UNYT Logo

 

University of New York Tirana

Komuna e Parisit,Tirana, Albania

Tel.: 00355-(0)4-273056-8 – Fax: 00355-(0)4-273059

Web Site Address: http://www.unyt.edu.al

Security Engineering

Spring 2010

 

Course            : Security Engineering (4 credits)

Instructor        : Dr. Marenglen Biba

Office              : Faculty building 1st floor

Office Hours   : Tuesday 15-17 PM or by appointment

Phone              : 42273056 / ext. 112

E-mail              : marenglenbiba@unyt.edu.al

Course page   : http://www.marenglenbiba.net/seceng/

 
Catalog Description

 

This module covers the core concepts of modern security engineering, and provides contextual application of theory, using examples regarding cryptography and security protocols.

 

Course Purpose

 

The goal of this class is to introduce students to engineering techniques for developing secure systems. The course will provide an introduction to security design and implementation with a focus on cryptography, security protocols and access control. It will provide a solid foundation for IT professionals/academics interested in the theory and practice of administration of complex scenarios involving security in computer systems.

 

At the end of the course students will be able to:

 

1.      Understand key concepts regarding security of computer systems.

2.      Understand and apply key concepts regarding cryptography.

3.      Understand and apply key concepts regarding security protocols.

4.      Understand and apply key concepts regarding access control.

5.      Engineer and develop secure software systems

 

 

Course Prerequisites      

Networking.

 

 

Required Readings

 

Ross J. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley | ISBN: 0471389226 Second Edition. (required).

 

Schneier Bruce. Applied Cryptography: Protocols, Algorithms and Source Code in C, Second Edition, , John Wiley & Sons, Inc., 1995 (2nd edition), ISBN: 0-471-11709-9. (required)

 

Handbook of Applied Cryptography (Discrete Mathematics and Its Applications)

Alfred Menezes (Editor), Paul van Oorschot (Editor), Scott Vanstone. CRC Press
ISBN: 0-8493-8523-7, October 1996, (recommended).

 

Matt Bishop. Computer Security: Art and Science. Publisher Addison Wesley, ISBN 0-201-44099-7, 2002. (recommended).

 

 

Content of the Course

 

Introduction to Security Engineering

Access Control

Cryptography

Cryptographic Protocols

Cryptographic Techniques

Cryptographic Algorithms

Multilevel Security

Multilateral Security

Secure Systems and Applications

Design and Implementation

 

Course Requirements

 

Students are required to attend lectures. Lecture material will be available after the class. Students are expected to participate in class discussions. In the event of illness or emergency, contact your instructor IN ADVANCE to determine whether special arrangements are possible.

 

Participation: Participation extends beyond mere attendance. You may miss up to two classes without penalty. Each absence beyond the first two will cost you points off of your grade. The only exceptions to this rule are severe illness (doctor’s note required) and UNYT approved trips/activities. Appropriate documentation for absences beyond the first two is necessary and is to be provided on the class day directly before or after the one you miss. Students are expected to collect materials from the online course page, their classmates or see the instructor during consultation hours.

 

Exams: Two examinations will be taken one midterm and one final. No Student may miss a scheduled exam without receiving permission before the administration of the exam. Make-up exams might be significantly different from the regular tests, and will be administered at a time of instructor own convenience.

 

Reading assignments: You will be required to read all the handouts, slides, and other relevant materials. Each week, I will notify you in class what specific materials to read and/or assignments to prepare for the week. The reading assignments are selected to give you adequate understanding of the course material.

 

Project: I will announce projects usually based on the chapters/materials covered in class. Due dates will be specified accordingly. Projects must be submitted as specified to be considered on-time. Late assignments are accepted with the following penalties: -2 if submitted the next day it is due, and -1 for each day late after that. I will accept e-mail submissions.

 

Make-up policy Midterm/Final exam: Only students who miss an exam for university-approved and verifiable reasons will be allowed to take a make-up exam. Even then, except in the most extreme circumstances, no student may miss a scheduled exam without receiving permission before the administration of the exam. Make-up exams might be significantly different in format from the regular tests, and will be administered at a time of my own convenience.

 

Cheating policy: Cheating policy: Exams, assignments, projects and quizzes are subject to the STUDENT HONOUR CODE. The University’s rules on academic dishonesty (e.g. cheating, plagiarism, submitting false information) will be strictly enforced. Please familiarize yourself with the STUDENT HONOUR CODE, or ask me for clarification.

 

Grading Policy

 

Assignments/Participation

10%

Project

30%

Midterm

30%

Final

30%

 

Grading Scale (Standard UNYT grading scale)

Letter Grade

Percent (%)

Generally Accepted Meaning

      A

96-100

Outstanding work

      A-

90-95

      B+

87-89

Good work, distinctly above average

      B

83-86

      B-

80-82

      C+

77-79

Acceptable work

      C

73-76

      C-

70-72

      D+

67-69

Work that is significantly below average

      D

63-66

      D-

60-62

      F

0-59

Work that does not meet minimum standards for passing the course

 

 

Technology Expectations

 

1.       Internet use is necessary since students should regularly check the course home page.

2.       Continued and regular use of e-mail is expected

3.       Students must keep copies of all assignments and projects sent by e-mail.

 

 

Course Material

1.       26/02/2010  Introduction

2.       04/03/2010  Passwords and Access Control

3.       11/03/2010  Introduction to Cryptography

4.       18/03/2010  Basic and Intermediate Protocols

5.       25/03/2010  Implementation: Cryptography in .NET and Java

6.       08/04/2010  Key Length and Key Management

7.       15/04/2010 MIDTERM

8.       22/04/2010  Implementation: Security API and Tools, Certificates in Java

9.       29/04/2010  Algorithm Types and Mode

10.   06/05/2010  Cryptographic Algorithms: Mathematical Background, DES

11.   13/05/2010  Combining Block Ciphers; Pseudo-Random-Sequence Generators and Stream Ciphers  

12.   20/05/2010  One-way Hash Functions and Public-Key Algorithms

13.   27/05/2010  Public-Key Digital Signature Algorithms, Key-Exchange Algorithms, Special Algorithms for Protocols. Multilevel Security.

14.   03/06.2010  Multilateral Security. Secure Systems and Applications.

 

 

Template for Assignment Results

Test 1   Test2 Test3

MIDTERM

Template for Project

Project Results

Final

 

     

Friday, 11 June 2010, by Dr. Marenglen Biba