ITIS 6200/8200 - Principles of Information Security and Privacy - Spring 2008

UNC CHARLOTTE
DEPARTMENT OF SOFTWARE AND INFORMATION SYSTEMS

THR 6:30-9:15 PM Woodward Hall Rm 135
Professor Gail-Joon Ahn
Woodward Hall Rm 310F
Course office hours: THR 4:00-6:00 PM or by appt; e-mail all times
E-mail: gahn@uncc.edu (please prefix the subject of your message with ITIS6200)

Teaching Assistant: Robin Gandhi, rgandhi@uncc.edu, Office Hrs: THR 3:00-6:00PM at Woodward Hall 306

DESCRIPTION :

ITIS 6200/8200 is a 3-credit course. Topics include security concepts and mechanisms; security technologies; authentication mechanisms; mandatory and discretionary controls; basic cryptography and its applications; intrusion detection and prevention; information systems assurance; anonymity and privacy issues for information systems.

TOPICS:

Security Concepts

Confidentiality
Integrity
Availability
Usage

Security Mechanism

Prevention
Detection and recovery
Tolerance

Security Attacks and Threats
Authentication

Password
Dictionary attack
Password management
Strong authentication
Biometrics
Authentication in commercial systems

Access Control

MAC
DAC
RBAC

Cryptography

Secret-key encryption
Public-key encryption
Public-key digital signatures
Message Digests
Public-key certificate
Key agreement protocols

Network Security Technologies

Secure Network Protocols
IPSec
Intrusion Detection Concepts
Web security

Information Assurance

US Orange Book
International Common Criteria

Principles of Information Privacy Anonymity

Models for information privacy
Overview of legal and regulatory privacy frameworks

Security Education, Training, and Awareness (SETA)
Audit
Physical security

SCHEDULE (Tentative):

DATE	TOPICS	NOTES	READING
January 10	Security Concepts and Attacks	Lecture 1	Ch 1
January 17	Campus Closed	NONE	NONE
January 24	Authentication I: From Password to Biometrics	Lecture 2	Ch 12
January 31	Access Control	Lecture 3	Ch 2.1-2, 4.4, 5.2
February 7	Cryptography I (Basics)	Lecture 4	Ch 9
February 14	Cryptography II (Application)	Lecture 5	Ch 9, 11.4.2
February 21	Authentication II	Lecture 6	Ch 10.1-2
February 28	Midterm	NONE	ALL NOTES
March 6	Spring Break	NONE	NONE
March 13	DB Security	Lecture 7	-
March 20	Network Security	Lecture 8	Ch 26
March 27	Risk Management	Lecture 9	Ch 23.1-23.2.2
April 3	Assurance Methodologies and Tools	Lecture 10	Ch 19.2-3, 21.8-9
April 10	Cyber Crimes and Computer Forensics	Lecture 11	-
April 17	Project Presentation I	Schedule	-
April 24	Project Presentation II	Schedule	-
May 1	Final Exam	NONE	ALL NOTES
May 8	Project Overvew: Term Paper Due	NONE	NONE

READINGS:

RECOMMENDED TEXT BOOK

Computer Security by Matt Bishop, Addison Wesley

REFERENCES

Information Security by Marshall Abrams et al., IEEE
Security in Computing by Pfleeger, Prentice Hall
Fundamental of Computer Security Technology by Edward Amoroso, Prentice Hall
Network Security by Kauffman
Cryptography and Network Security William Stalling
Common Criteria for Information Technology Security Evaluation by ISO, 2000
Privacy in the Information Age by Fred Cate, Brookings Institution
The Electronic Privacy Papers by Bruce Schneier and David Banisar, John Wiley and Sons, Inc.

GRADING POLICY:

Grades are based on exams 60% (30% each) and class assignment/group project (report and project presentation) 40%.

Each group consists of at most three students and topic should be chosen in mutual agreement with Professor. Each group is also required to present their project to the whole class. And the final report should be submitted--at least 15 pages, 12 point, and double space. Class presentation MUST demonstrate the concepts of security topic clearly including some research reasoning. It will be 20 minutes presentation with at most 10-15 PPT slides. Students should submit a brief proposal (at least 3 pages, 12 pointt, single space) of term project by February 7, 2008 or earlier in class. Student must take initiative to make sure this happens in timely manner. In addition, all Ph.D students should present research paper(s) in class.

PROPOSAL AND TERM PAPER STRUCTURE

Objectives

Description of project

Background and related works

Your approach and architecture

Results or Implementation

Discussion and Conclusion

References

IMPORTANT DATES :

First Day of Classes January 10, 2008.

Proposal Due February 7, 2008.

Midterm February 28, 2008.

Spring Break March 3-8, 2008.

Class Presentation April 17 and April 24, 2008.

Last Day of Classes April 24, 2008.

Term Paper Due May 8, 2008.

Final Exam May 1, 2008.

ACADEMIC INTEGRITY

Students have the responsibility to know and observe the requirements of the UNC Charlotte Code of Student Academic Integrity (Catalog p. 375). This code forbids cheating, fabrication, or falsification of information, multiple submission of academic work, plagiarism, abuse of academic materials, and complicity in academic dishonesty. There are no special requirements regarding academic integrity in this course. The code will be strictly enforced and is binding on the students. Grade and academic evaluations in this course include a judgment that the student's work is free from academic dishonesty of any type; and grades in this course therefore should be and will be adversely affected by academic dishonesty. Students who violate the code can be expelled from UNC Charlotte. The normal penalty for a first offense is zero credit on the work involving dishonesty and further substantial reduction of the course grade. In almost all cases the course grade is reduced to an F. Copies of the Code can be obtained from the Dean of Students Office. Standards of academic integrity will be enforced in this course. Students are expected to report cases of academic dishonesty to the instructor immediately.

First Day of Classes	January 10, 2008.
Proposal Due	February 7, 2008.
Midterm	February 28, 2008.
Spring Break	March 3-8, 2008.
Class Presentation	April 17 and April 24, 2008.
Last Day of Classes	April 24, 2008.
Term Paper Due	May 8, 2008.
Final Exam	May 1, 2008.