Unit Outline: ITEC855 Security Technologies
Semester 1, 2008
Convenor: Dr. M. Hitchens
Prerequisites: Some programming ability, to the level of having completed ITEC802, is necessary for completing the practical material in this unit
Students should read this unit outline carefully at the start of semester. It contains important information about the unit. If anything in it is unclear, please consult one of the teaching staff in the unit.
About This Unit
Security is of ever-increasing importance in modern computing. As the value of information stored in and transmitted by computing systems continually grows, so does the need to keep that information secure. Government and commercial organisations are paying increasing attention to the requirements of security. This unit covers the fundamental technologies from which all secure systems are constructed. It is intended both for those who will progress to further study in security and for those wishing to understand the technological basics of computer security.
Teaching Staff
| Role | Name | Room | Office hours | |
|---|---|---|---|---|
| Convenor, Lecturer | Dr. M. Hitchens | michaelh AT ics.mq.edu.au | E6A338 | Wednesday 4-5 |
| Lecturer | Mr. M. Baar | mbaar AT ics.mq.edu.au | ?? | ?? |
All emails related to ITEC855 should be sent to itec855-admin@ics.mq.edu.au and must include your full name and your student id number.
Classes
Each week you should attend the session on Wednesday night, starting at 6pm. The format of the class will vary from week to week, sometimes being lecture based, sometimes being workship based.
Note that classes commence in week 1.
Required and Recommended Texts
The textbook for this semester is:
- Kaufman, C., Perlman, R.,& Speciner, M., .Network Security, Private Communication in a Public world, 2nd ed., Prentice Hall PTR., 2002.
This textbook is available from the University Co-op Bookshop.
Additional reading that you may find useful for this unit:
- Stallings, W., .Cryptography and Network Security: Principles and Practice, 3rd ed., Prentice Hall PTR., 2003
- Stallings, W., .Network Security Essentials: Applications and Standards, Prentice Hall, 2000
- Kruse, W.G. & Heiser, J.G., Computer Forensics: Incident Response Essentials, Addison Wesley, 2002
- Anderson, R., Security engineering, Wiley 2001.
- Volonino, L. & Robinson, S.R., Principles and Practice of Information Security, Pearson Prentice Hall, 2004.
- Schneier, B., Secrets and Lies: Digital Security in a Networked World, 2nd edition Wiley, 2004.
Unit Web Page
The web page for this unit can be found at http://online.mq.edu.au/pub/COMP125. Note that the majority of the unit materials are publicly available while some material requires you to log in to WebCT to access it.
The unit will make use of discussion boards hosted within WebCT. Please post questions there, they will be monitored by the staff on the unit.
Learning Outcomes
A student completing the unit should have:
- Knowledge of the basic issues of computer security, including threats, attacks, mechanisms and policy.
- An understanding of the basic building blocks of secure applications (such as the various forms of cryptography, access control and authentication) and how to employ them in creating secure software.
- An understanding of key management and key management systems, such as PKI and KDCs.
- An understanding of basic security in practice. This can include web-based security, firewalls, malicious code and implementation of secure protocols and architectures.
- An introductory understanding of computer forensics
- Considered issues in regards to purchasing security products
In addition to the discipline-based learning objectives, all academic programs at Macquarie seek to develop students' generic skills in a range of areas. One of the aims of this unit is that students develop their skills in the following:
- Communication skills;
- Critical analysis skills;
- Problem-solving skills;
Teaching and Learning Strategy
ITEC855 is taught via lectures and workshop sessions. Lectures are used to introduce new material and discuss the princples of security. While lectures are largely one to many presentations, you are encouraged to ask questions of the lecturer to clarify anything you might not be sure of. In the workshops you will put into practice the material from lecturers and investigate the use of security technologies. This will allow students to develop practical copetency with the unit material.
Each week you should:
- Attend lectures (if it is alecture week), take notes, ask questions.
- Attend the workshop session (if it is a workshop week), work on the practical material and seek feedback on your work.
