Arizona State University

1
Arizona State University CSE 465 Information
Assurance CSE591 Information Assurance and
Security Overview Professor Stephen S.
Yau Fall, 2006
2
Information Assurance

• Information Assurance (IA) encompasses the
  scientific, technical, and management disciplines
  required to ensure information security and
  quality.
• Security techniques as well as organization,
  operation management and policy, legality, all
  play important roles.
• Information quality also contributes to the
  overall information assurance of the information
  systems and networks.

3
National IA Program

• The National Centers of Academic Excellence in
  Information Assurance Education (CAEIAE) Program
  is an outreach program designed and operated
  initially by the National Security Agency (NSA)
  in the spirit of Presidential Decision Directive
  63, National Policy on Critical Infrastructure
  Protection, May 1998.
• The program is now jointly sponsored by the NSA
  and the Department of Homeland Security (DHS) in
  support of the President's National Strategy to
  Secure Cyberspace, February 2003.
• The goal of the program is to reduce
  vulnerability in our national information
  infrastructure by promoting higher education in
  information assurance (IA), and producing a
  growing number of professionals with IA expertise
  in various disciplines.

4
CAEIAE Program (Cont.)

• In order to be designated as a National Center of
  Academic Excellence in IA Education (CAEIAE),
  each applicant must pass a rigorous review
  demonstrating its commitment to and capability
  for academic excellence in IA education.
• Prerequisite IA courseware must be certified
  under the IA Courseware Evaluation Program as
  meeting the Committee on National Security
  Systems (CNSS) Training Standards.
• NSTISSI 4011 Information Systems Security
  (INFOSEC) Professionals
• CNSSI 4012 Senior Systems Managers
• CNSSI 4013 System Administrators (SA)
• CNSSI 4014 Information Systems Security Officers
• NSTISSI 4015 System Certifiers
• CNSSI 4016 Risk Analyst
• Additional standards are currently being
  developed
• Specifically, certification for Standard 4011 is
  required, and certification of at least one of
  the CNSS Training Standards (4012, 4013, 4014,
  4015 or subsequent standards) is required.

5
CAEIAE Evaluation Criteria

• Criteria 1 Partnerships in IA Education
• Criteria 2 IA Treated as a Multidisciplinary
  Science
• Criteria 3 University Encourages the Practice of
  IA
• Criteria 4 Academic Program Encourages Research
  in IA
• Criteria 5 IA Curriculum Reaches Beyond
  Geographic Borders
• Criteria 6 Faculty Active in IA Practice
  Research Contribute to IA Literature
• Criteria 7 State-of-the-Art IA Resources
• Criteria 8 Declared Concentrations
• Criteria 9 Declared Center for IA Education or
  Research
• Criteria 10 Full-time IA Faculty

6
Benefits from CAEIAE Program

• CAEIAEs receive formal recognition from the U.S.
  government, as well as opportunities for prestige
  and publicity, for their role in securing our
  nation's information systems.
• Students attending CAEIAE schools are eligible to
  apply for scholarships and grants through
• The Department of Defense (DoD) Information
  Assurance Scholarship Program
• The Federal Cyber Service Scholarship for Service
  Program (SFS) operated by National Science
  Foundation (NSF)

7
CAEIAE Application Progress at ASU

• Our courseware has been certified as meeting both
  NSTISSI-4011 and CNSSI-4012 standards
• CSE 465 or CSE 491 covers 151 out of 256
  information items required in NSTISSI-4011
  standard and 171 out of 204 information items
  required in CNSSI-4012 standard.
• Three information assurance concentration
  programs have been established in the Computer
  Science major for the B.S., M.S., and Ph.D.
  degree programs

8
Concentration in B.S. in CS

• A minimum of 15 credits in Information Assurance
  and related areas as technical electives in the
  curriculum of B.S. degree in Computer Science
• The students must take the following four
  courses
• CSE465 Introduction to Information Assurance
• CSE466 Computer System Security
• CSE 467 Data and Information Security
• CSE 468 Network Security
• The students must take at least one of the
  following six courses
• CSE412 Database Management
• CSE434 Computer Networks
• CSE 460 Software Analysis and Design
• CSE 463 Introduction to Human Computer
  Interactions
• CSE 471 Introduction to Artificial Intelligence
• B.S. Degree capstone courses
• The capstone project must have a major portion of
  the content in the Information Assurance area

9
Concentration in M.S. in CS

• The M.S. degree requires 30 credit hours 24
  credits for coursework and 6 hours of
  thesis/research credit. The IA concentration
  requires
• At least 9 course credits are taken from the IA
  core courses
• CSE539 Applied Cryptography
• CSE543 Information Assurance and Security
  (offered as 591 for Fall06)
• CSE545 Software Security (offered as 591 in
  Spring06)
• CSE548 Advanced Computer Network Security
  (offered as 591 in Spring06)
• At least another 9 course credits are taken from
  the IA elective courses
• CSE466/598 Computer Systems Security
• CSE467/598 Data and Information Security
• CSE531 Distributed and Multi-Processor Operating
  Systems
• CSE534 Advanced Computer Networks
• CSE565 Software Verification, Validation and
  Testing
• M.S. thesis must have a major portion of the
  content in IA area
• At least 3 credit hours of CSE592 Research
• At least 3 credit hours of CSE599 Thesis

