CS 336: Introduction to Information Assurance
Catalog Description: Introduces the confidentiality, availability and integrity goals of information systems; resistance, recognition and response categories of assurance. Focus on computer security and survivability, including cryptography, network security, general purpose operating system security and dependability, and special purpose systems for high assurance security and dependability.
Type: Technical elective for all Computer Science majors, Required for Computer Science with Information Assurance majors.
Total Credits: 3
Contact Hours: 1 hour of lecture and 4 hours of laboratory per week.
Course Coordinator: Daniel Conte de Leon
URL: Course site on Blackboard (http://bblearn.uidaho.edu/).
Prerequisites: All CS-100 and CS-200 level courses with a C or better, plus ENGL-102 and COMM-101.
Textbook: Authors: William Stallings and Lawrie Brown. Title: Computer Security Principles and Practice. Edition: Third Edition. Publisher: Pearson Education, ISBN-13: 978-0-13-377392-7.
Prerequisite Knowledge and Abilities:
- Ability to develop well-written and well-formatted technical reports: ENGL-102.
- Ability to develop and present technical presentations: COMM-101.
- Ability to perform problem analysis and solution design: CS-120 and CS-121.
- Ability to understand the C language's memory model: CS-121 and CS-150.
- Ability to understand Assembly language: CS-150.
- Ability to design and write programs in multiple high level languages: CS-120, CS-121, and CS-210.
- Ability to understand Operating Systems features and functionality: CS-240 and CS-270.
- Ability to understand code written by others (CS-120, CS-121, CS-210)
Major Topics Covered
- Concepts of confidentiality, integrity, and availability, and authentication, authorization, and accountability (CIA-AAA); Saltzer and Schroeder secure design principles, and Defense in depth (3 hours).
- Legal and ethical issues in Information Assurance, specifically with focus on security (3 hours).
- Types of threats, malicious activities, and cyber-attacks; Adversary model; Threat prioritization and adequate defenses and countermeasures (3 hours).
- Authentication and access control (3 hours).
- Symmetric encryption (3 hours).
- Asymmetric encryption (3 hours).
- Buffer Overflow: Types and details of buffer overflow vulnerabilities and attacks and techniques for prevention and mitigation (3 hours).
- Program Security and assurance: software engineering concepts of security and dependability including: secure design principles, secure coding and defensive programming, testing, maintenance, and system design for security (3 hours).
- Operating system security: issues related to general purpose operating systems for security and dependability; Vulnerability scanning and 0-day; Basics of systems hardening (3 hours).
- Web and database security including: secure database design, cross-site scripting, and SQL injections (3 hours).
- Network security and dependability: overview of common concerns and solutions; Firewalls and IDS (3 hours).
- Secure systems administration: configuration management, system management, maintenance, patching, and upgrading, and organizational policies (3 hours).
- Security policies and compliance issues related to the implementation of security within organizations (3 hours).
- Define most of the common and standard terms in the domains of Information Assurance (IA) and Cybersecurity. (ABET CSAB Student Outcome(s): a).
- Describe the focus areas in Information Assurance (sub-domains), their organization and categorization and their rationale within the domain. (ABET CSAB Student Outcome(s): c).
- Describe the types of threats, attacks, and the potential actors and their possible motivations. (ABET CSAB Student Outcome(s): a, g).
- Describe the most common techniques and approaches in Information Assurance and their applicability to different threats and systems. (ABET CSAB Student Outcome(s): b).
- Demonstrate the ability to investigate and report in detail a given topic, independently and in small groups. (ABET CSAB Student Outcome(s): b, d, f).
- Critically evaluate host and networked sample computing systems for security vulnerabilities, identify failed security design principles, and propose adequate countermeasures. (ABET CSAB Student Outcome(s): b, c).
- Analyze source code in search of vulnerabilities and implement vulnerability mitigations. (ABET CSAB Student Outcome(s): b, c, k).
- Determine and implement vulnerability mitigations in sample systems, including the use and application of information technology, software development, and human resource and organizational policy techniques and approaches. (ABET CSAB Student Outcome(s): i, j).
- Describe the laws concerning information assurance, security and privacy; Indicate the U.S. laws that may apply to particular scenarios. (ABET CSAB Student Outcome(s): e).
- Critically apply ethic principles to known and scenario-based situations. (ABET CSAB Student Outcome(s): e, g).