Computer Security Course

06/25/07

Dr. Ron Rymon

PhD, University of Pennsylvania

Abstract

This course is given once a year at The Efi Arazi School of Computer Science at the Interdisciplinary Center in Herzliya. I also sometimes give part of this course in a special "executive education" format, primarily to US corporations that want executives and line managers to understand the growing implications of computer security in light of governance requirements and regulations such as Sarbanes Oxley, PCI, etc.

In this course, I overview both traditional and current focus areas of computer and network security. While surely covering the theoretical foundations of computer security, the course is also very current and tries to bridge between the theory and the practice. I continuously adapt the course with new materials and new technologies. The course starts with basic theoretical cryptography and identity authentication algorithms, including some historical evolution and examples. It then continues with actual implementations of security protocols and mechanisms.

Syllabus

	Introduction to Computer Security. This part tries to provide the motivation for computer security, and then provides an overview of computer security models.
	History of Cryptography and Steganography. We start with ancient cryptography and cryptanalysis, and progress until reaching modern cryptography. Caesar cipher, Vigenere, Enigma.
	Conventional Cryptography. This section covers symmetric encryption principles and most common algorithms, including Feistel Networks, DES, TC5, and AES. We also cover MACs and HMACs.
	Public-Key Cryptography. We cover the major public-key algorithms such as Diffie-Hellman and RSA, digital signatures, certificate authorities, etc.
	Identity Authentication. We cover authentication principles, weak and strong authentication, challenge response, zero-knowledge proofs, multi-factor authentication, and biometric authentication methods.
	Secure Communications. Covers the following subjects: IT Layer Security (IPSec) and VPNs; Web security with SSL; Wireless LAN security (WEP, WPA);
	Access Control. Covers the following subjects: Common access control mechanisms; Role-based Access Control (RBAC); Identity Management and Provisioning systems; Public-Key Infrastructure (PKI); Firewalls and Web Application Gateways; and Kerberos
	Malicious Code and Intrusions. Covers the following subjects: Malicious Codes (Viruses, Worms, Trojans, Spyware); Intrusion Detection & Prevention; Denial of Service (DoS) and DDoS.
	Application Security. Covers the following subjects: E-mail security (PGP, S/MIME), Spam and Phishing; Voice of IP (VoIP) security; Cellular phone security.
	Market Trends. In this final course, I bring guest speakers that shed some light on industry trends and new technologies.

Books

	Network Security Essentials: Applications and Standards. William Stallings.
	Applied Cryptography. Bruce Schneier.
	Role-based Access Control. Ferraiolo, Kuhn, and Chandramouli.
	The Code Book. Simon Singh.
	Know Your Enemy. The HoneyNet Project.

Home | Computer Security Course | Database Marketing Course

This site was last updated 11/19/05