CS 5950: Computer Security and Information Assurance—Spring 2007

Course Outline

Prof. Leszek Lilien

Department of Computer Science

Western Michigan University


Class Web Pages:

Syllabus - main page: index.htm

Detailed course outline (this page): outline.htm

Class slides and announcements: slides+announcements.htm



The following list of lecture topics is based on Table of Contents for the required textbook  (Pfleeger and Pfleeger, Security in Computing. Third Edition, Prentice Hall PTR, 2003, ISBN 0-13-035548-8).

I.   We'll cover the following issues (numbers are Chapter numbers):


1. Is There a Security Problem in Computing?
What Does “Secure” Mean? Attacks. The Meaning of Computer Security.
Computer Criminals. Methods of Defense.

2. Elementary Cryptography.
Terminology and Background. Substitution Ciphers. Transposition
(Permutations). Making “Good” Encryption Algorithms. The Data Encryption
Standard (DES). The AES Encryption Algorithm. Public Key Encryption. The
Uses of Encryption.


      Chapter 7 will be covered out-of-sequence to facilitate running lab exercises.

7. Security in Networks.

Note: Despite the short list of chapter  topics, we'll spend about  30% of lecture time in this area

Network Concepts. Threats in Networks. Network Security Controls.
Firewalls. Intrusion Detection Systems. Secure E-Mail. Summary of
Network Security.

3. Program Security.
Secure Programs. Nonmalicious Program Errors. Viruses and Other
Malicious Code. Targeted Malicious Code. Controls Against Program

4. Protection in General-Purpose Operating Systems.
Protected Objects and Methods of Protection. Memory and Address
Protection. Control of Access to General Objects. File Protection
Mechanisms. User Authentication. Summary of Security for Users.

Chapter 5 is optional - see below


6. Database Security.
Introduction to Databases. Security Requirements. Reliability and
Integrity. Sensitive Data. Inference. Multilevel Databases. Proposals
for Multilevel Security. Summary of Database Security.

Note: Possibly, much more on Information Assurance from my own lecture notes.


      Chapter 7 covered after Chapter 2 - see above


      Chapter8 is optional - see below

II.   We'll cover only the major selected topics/issues from:

9. Legal, Privacy, and Ethical Issues in Computer Security.
Protecting Programs and Data. Information and the Law. Rights of
Employees and Employers. Software Failures. Computer Crime. Privacy.
Ethical Issues in Computer Security. Case Studies of Ethics.

III.   If time allows, we'll cover also:

5. Designing Trusted Operating Systems.
What Is a Trusted System? Security Policies. Models of Security. Trusted
Operating System Design. Assurance in Trusted Operating Systems.
Implementation Examples. Summary of Security in Operating Systems.


8. Administering Security.
Security Planning. Risk Analysis. Organizational Security Policies.
Physical Security.




© 2007 by Leszek T. Lilien                                                                                                                Last updated on 1/10/07