Skip to main content

IS 7033 PhD Class Material

Center for Information Security Research and Education

  • Course Syllabus
  • Week 1 – Operational Model – GW
  • Week 2 – Infrastructure Protection & Info Warfare – BH
  • Week 3 – Ethics, hacker motivation, the law – NB
  • Week 4 – Policies, procedures, training, risk mgmt – AM
  • Week 5 – Certifications, secure architecture – AC
  • Week 6 – Authentication, Access control – AC
  • Week 7 – Information hiding – AC
  • Week 8 – Network Security, firewalls – SR
  • Week 9 – Telecommunications Security, wireless – SR
  • Week 10 – Malicious Software – BH
  • Week 11 – Incident Response, DRP, BCP – NB
  • Week 12 – Computer Crime, Forensics – NB
  • Week 13 – Regulations – AM
  • Week 14 – ROI, TCO, Insurance, Business Enabler – GW

Security and the Operational Model

Readings:

  1. Schneier.doc: Read. An excerpt from Schneier's book Secret's and Lies
  2. 2002survey.pdf: Skim. The 2002 Information Security Survey
  3. FBIsurvey.pdf: Skim. The 2001 CSI/FBI security survey. 2002 Survey 2003 Survey (extra)
  4. 800-14.pdf: Skim. The NIST publication entitled Generally Accepted Principles and Practices for Securing Information Technology Systems (800-12 background extra)
  5. inf_sec_mgt.pdf: Skim. The GAO's Executive Guide , "Information Security Management: Learning From Leading Organizations"
  6. IT Security.pdf: Skim. A CEI whitepaper entitled "IT Security: Perceptions, Awareness, and Practices
  7. Layered_Security.pdf. Skim. A Tripwire white paper entitled "Data Integrity Assurance In A Layered Security Strategy: Providing the Essential Foundation for Data Security"

For those of you who don't remember from the other security courses we taught here (or for those who didn't have an opportunity to take them), consider what we refer to as the Security Operational Model

Protection = Prevention + (Detection + Response)

What does this have to do with the readings above?

How would you summarize what you learned from the readings? How does it relate to what you already know about security? What other articles/books have you found that would support your general conclusions on this aspect of security?


Infrastructure Protection and InfoWar

Readings:

  1. 2003_Cyber_Security_RD_Agenda.pdf: Glance at. The Cyber Security Research and Development Agenda for the I3P.
  2. Cyber.pdf: Read. The National Strategy to Secure Cyberspace
  3. Cyberstrategy-draft.pdf: Skim. The DRAFT National Strategy to Secure Cyberspace, For Comment.
  4. Dsb-Defensive IO.pdf: Skim. Protecting the Homeland Report of the Defense Science Board Task Force on Defensive Information Operations
  5. Hr3162_patriot_act.pdf: Skim. A copy of House Bill H.R. 3162, the Patriot Act.
  6. Hr5710homsecbil.pdf: Skim. A copy of House Bill H.R. 5710, the Homeland Security Act of 2002
  7. Infra_prot_usgovII.pdf: Read. An article from NIST, U.S. Government Activities to Protect the Information Infrastructure
  8. Making the nation safer.pdf: Glance at. Making the Nation Safer; The Role of Science and Technology in Combating Terrorism.
  9. Nat_strat_hls.pdf: Skim. National Strategy for Homeland Security.
  10. Sec_infr.pdf: Skim. Practices for Securing Critical Information Assets.
  11. unrestricted.pdf: skim. Unrestricted Warfare, a translation of a paper by two Chinese PLA officers.
  12. US National Strategy for Physical Protection_infowar.pdf: glance at. The National Strategy for The Physical Protection of Critical Infrastructures and Key Assets.

Watch your reading time, what is it that the instructor for this course wants you to get out of these papers?

How would you summarize what you learned from the readings? How does it relate to what you already know about security? What other articles/books have you found that would support your general conclusions on this aspect of security?

How does the nation protect its critical infrastructures from cyber attacks?

How should (can?) government, academia, and industry work together to secure the cyber infrastructure?

Who should be in charge of securing the cyber infrastructure? What role does each entity have in this effort?

What role do exercises such as Dark Screen have in protecting the cyber infrastructure?

Why is this whole thing so hard to do????


