCRIPTION:

This course is designed for seniors and IT professionals to learn computer and network security theories and practices that can be used to significantly reduce the security vulnerability of computers on internal networks or the Internet. The course assumes some familiarity with various operating systems and computer networks. Topics include cryptography, program security, operating systems security, database security, network security, security administration, computer ethics and legal issues.

COURSE MATERIALS / REQUIRED TEXT(s) / SUPPLEMENTARY READINGS:
    Required Text:
  • Security in Computing by Charles P. Pfleeger, Shari Lawrence Pfleeger, Prentice Hall.

  • References:
  • Computer Security: Art and Science by Matt Bishop, Addison Wesley.
  • Introduction to Computer Security by Matt Bishop; Addison Wesley; 2004

Purchase books/supplies Online at NSU Barnes & Nobles Bookstore (http://norfolkstate.bncollege.com)

COMPUTER SCIENCE OFFICE LOCATION:

The Department of Computer Science is located in Suite 320 Robinson Technology Center. The individual faculty offices are located within the suite.

COURSE RATIONALE:

This course is an advanced elective course for the Bachelor of Science degree.

COURSE GOALS & INTENDED OUTCOMES

    Main Objective:
  • Students will attain basic knowledge of the most important topics in Information Assurance.

  • Measureable Objectives:
  • Understand commonly targeted vulnerabilities
  • Describe various protection mechanisms used to prevent these attacks
  • Understand the theory behind current cryptographic algorithms
  • Understand how to attack encryption systems
  • Describe the threats posed by malicious programs
  • Understand the role played by the operating system in computer security
  • Understand the various attacks against database systems and how to protect them
  • Explain how attackers compromise networks and the shortcomings in the current defense mechanisms.
  • Understand the issues in Computer Security administration.
  • Distinguish between unethical and illegal activities and understand the responsibility of computer professionals to encourage ethics in the work place.

COURSE OUTLINE

1.0 Security Basics 1.1 Meaning of Computer Security
1.2 Attacks
1.3 Security Goals
1.4 Computer Crime and Criminals
1.5 Methods of Defense
2.0 Elementary Cryptography
2.1 Symmetric Encryption
   2.1.1 Cryptanalysis
   2.1.2 Complexity
2.2 Public Key Cryptography
   2.2.1 Mathematics
   2.2.2 Complexity
   2.2.3 Hash Functions
   2.2.4 Key Exchange
   2.2.5 Digital Signatures
   2.2.6 Digital Certificates
3.0 Program security
3.1 Secure Programs
   3.1.1 Fixing Faults
   3.1.2 Unexpected Behavior
   3.1.3 Types of Flaws
3.2 Non Malicious Program Errors
   3.2.1 Buffer Overflows
   3.2.2 Incomplete Mediation
   3.2.3 Time-of-Check to Time-of-Use Errors
3.3 Viruses and Other Malicious code
3.4 Covert Channels
3.5 Controls Against Program Threats
   3.5.1 Secure Software Development
   3.5.2 Software Testing
   3.5.3. Proof of Correctness
4.0 Protection Mechanisms in Operating Systems 4.1 Access Control
4.2 File Protection Mechanisms
4.3 User Authentication
5.0 Trusted System Design 5.1 Trusted Systems
5.2 Security Policies
   5.2.1 Military Security
   5.2.2 Commercial security policies
5.3 Trusted Operating Systems Design
   5.3.1 Identification
   5.3.2 Mandatory and Discretionary Access Control
   5.3.3 Object Reuse
   5.3.4 Complete Mediation
   5.3.5 Trusted Path
   5.3.6 Accountability and Audit
   5.3.7 Intrusion Detection
5.4 Assurance in Trusted Operating Systems
5.5 Evaluation and The Common Criteria
6.0 Database Security 6.1 Database Concepts
6.2 Security Requirements
6.3 Reliability and Integrity
6.4 Sensitive Data
6.5 Inference
6.6 Multilevel Security
7.0 Security in Networks 7.1 Media
7.2Topologies
7.3 Protocols
7.4 Threats in a Network
7.5 Network Security Controls, COMSEC
7.6 Firewalls
7.7 Intrusion Detection Systems
7. 8 Secure Email
8.0 Administering Security
8.1 Security Planning
8.2 Risk Analysis
8.3 Organizational Security Policies
8.4 Physical Security
9.0 Legal, Ethical and Privacy in Computer Security
9.1 Protecting Programs and Data, Information and the Law
9.2 Rights of Employees and Employers, Redress for Software failures ,Computer crime and Ethical Issues
9.3 Privacy in Computing
   9.3.1 Principles and Policies
   9.3.2 Privacy in Computing
   9.3.3 Privacy on the Internet
   9.3.4 Authentication and Privacy
   9.3.5 E-mail Security

