Information Assurance Design
CIS 123: Data Structures
Overview:
Suggested Time: 3 class periods
Course Length: 3 Hours Pre-Requisite : CIS 105
Target Audience
|
Levels |
Disciplines |
||
|
CS |
|
CIS |
|
|
Undergraduate |
x |
|
x |
|
Graduate |
|
|
|
Description: This course introduces students
to the concepts of Information Assurance as it relates to Data Structures. It introduces students to secure
programming methods,
ethical issues in programming security, buffer overflows and their vulnerabilities, and
survivability in the context of computer security. Technically this course examines the general dimension of providing
security in software and data
architectures.
Objective(s): The primary purpose
of this course is to:
Goals/Outcome: The
students will be able to: ·
Understand
encapsulation - using classes and securing code against corruption. ·
Understand
modularity and it’s implementation in data hiding (modules should be
specified and designed so that information – procedure and data – contained
within a module is inaccessible to other modules that have no need for such
information) ·
Understand
data hiding as a design
criterion (because most data and procedure are hidden from other parts of
the software, inadvertent errors introduced during modification are less
likely to propagate to other locations within a software) ·
Understand
buffer overflows – what they are
and why they are considered to be vulnerable. ·
Understand survivability principles
Outline: ·
Secure
programs Ø
What is a
secure program? Ø
Unexpected
program behavior Ø
Types of
flaws o
validation
error (incomplete or inconsistent) o
domain
error o
serialization
and aliasing o
inadequate
identification and authentication o
boundary
condition violation o
other
exploitable logic errors ·
Controls
against program threats Ø
Developmental
Controls o
Modularity o
Encapsulation o
Information
Hiding o
Cohesion o
Coupling ·
Ethical
Issues in Computer Security Ø
Understanding
law and ethics Ø
Protection
of programs and data ·
Buffer
Overflows and Their Vulnerability Ø
What is a
buffer overflow? Ø
Why are
they vulnerable? Ø
What is a
Information Assurance Ø
Principle
1: Survivability is an enterprise-wide concern. Ø
Principle
2: Everything is data. Ø
Principle
3: Not all data is of equal value to the enterprise – risk must be managed.
Ø
Principle
4: Information assurance policy governs actions. Ø
Principle
7: Security Knowledge in Practice (SKiP) provides
a structured approach. Ø
Principle
8: The road map guides implementation choices (all technology is not
equal). Ø
Principle
9: Challenge assumptions to understand risk. Ø
Principle
10: Communication skill is critical to reach all constituencies. Suggested Assignments: References: ·
Buffer
Overflows: Attacks and Defenses for the Vulnerability of the Decade. Oregon Graduate Institute of Science
& Technology. ·
Hoffman,
Lance J. Modern Methods for Computer Security and Privacy. ·
Mader, Chris. Information
Systems: Technology, Economics, Application, and Management. ·
Pfleeger, Charles P. and ·
Shooman, Martin
L. Software Engineering: Design, Reliability, and Management.