Ethics and Hacker Motivation

Readings:

  1. Denning.doc: Read. An excerpt from Denning's book Information Warfare and Security.
  2. Hacker.txt: Hacker.doc (easier to print) Read. An old thesis entitled "The Social Organization of the Computer Underground"
  3. tr994.pdf: Read. A paper entitled "Are Computer Hacker Break-ins Ethical?"
  4. cdc.pdf: Skim. A paper entitled "How to 0wn the Internet in your Spare Time"
  5. HR5522.pdf: Skim. A copy of House Bill H.R.5522.
  6. dmca.pdf: Skim. A synopsis of the Digital Millennium Copyright Act
  7. DMCA_leg.pdf: Skim. A copy of House Bill H.R.5544.
  8. cslaw.txt: Skim. An article about computer security and the law.
  9. hansen.txt: hansen.doc (easier to print) Read. An article entitled "Legal Issues, A Site Manager's Nightmare"
  10. Title 18, Part I, Chapter 47, Section 1030.txt: Read. The U.S. Code that covers computer "fraud and related activity".

Watch your reading time, what is it that the instructor for this course wants you to get out of these papers?

How would you summarize what you learned from the readings? How does it relate to what you already know about security? What other articles/books have you found that would support your general conclusions on this aspect of security?


Policies, Procedures, Training, Risk Management


Certifications, secure architecture, secure software

Readings:

  1. Common criteria: Skim. Folder containing common criteria documentation
  2. Rainbow series: Skim, especially orange & red. Folder containing rainbow series
  3. chwall.pdf: Read. Paper – "The Chinese Wall Security Policy"
  4. C-TR-79-91 integrity.pdf: Read. NCSC document "Integrity in Automated Information Systems"
  5. ia-cmmv2.pdf: Skim. "INFOSEC Assessment Capability Security Model"
  6. National Computer Systems Security Award Speech.htm: read. Denning's 1999 speech "The Limits of Formal Security Models"
  7. Phrack49_buffer overflows.txt: Skim. Article from Phrack "Smashing the Stack for Fun and Profit"
  8. Products_PC_100802.pdf: Skim. NIST publication "Guide to Selecting Information Technology Security Products"
  9. Sp800-33.pdf: read. NIST publication "Underlying Technical Models for Information Technology Security"

Watch your reading time, what is it that the instructor for this course wants you to get out of these papers?

What are some of the security certifications that a person can obtain? What are the requirements? What is the value of these certifications?

We have readings from the Common Criteria and the Rainbow Series, is there another product certification route that a vendor can take to have their product "certified"?

What is the purpose of a security policy or security model?

How would you summarize what you learned from the readings? How does it relate to what you already know about security? What other articles/books have you found that would support your general conclusions on this aspect of security?


Authentication, Access control


Information Hiding

Readings:

  1. 800-2.txt: Skim. "Public Key Cryptography", NIST Pub 800-2.
  2. COBdraft.pdf: Skim: "Requirements for Key Recovery Products"
  3. content.pdf: Read. "Information Hiding To Foil The Casual Counterfeiter", Daniel Gruhl and Walter Bender, 1998.
  4. detectsteg1.pdf.: Skim. "Detecting Steganographic Content on the Internet", Provos and Honeyman
  5. detsteg1.pdf: Skim. "Detecting Steganographic Messages in Digital Images", Farid.
  6. r2026.pdf: Read. "Exploring Steganography: Seeing the Unseen", Johnson and Jajodia, Computer, Feb 1998.
  7. soft_tempest.pdf: Skim. "Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations", Kuhn and Anderson.
  8. sp800-32.pdf: Skim. "Introduction to Public Key Technology and the Federal PKI Infrastructure", NIST special Pub 800-32.
  9. Steganalysis of Images Using Created Using Current Steganography Software.pdf: Skim. By Johnson and Jajodia.
  10. vpn.pdf: Skim. "Understanding Virtual Private Networking" from Adtran.
  11. vpn2.pdf: Read. "What is a VPN", Ferguson
  12. 01203220.pdf: Read. "Hide and Seek: An Introduction to Steganography", Provos and Honeyman.
  13. Information hiding a survey.pdf. Read. "Information Hiding -A Survey", Petitcolas, Anderson, and Kuhn
  14. steganalysis01.pdf. Read: "Practical Steganalysis of Digital Images – State of the Art", Fridrich and Goljan.
  15. ih98-attacks.pdf Skim: "Attacks on Copyright Marking Systems", Fabien A.P. Petitcolas, Ross J. Anderson, and Markus G. Kuhn

Watch your reading time, what is it that the instructor for this course wants you to get out of these papers?

Make sure you understand the difference between public and private key cryptography.

Understand the role of PKI. How difficult is it to create a PKI?