PRIMARY METHOD(S) OF INSTRUCTION / METHODS TO ENGAGE STUDENTS

    The instructional method use will be inductive, going from specific to general. Learners will acquire new knowledge through exposure to new material and ideas, and will discuss these ideas and concepts on the discussion board. The following instructional strategies and methods will be used to achieve the learning objectives:
  • Class discussions
  • Collaborative learning
  • Assigned readings
  • Blackboard (on-line delivery)

GRADING STANDARDS

Tests 60%
Homework 20%
Projects 20%

The instructor reserves the right to revise the grading criteria as appropriate and will make reasonable attempts to notify students.

ACADEMIC INTEGRITY STANDARDS

Students are expected to adhere to the university's standard of conduct and the ACM Code of Ethics (http://www.acm.org/constitution/code.html). Honor code violations and ethical standards are enforced as in the Student Handbook.

SCHOOL-WIDE TUTORING SERVICES STATEMENT

The college of Science, Engineering, and Technology provides tutoring services through the STARS Tutoring Center for those NSU student who may be experiencing difficulties in Mathematics, Computer Science, Engineering, Biology, Chemistry, Nursing, Technology and Physics courses. The STARS office is located in Suite 100, RTC. This service is free of charge and provided to NSU students only. You can access information about this service by going to http://stars.nsu.edu.

AMERICANS WITH DISABILITIES ACT (ADA) STATEMENT

In accordance with Section 504 of the Rehabilitation Act of 1973 and the Americans with Disabilities Act (ADA) of 1990, we ask if you have a disability or think you have a disability, please contact O.A.S.I.S., the Office of Accessibility Services, upon registration at Norfolk State University to confidentially discuss any accommodation needs.

    Audrey M. Wells, Coordinator, O.A.S.I.S.
    Office of Accessibility Services and International Student Services
    Norfolk State University, 700 Park Ave., Student Services Center, Suite 110, Norfolk, VA. 23504
    Phone: 757-823-8325, Fax: 757-823-2640, Email: amwells@nsu.edu

UNIVERSITY ASSESSMENT STATEMENT

As part of NSU's commitment to provide the environment and resources needed for success, students may be required to participate in a number of university-wide assessment activities. The activities may include tests, surveys, focus groups and interviews, and portfolio reviews. The primary purpose of the assessment activities is to determine the extent to which the university's programs and services maintain a high level of quality and meet the needs of students. Students will not be identified in the analysis of results. Unless indicated otherwise by the instructor, results from University assessment activities will not be computed in student grades.

WRITING COMPETENCY ASSESSMENT

All first-time freshmen and readmitted students entering Fall 2001 and thereafter and transfer students entering Fall 2002 and thereafter are required to take an exit examination to assess writing competency. After completing ENG 102, students must register for ENG 299 (no credit, no charge) until successfully passing the Examination of Writing Competency. Degree-seeking students at the baccalaureate level are required to take the writing examination before completing 90 semester hours. Associate degree-seeking students must take the exam no later than one semester prior to the anticipated date of graduation. For more information, refer tot he NSU Undergraduate catalog.

UNIVERSITY WIDE & COURSE-SPECIFIC REQUIREMENTS

    Information Technology Literacy
  • Learning foundation skills (hardware, software, and operating systems).

    Critical Thinking
  • Solving problems utilizing application software from a narrative description.
  • Knowing the appropriate software application to apply to a specific task.

    Laboratory
  • Demonstrating proficiency in utilizing software applications.
CLASS ATTENDANCE POLICY

A student is expected to attend all classes. The student assumes all responsibility for work missed due to an absence. Make-up work may be permitted at the discretion of the instructor. Refer to the NSU Student Handbook (https://www.nsu.edu/Assets/websites/student-affairs/student-handbook/NSU-Student-Handbook.pdf)

NSU EMAIL ACCOUNT

In an effort to keep student informed about Norfolk State University updates and account information, students must check their official NSU email account frequently. You may access your official NSU email account through the MyNSU portal at https://www.nsu.edu/mynsu/index. Once there, follow instructions provided to login to the MyNSU portal (NOTE: you access your NSU email from within the MyNSU portal).

DISCLAIMER: The instructor reserves the right to revise the syllabus as appropriate and will make reasonable attempts to notify students.