10
Concentration in Ph.D. in CS

• The Ph.D. degree currently requires 54 credit
  hours beyond the M.S. degree 30 credits for
  coursework and 24 credit hours of thesis/research
  credit. The IA concentration requires
• At least 12 course credits are taken from the IA
  core courses
• CSE539 Applied Cryptography
• CSE543 Information Assurance and Security
  (offered as 591 for Fall06)
• CSE545 Software Security
• CSE548 Advanced Computer Network Security
• At least another 6 course credits are taken from
  the IA elective courses
• CSE412/598 Database Systems
• CSE460/598 Software Analysis and Design
• CSE466/598 Computer Systems Security
• CSE467/598 Data and Information Security
• CSE468/598 Computer Network Security
• CSE512 Distributed Database Systems
• CSE531 Distributed and Multi-Processor Operating
  Systems
• CSE534 Advanced Computer Networks
• CSE561 Modeling and Simulation Theory and
  Applications
• CSE565 Software Verification, Validation and
  Testing
• CSE571 Artificial Intelligence
• CSE572 Data Mining

11
Arizona State University CSE 465 Information
Assurance CSE591 Information Assurance and
Security Course Overview Professor Stephen S.
Yau
12
Course Overview

• CSE 465 and CSE 591 are the entry course of our
  IA concentration programs at the undergraduate
  and graduate levels, respectively.
• The objective of these two courses is to provide
  students with a basic and comprehensive
  understanding of the problems of information
  assurance (IA) and the solutions to these
  problems.
• CSE 591 will cover more than CSE 465 on security
  concerns, IA research topics, as well as using
  selected techniques to deal with security
  problems of various information systems.

13
Course Description

• Basic Concepts and Techniques
• Overview of information assurance textbook1-
  ch1.1, ch17.1, textbook2-ch1.1,18.1
• Security attacks, threats and vulnerabilities
  textbook1- ch1.2, ch19.3-4, ch20.1-3,
  textbook2-ch1.2, 22.2-4, 23.1-3
• Security strategies
• Authentication protocols and access control
  textbook1- ch4.4, 7.3-4, 11, 14, textbook2-ch12,
  15
• Evaluation and architecture of classified data
  textbook1-ch18, textbook2-ch21
• Intrusion detection textbook1- ch22,
  textbook2-ch25
• Firewall textbook1-ch23.3
• Password, personnel security and accreditation
  textbook1-ch1.7, ch11.2, ch13 textbook2- ch8,
  12.2
• Virus detection and removal texbook1-ch19,
  textbook2-ch22
• Cryptography and Steganography textbook1- ch8,
  9, 10.3. textbook2- ch9,10, 11.3
• Countermeasures

14
Course Description (cont.)

• IA Policy, Management, Legal and Ethical Issues
• Information assurance policy textbook1-ch4,
  textbook2-part3
• Security audits and accident responses
  textbook1-ch21, textbook-ch24
• Managing security projects textbook1-ch17.2,
  ch26, textbook2-ch29
• Security requirements engineering
  textbook1-ch17.1
• Security assessments and evaluation
  textbook1-ch18, textbook-ch21
• Risk analysis and management related to
  information assurance operations
• Legal and ethical issues associated with privacy
  and forensics
• Case Studies
• National and corporation information assurance
  policy case study

15
Course Prerequisites

• Knowledge of information systems, computer
  networks and their operations, and have taken one
  of the two following courses or their equivalent
• CSE360 Introduction to Software Engineering
• IEE305 Information Systems Engineering

16
Other Course Information

• Line numbers 22780(CSE465)/04687(CSE591)
• Class Schedule
• MW 440 555 p.m.
• Instructor Professor Stephen S. Yau
• E-mail yau_at_asu.edu
• Office Room BY 488
• Office hours MW 300 345 p.m. and 605 635
  p.m.
• TA Haishan Gong
• E-mail Haishan.Gong_at_asu.edu
• Office Room BY 468 DA
• Office hours MW 230 345 p.m.

17
Other Course Information (cont.)

• Textbooks
• For undergraduate
• Matt Bishop, Introduction to Computer Security,
  Addison- Wesley, 2004, ISBN 0321247442
• For graduate
• Matt Bishop, Computer Security Art and Science,
  Addison- Wesley, 2002, ISBN 0201440997
• Other reading material Papers and reference
  books
• Evaluation
• Home work 20
• Examinations 35
• Course project 45

18
Course Project

• Initial project proposal in electronic format due
  for approval no later than Wednesday, September
  6, 2006
• Finalizing project title and description by
  September 25, 2006
• Project interim progress report Monday, October
  16, 2006
• Written project reports
• -- The electronic format must be received by
  300 p.m. at least two working days prior to
  presentation. The report will be posted on the
  course website.
• Length 35 to 60 pages for each project with 12
  point font size and 1.5 lines spacing
• Presentations
• 30 minutes per presentation per project
• Presentation material (slides) submitted in
  electronic format by 300 p.m. at least one
  working day prior to the presentation date.

19
Course Web Address

• CSE465
• http//enpub.fulton.asu.edu/iacdev/
• courses/CSE465/Fall2006/home.html
• CSE591
• http//enpub.fulton.asu.edu/iacdev/courses/CSE591i
  /fall2006/home.html