Understand what a VPN is.

Understand steganography, steganalysis. How would you conduct steganalysis in real-time? What is the real threat from steganography? Who needs to be concerned? What are valid uses of this technology (i.e. watermarking)?

How would you summarize what you learned from the readings? How does it relate to what you already know about security? What other articles/books have you found that would support your general conclusions on this aspect of security?


Network Security, firewalls


Telecomm Security, modems, Wireless

Readings:

  1. Aberdeen.pdf: Read. "Safeguarding Conjoined Networks with Telephony Firewalls", Executive Whitepaper from Aberdeen
  2. NIST-sp_800-48.pdf: Skim: NIST special pub (also have copy of draft version), "Wireless Network Security"
  3. itdec_voip.pdf: Glance at. "Converged Networks" IT Decision Series.
  4. NCS_security_assessment_guidelines_version1_sep00.pdf: Take a good look at. Sept 2000 document from the NCS "Public Switched Network Security Assessment Guidelines"
  5. securing broadband docsis.pdf : glance at. "A Guide to Securing Broadband Cable Networks: DOCSIS Security" From techguide.com.
  6. sp800-24pbx.pdf: take a good look at. NIST Special pub 800-24 "PBX Vulnerability Analysis"
  7. sp800-46.pdf: skim. NIST Special Pub 800-46 "Security for Telecommuting and Broadband Communications"
  8. The_trivial_Cisco_IP_phones_compromise.pdf: read. "The Trivial Cisco IP Phones Compromise", by Ofir Arkin.
  9. war driving by the bay.doc: read. "War Driving By The Bay" SecurityFocus article by Kevin Poulsen
  10. warchalking0_9.pdf: Read, print, and keep in your wallet at all times for when you need it. "WarChalking" card.

Watch your reading time, what is it that the instructor for this course wants you to get out of these papers?

Understand the issues with "conjoined" networks (what the heck is a "conjoined network supposed to be, anyway?). What are the problems with modems? Why can't you just wardial the problem away?

What are the issues with broadband security?

Understand the possible security problems with PBX's?

And let us not forget the problems with wireless.

With all of these problems, is it worth it or should we just buy a sailboat and take off?

How would you summarize what you learned from the readings? How does it relate to what you already know about security? What other articles/books have you found that would support your general conclusions on this aspect of security?


Malicious Software

Readings:

  1. C1-TR-001.pdf: Read. "Computer Viruses: Prevention, Detection, and Treatment"
  2. codred.pdf: read: "Code-Read: A case study on the spread of an Internet worm"
  3. Experiments with computer viruses.txt: Read: Fred Cohen's article. Read this one and see what you can find out there that he has also written about viruses.
  4. GOA-rpt.txt: Skim"Virus Highlights Need for improved Internet Management ".
  5. page_worm.txt: Read. "A Report on the Internet Worm"
  6. slammer.pdf : read. "Analysis of the SQL Slammer worm and its effects on Indiana University and related institutions".
  7. spaf-IWorm-paper-CCR.pdf: Read. "The Internet Worm Program: An Analysis"
  8. spaf-IWorm-paper-ESEC.pdf: Read. "The Internet Worm Incident"
  9. TechTV The Morris Worm.txt: read. "The Morris Worm: What Have We Learned in a Decade?" by Ira Winkler.
  10. The Spread of the Sapphire/Slammer Worm: skim. An article from the web "The Spread of the Sapphire/Slammer Worm"
  11. The_worm_before_XMAS_ryhme.txt: Read, humorous.
  12. With microscope and Tweezers Chronology.txt: Skim: "With microscope and Tweezers Chronology"
  13. I've included a few other interesting articles, skim and see what you think.

Watch your reading time, what is it that the instructor for this course wants you to get out of these papers?

Can there be such a thing as a benevolent or beneficial worm?

What are the "ethics of writing a virus"?

How have viruses/worms evolved over the years? What are the different types of Malicious SW?

How destructive are worms/viruses (or how destructive can they be)? Are current penalties sufficient for the level of damage they cause? What about in Morris' case?

How would you summarize what you learned from the readings? How does it relate to what you already know about security? What other articles/books have you found that would support your general conclusions on this aspect of security?


