CS 336 Introduction to Information Assurance

Total Credits: 3 cr

Course Coordinator: Jim Alves-Foss

URL: http://www2.cs.uidaho.edu/~oman/CS336/CS336_F07_syllabus.pdf

Current Catalog Description: Introduces the confidentiality, availability and integrity goals of information systems; resistance, recognition and response categories of assurance. Focus on computer security and survivability, including cryptography, network security, general purpose operating system security and dependability, and special purpose systems for high assurance security and dependability. Prereq: CS 240.

Textbook: Charles Pfleeger and Sari Lawrence Pfleeger, Security in Computing, 3rd ed, Prentice Hall, 2003. or equivalent text.

References: In addition to the text book students are provided with lecture note handouts, and links to references materials through the course website.

Course Goals: The primary goal of this course is to provide each student with an understanding of the field of information assurance. We start the course with a discussion of the McCumber cube which defines information assurance in a 3 dimensional aspect. The first dimension is where information is handled: in transmission, storage and processing. The second dimension consists of the goals of information assurance: confidentiality, integrity, and availability. The third dimension discusses the ways in which the goals are handled based on the location of the information: technology, policy, and education & training. The successful student will be able to look at a situation and examine it from all aspects of the McCumber cube, understanding the applicability and ramification of certain choices.

Emphasis is placed on understanding the fundamental nature of information assurance and the wide impact it has on the community. Students will learn that the problem is multi-faceted and that technological solutions must go hand-in-hand with policy and education. Additional goals are to place students in a situation that will require them to apply and improve their technical writing (IV-16) skills, to increase their competence in the understanding of possible ramifications of software design decisions and failures.

Prerequisites by Topic: List topics

• Knowledge of fundamental material covered in the core content areas sufficient to allow achievement of project objectives (IV-6)
• Knowledge of basic problem analysis and solution design processes and techniques (IV-7) (CS 120, 121)
• Writing skills (Engl 102)
• Formal presentations skills (Comm 101)
• Proficient programming skills in a high level language such as C++ or Java (IV-8) ( CS 120, 121, 127)
• Knowledge of basic operating system features and functionality (CS 240, CS 270)
• Ability to understand code written by others (CS 120, 121, 383 or 480)

Major Topics Covered in the Course:

• Introduction to Information Assurance – discusses concepts of confidentiality, integrity and availability as well as approaches to solving them through resistance, recognition, and response. (6 hours) (SP5, SP7, SP8)
• Cryptographic Basics – concepts of public and private keys as well as network use of cryptography. (3 hours)
• Program Security and Dependability – software engineering concepts of security and dependability including testing, maintenance and design schemes. (6 hours) (SE4, SE5, SE12)
• General OS security and dependability – issues related to general purpose operating systems for security and dependability. (6 hours) (OS7)
• Trusted operating system issues – goals and techniques for trusted operating systems. (3 hours) (OS10)
• Database security and dependability. (3 hours) (IM2)
• Network security and dependability – overview of common concerns and solutions. (6 hours) (NC3)
• Security and Dependability Administration – configuration management, system management, maintenance, etc. (6 hours)
• Legal, Privacy and Ethical issues in information assurance, specifically with focus on security. (6 hours) (SP4, SP7)

Laboratory projects (specify number of weeks on each): None.

Estimated Curriculum Category Content:

Area	Core	Advanced	Area	Core	Advanced
Algorithms			Data Structures
Software Design		2 cr.	Prog. Languages
Computer Arch			Other		1 cr.

The Software Design Category focuses on understanding the software design and development process as it applies to supporting the goals of information assurance. Although the vast majority of activity in this course is contained within the Software Design category, some attention may be paid to other areas as needed to support effective analysis of information assurance.

Oral and Written Communications: Every student is required to submit at least 4 written reports (not including exams, tests, quizzes, or commented programs) of typically 1 page for three of them and 5-7 double column, 10pt font single spaced pages for the other one, and to makes no oral presentations.

Each student is required to write a term paper and at least three literature reviews. The literature reviews consist of a one page summary of a journal or conference paper related to the course. The student must summarize the material and provide an opinion / critique of the contents. The assignments are graded 50% on English (grammar, punctuation, and spelling) and 50% on content (including organizational structure, flow, as well as quality of summary and critique). For the term paper the student must submit a 1 paragraph topic proposal with 3 academic references. After approval of the topic the student submits a draft of the paper (75% complete) which is “edited” and graded for English and content. The students must make the editorial changes to the draft and submit a final full version which is also graded for English and Content. The format of the paper is based on IEEE conference style format (2 column, 10pt font), and the papers are 5-7 pages long with 8-12 references.

Social and Ethical Issues: Students are expected to complete all assignments in a professional and ethical manner, including open and honest communication with their course instructor and customer. The course introduces the concepts of computer crime and computer security as well as the ramifications of faulty software development processes. Specifically Chapter 9 of the text, “Legal, Privacy and Ethical Issues in Computer Security” discusses the concepts of copyrights, patents, trade secrets, legal issues relating to information, rights of employers and employees, software failure reporting and computer crime. The class spends about two weeks on this topic with assigned homework problems, quiz questions and exam questions (15%)

Theoretical Content: The text discusses some mathematical theory related to cryptography, specifically Shannon information theory, the relationship of complexity theory for cryptography and some elementary number theory. We spend 3 hours on mathematical theory concepts (7%).

Problem Analysis: Students are presented with several small examples of system configurations and asked to determine the information assurance aspects of the system. This may involve determining bad design or policy or introducing new mechanisms to support the information assurance goals. (10%).

Solution Design: In conjunction with the problem analysis students spend some time developing solutions to information assurance problems. (10%).

Course Outcomes: The following list documents the course outcomes and crossreferences them to the BSCS program outcomes. The letter at the beginning of each reference identifies the program outcome supported. The numbers sequentially identify the course outcome for this course. After completing CS 336 a student should be able to: