582215 INTRODUCTION TO COMPUTER SECURITY, 4th period, spring 2010

Last changes March 30, 2010

General

The course is a bachelor-level course, compulsory for everybody. The importance of computer security has increased all the time. It must be taken into account in administration, software engineering, in the use of computers, and in maintenance. Because of this, it is compulsory and its aim is to give an overview of the area.

It is assumed that every student has passed the course Introduction to Data Communication and that everybody knows something about operating systems. We do not use much cryptography in this course, so mathematical techniques are not needed. Only when introducing public key infrastructure we need modulo arithmetics, but it is easy and we go through the basic facts.

Lectures and Exercises

Lectures March 16 - April 28 2010 Tue, Wed 12-14, B123, in Finnish. Lecturer Timo Karvi. There is one exercise group in English, on Thursdays 14-16 BK106 (March 22 - April 30) Harri Forsgren.

The course exam consists of 54 points and the exercises can bring 6 points more. The exercises generate 6 points, if you have solved 80% of all the exercises. In order to take part in the course exam, you must solve at least 40% of the exercises and this produces 1 point. The course is passed with 30 points (1/5).

After the course, there are 4 separate exams, where exercises are not taken into account.

Material

There is no single course book, but the course is based on many sources. I will publish the relevant English sources every week on this page.

Reference books

1. Bishop-1: Matt Bishop: Introduction to Computer Security. Addison Wesley 2005.
2. Bishop-2: Matt Bishop: Computer Security. Addison Wesley 2003.
3. Stallings: William Stallings: Cryptography and Network Security, Prentice Hall, 3rd or 4th edition (the same things also in earlier editions, but chapter and section numberings may be different).

Schedule

1. Week 1, 15-16 March: Pages 1-6, and 31-46 in this material. Plus Bishop-1, chapter 12, Design Principles (pp 199-209) or Bishop-1, chapter 13, Design Principles.
2. Week 2, 22-26 March: Pages 16-30 in the previous week's material. Plus Bishop -2, section 4.4 (pp 103-104). Plus Rainbow Table in wikipedia. Plus Bishop-2, sections 22.1-22.6
3. Week 3, 29-31 March: Bishop-2, section 29.5 (pages 887-913).
4. Week 4, 12-16 April: The Java Security Model from http://java.sun.com/security/javaone97-whitepaper.html (Sandbox, Class LoaderByte-Code Verifier, Security Manager, Type Safety). Plus Gasperoni, Dismukes: Multilanguage Programming on the JVM: The Ada 95 Benefits (the problems with Java). Plus http://developers.sun.com/solaris/articles/secure.html (Secure C Programming). Plus Bishop-2: 26.2.1 (Data Classes), 26.2.2 (User Classes). Plus Bishop-2: 28.3.1.3 (File Deletion), 28.4.1 (Copying and Moving Files)
5. Week 5, 19-23 April: Stallings 3.6, 3.7 Block Cipher Design Principles and Modes of Operation. Stallings 11.1 - 11.5 Message Authentication and Hash Functions. Plus Stallings 20.1 Firewall Design Principles.
6. Week 6: 26-30 April: Stallings 9.1 (Principles of public-key cryptosystems), 9.2 (RSA: Description of the Algorithm), Stallings 14.2 (X.509 Authentication Service, 14.3 (Public-key Infrastructure). Plus article PKI: It's Not Dead, Just Resting by Peter Gutmann, University of Auckland (http://www.cs.auckland.ac.nz/~pgut001/pubs/notdead.pdf).

Actual

• Easter holiday April 1-7. At that time, no lectures and no exercises.

Exercises

• Exercise 1, March 22-26.
• Exercise 2, March 29 - April 9.
• Exercise 3, April 12- 16.
• Exercise 4, April 19-23.
• Exercise 5, April 26-29.