Incident Response, DRP, BCP

Readings:

  1. 100874.pdf: Read. "Disaster Recovery Plans and Systems are Essential" from Gartner.
  2. 800-3.pdf: skim: "Establishing a Computer Security Incident Response Capability (CSIRC)" NIST pub.
  3. bcpg.pdf: skim: "Business Continuity Planning Guidelines" from TX DIR.
  4. berferd.pdf: read: A Classic – "An Evening with Berferd in which a cracker is lured, endured, and studied" by Cheswick.
  5. certresp.pdf: Read. "Computer Emergency Response – An International Problem" by Rich Pethia.
  6. CSIRT.pdf : skim. "Handbook for Computer Security Incident Response Teams (CSIRTs)" from CMU.
  7. dragon.pdf: Read. Another Classic – "There Be Dragons" by Bellovin
  8. form-irt.pdf: skim. "Forming an Incident Response Team"
  9. No Stone Unturned.doc: read. "No Stone Unturned" by H. Carvey at Securityfocus.
  10. sp800-34.pdf: skim. NIST pub "Contingency Planning Guide for Information Technology Systems"

Watch your reading time, what is it that the instructor for this course wants you to get out of these papers?

What's the difference between a CERT and a CIRT and a CSIRT? Is there a difference?

So, ok, we're all convinced now that organizations should have CSIRTs (or whatever you want to call them), but who does this organization communicate with? Should there be a city/county CERT? What about a state CERT? What are the responsibilities for these organizations if you create them? How does this all work? Oh, and let us not forget, but how do they get funded?

What's a BIA and what role does it play in all of this?

What's the difference between a DRP and a BCP?

How would you summarize what you learned from the readings? How does it relate to what you already know about security? What other articles/books have you found that would support your general conclusions on this aspect of security?


Computer Crime and Forensics

Readings:

  1. computer_crime.pdf: Skim Carefully. "Computer Crime: A Joint Report" from State of New Jersey
  2. CyberCrime.pdf: read: "Cybercrime and Punishment" Pub from Industry.
  3. forensics.pdf: read: "An Analysis of a Compromised Honeynet".
  4. Riptech_Internet_Security_Threat_Report_VII.20020708.pdf: read: "Riptech Internet Security Threat Report: Attack Trends for Q1 and Q2 of 2002"
  5. Symantec_Internet_Security_Threat_Report.vIII20030201.pdf: Read. "Symantec Internet Security Threat Report: Attack Trends for Q3 and Q4 2002"

6-10. Each of you find an article on the subject and bring it with you to discuss.

Watch your reading time, what is it that the instructor for this course wants you to get out of these papers?

What are the trends in computer crime?

What is the purpose of a Honeynet? Good idea? Bad idea?

What wonderful thing did you find out about cybercrime?

How would you summarize what you learned from the readings? How does it relate to what you already know about security? What other articles/books have you found that would support your general conclusions on this aspect of security?


Regulations

Readings:

  1. 03-3877.pdf: Skim Carefully the applicable parts. "Health Insurance Reform: Security Standards; Final Rule" from the Federal Register
  2. draft-fips-pub-199.pdf: read: "Standards for Security Categorization of Federal Information and Information Systems".
  3. draft-sp800-53.pdf: skim: "Recommended Security Controls for Federal Information Systems" from NIST.
  4. GLB_provisions.txt: read: "Gramm-Leach-Bliley Summary of Provisions "
  5. GLB_titleV_privacy.pdf: Read. "TITLE-V Privacy" From GLB legislation
  6. pwc_SOWP3.pdf: Read: "The Sarbanes-Oxley Act of 2002" from PWC
  7. sarbanesoxley072302.pdf: skim: The Sarbanes-Oxley Act.
  8. sb1386.txt: read: "BILL NUMBER: SB 1386"
  9. SO_Overview_final.pdf: Skim: "Navigating the Sarbanes-Oxley Act of 2202" From PWC
  10. tx_chapter323_legislative council.txt: read: "§ 323.015. Computer Security; Penalty"
  11. tx_chapter33_computercrimes.txt: read: "CHAPTER 33. COMPUTER CRIMES"

Watch your reading time, what is it that the instructor for this course wants you to get out of these papers?

What does each of the pieces of legislation included in the readings cover?

What is your opinion on the standards and recommended security controls for federal information systems?

What do you feel will be the impact NATIONALLY for CA SB 1386?

How would you summarize what you learned from the readings? How does it relate to what you already know about security? What other articles/books have you found that would support your general conclusions on this aspect of security?


ROI Issues and Security

  1. Cyberinsecurity.pdf
  2. Internetbanking.pdf
  3. Issecurity_roi_dwnld.pdf
  4. Memorial_Hermann_Case_Study_051601.pdf
  5. Treatise on Internet Security.pdf