| Course Code: CS3104 Course Name: Security in Computing Prerequisites: NIL Syllabus: Foundational Concepts: Fundamental Goals of Security, CIA Triad, Threat Modeling Security Attacks; Encryption and Decryption (symmetric key and public key), cryptographic hashing, digital signatures, trust architecture, message authentication; User authentication schemes (password, biometric, OTP, Captcha etc); Entity authentication and key establishment, Key sharing mechanisms (e.g. DH), password-authenticated key exchange (e.g. EKE, SPEKE); OS Security: Memory Protection, unauthorized memory access, security measures in memory and file access, object permissions, access control models - ACL, file-based and role-based, kernel security, protection rings, system call filtering, Secure boot and hardware-based root of trust; Software Security: Data type vulnerabilities, unintentional program oversights, buffer overflow (stack and heap), malware (viruses, worms, Trojans, rootkit), ransomware and botnets, countermeasures, sandboxing. Database Security: SQL Injection Attacks, Database Access Control, Inference, Data Masking and Encryption; Web and Internet Security: Certificates, CA/PKI architecture, public key distribution, Cookies and DOM, Malicious scripts, XSS, Man-in-the middle attacks, DDOS attacks, Privacy concepts, Anonymous browsing, Sniffers and Scanners, Intrusion detection. Texts: 1. Paul C. van Oorschot, Computer Security and the Internet, Springer, Ed. 2nd , 2021. https://people.scs.carleton.ca/~paulv/toolsjewels.html 2. William Stallings and Lawrie Brown, Computer Security: Principles and Practice, Pearson India, Ed. 5th, 2024. 3. Charles P. Pfleeger, Shari Lawrence Pfleeger, and Jonathan Margulies, Security in Computing, Pearson, Ed. 6, 2023. |