- Read appropriate sections of the text, add to your notes and prepare questions for the teaching staff.
Lecture notes will be made available each week but these notes are intended as an outline of the lecture only and are not a substitute for your own notes or the textbook.
Topic List
Week |
Topic |
Reading |
|---|---|---|
1 |
Lecture - Symmetric Key Cryptography and Hashing |
Chapters 2, 3, 4 & 5 |
2 |
Workshop - Symmetric Key Cryptography and Hashing |
Chapters 2, 3, 4 & 5 |
3 |
Lecture - Asymmetric Key Cryptography, Key management and Cryptanalysis |
Chapter 6 |
4 |
Workshop - Asymmetric Key Cryptography, Key management and Cryptanalysis |
Chatper 6 |
5 |
Lecture - Authentication and Access Control |
Chapters 9 & 10 |
6 |
Workshop - Authentication and Access Control |
Chapters 9 & 10 |
7 |
Lecture - PKI and Kerberos |
Chapters 13, 14, & 15 |
8 |
Workshop - PKI and Kerberos |
Chapters 13, 14, & 15 |
9 |
Lecture - Forensics |
|
10 |
Workshop - Forensics |
|
11 |
Lecture - Firewalls, Intrusion Dectection Systems, Viruses |
Chapter 23 |
12 |
Workshop - Firewalls, Intrusion Dectection Systems, Viruses |
Chapter 23 |
13 |
Quiz |
Relationship Between Assessment and Learning Outcomes
- Knowledge of the basic issues of computer security, including threats, attacks, mechanisms and policy. This will be assessed in the quizzes and put in to practice in the workshops.
- An understanding of the basic building blocks of secure applications (such as the various forms of cryptography, access control and authentication) and how to employ them in creating secure software This will be assessed in the quizzes and put in to practice in the workshops.
- An understanding of key management and key management systems, such as PKI and KDCs. This will be assessed in the quizzes and put in to practice in the workshops.
- An understanding of basic security in practice. This can include web-based security, firewalls, malicious code and implementation of secure protocols and architectures. This will be assessed in the workshops.
- An introductory understanding of computer forensics. This will be assessed in the quizzes.
- Considered issues in regards to purchasing security products. This will be assessed in the quizzes.
| Task | Planned Date | Total Marks |
|---|---|---|
| In-class Quizzes (3) | Weeks 5, 9, 13 | 45% (15% each) |
| Workshop Material | weeks 6, 10, 13 | 55% |
Your final grade will depend on your performance in each part separately. In particular you must fulfil all of the following in order to pass this unit:
- You must obtain an overall mark of at least 20.25 out of 45 in the three quizzes.
- You must obtain an overall mark of at least 24.75 out of 55 in the workshops.
- You must obtain an overall mark for the unit of at least 50.
All workshop material will be handed in during the workshop sessions.
All work submitted should be readable and well presented.
Late work will be accepted with a penalty of 10% of the marks for the assignment per day submitted late. Hence, an assignment submitted five days late will get at most half the marks. If you cannot submit on time because of illness or other circumstances, please contact the lecturer before the due date.
Plagiarism
Please refer to the Department of Computing Plagiarism Policy for the definition of plagiarism, advice on avoiding it and the penalties in place if you are found to have submitted plagiarised work.
University Policy on Grading
Academic Senate has a set of guidelines on the distribution of grades across the range from fail to high distinction. Your final result will include one of these grades plus a standardised numerical grade (SNG).
On occasion your raw mark for a unit (i.e., the total of your marks for each assessment item) may not be the same as the SNG which you receive. Under the Senate guidelines, results may be scaled to ensure that there is a degree of comparability across the university, so that units with the same past performances of their students should achieve similar results.
It is important that you realise that the policy does not require that a minimum number of students are to be failed in any unit. In fact it does something like the opposite, in requiring examiners to explain their actions if more than 20% of students fail in a unit.
Student Support Services
Macquarie University provides a range of Academic Student Support Services. Details of these services can accessed at http://www.student.mq.edu.au.