Course Length:

20 hours over 10 weeks (1 two-hour meeting per week)

Course Description:

Software engineering for secure systems. Security models and implementations. Formal methods for specifying and analyzing security policies and system requirements. Development of secure systems, including design, implementation, and other life-cycle activities. Verification of security properties. Resource access control, information flow control, and techniques for analyzing simple protocols. Evaluation criteria, including the Orange and Red books and the Common Criteria, technical security evaluation steps, management, and the certification process. Prerequisites: AMTH 387 (Cryptology) and COEN 250 (Information Security Management).

Course Learning Objective:

Awareness of basics of information security, including threats, vulnerabilities, countermeasures, and risk management. Understanding of systems life cycle management, contingency planning, software security, network security, auditing, and monitoring.

Major Topics:

Understanding of a model of information systems security. Understanding of vulnerabilities in and threats to information security and of countermeasures against those vulnerabilities and threats. Design, implementation, and life-cycle management of secure systems. Understanding of access control and protection of systems. Understanding of physical, personnel, administrative, and transmission security. Concepts of trust and formal verification. Understanding of software security concepts and mechanisms, auditing, and monitoring.

Method of Instruction:

Lecture, assignments, projects

Evaluation Methods:

Tests, assignments, projects