CS 5950/6030: Computer Security and Information Assurance—Spring 2006


Prof. Leszek Lilien

Department of Computer Science

Western Michigan University

© 2006 by Leszek T. Lilien


Class Web Pages:



Detailed Syllabus (this page):


Class slides and announcements:





The following list of lecture topics is based on Table of Contents for the required textbook  (Pfleeger and Pfleeger, Security in Computing. Third Edition, Prentice Hall PTR, 2003, ISBN 0-13-035548-8).

I.   We'll cover the following issues (numbers are Chapter numbers):


1. Is There a Security Problem in Computing?
What Does “Secure” Mean? Attacks. The Meaning of Computer Security.
Computer Criminals. Methods of Defense.

2. Elementary Cryptography.
Terminology and Background. Substitution Ciphers. Transposition
(Permutations). Making “Good” Encryption Algorithms. The Data Encryption
Standard (DES). The AES Encryption Algorithm. Public Key Encryption. The
Uses of Encryption.

3. Program Security.
Secure Programs. Nonmalicious Program Errors. Viruses and Other
Malicious Code. Targeted Malicious Code. Controls Against Program

4. Protection in General-Purpose Operating Systems.
Protected Objects and Methods of Protection. Memory and Address
Protection. Control of Access to General Objects. File Protection
Mechanisms. User Authentication. Summary of Security for Users.

Chapter 5 is optional - see below

7. Security in Networks.

        Note: despite the short list of chapter  topics, we'll spend probably 30% of the course on this
Network Concepts. Threats in Networks. Network Security Controls.
Firewalls. Intrusion Detection Systems. Secure E-Mail. Summary of
Network Security.


6. Database Security.
Introduction to Databases. Security Requirements. Reliability and
Integrity. Sensitive Data. Inference. Multilevel Databases. Proposals
for Multilevel Security. Summary of Database Security.

Note: Possibly, much more on Information Assurance from my own lecture notes.

II.   We'll cover only the major selected topics/issues from:


Chapter 8 is optional - see below

9. Legal, Privacy, and Ethical Issues in Computer Security.
Protecting Programs and Data. Information and the Law. Rights of
Employees and Employers. Software Failures. Computer Crime. Privacy.
Ethical Issues in Computer Security. Case Studies of Ethics.

III.   If time allows, we'll cover also:

5.Designing Trusted Operating Systems.
What Is a Trusted System? Security Policies. Models of Security. Trusted
Operating System Design. Assurance in Trusted Operating Systems.
Implementation Examples. Summary of Security in Operating Systems.


8. Administering Security.
Security Planning. Risk Analysis. Organizational Security Policies.
Physical Security.