Secure Systems Development
and Evaluation I
20 hours over 10 weeks (1 two-hour meeting per week)
Software engineering for secure systems. Security models and
implementations. Formal methods for specifying and analyzing security
policies and system requirements. Development of secure systems,
including design, implementation, and other life-cycle activities.
Verification of security properties. Resource access control,
information flow control, and techniques for analyzing simple
protocols. Evaluation criteria, including the Orange and Red books and
the Common Criteria, technical security evaluation steps, management,
and the certification process. Prerequisites: AMTH 387 (Cryptology) and
COEN 250 (Information Security Management).
Course Learning Objective:
Awareness of basics of information security, including threats,
vulnerabilities, countermeasures, and risk management. Understanding of
systems life cycle management, contingency planning, software security,
network security, auditing, and monitoring.
Understanding of a model of information systems security. Understanding
of vulnerabilities in and threats to information security and of
countermeasures against those vulnerabilities and threats. Design,
implementation, and life-cycle management of secure systems.
Understanding of access control and protection of systems.
Understanding of physical, personnel, administrative, and transmission
security. Concepts of trust and formal verification. Understanding of
software security concepts and mechanisms, auditing, and monitoring.
Method of Instruction:
Lecture, assignments, projects
Tests, assignments, projects
| © 2006 Center for
Advanced Study and Practice of
Information Assurance (CASPIA), Santa Clara University