Information Security and Computer Systems: An Integrated Approach - PowerPoint PPT Presentation

About This Presentation
Title:

Information Security and Computer Systems: An Integrated Approach

Description:

Order them with new names. Information Security I and II. Internet Protocols co-req first ... Remote Procedure Call/Remote Method Invoc. Web services ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 26
Provided by: paws3
Learn more at: https://paws.wcu.edu
Category:

less

Transcript and Presenter's Notes

Title: Information Security and Computer Systems: An Integrated Approach


1
Information Security and Computer Systems An
Integrated Approach
  • Mark A. Holliday and Bill Kreahling,
  • Dept of Mathematics and Computer Science
  • Western Carolina University

2
Acknowledgements
  • Thank-you for financial support from
  • Software Producibility, Office of Naval Research,
    Award N000140510817, 2005-2006.

3
Overview
  • Motivations for Change
  • Guidelines ACM, IEEE-CS, ABET-CAC
  • New Curriculum Framework
  • Initial Information Security Option
  • Final Information Security Option
  • InfoSec I and Internet Protocols
  • InfoSec II and Operating Systems
  • Conclusions

4
Motivations for Change
  • Issue How to create a prominent role for
    Information Security in
  • a B.S. in Computer Science curriculum
  • consistent with ACM/IEEE-CS/ABET-CAC guidelines
  • a small computer science program
  • a way that shows the close connection to computer
    systems
  • Result One Design and Rationale

5
Motivations for Change
  • Why?
  • Information security is of increasing importance
  • Want to reinforce the computer systems courses
    and the information security courses by showing
    their interconnections
  • Goal is technical insight, not technical skill
    per se
  • Want to provide the students more choices
  • in a way that organizes those choices into
    coherent themes

6
Motivations for Change
  • Additional constraints
  • Must be consistent with curriculum guidelines for
    a B.S. in Computer Science degree
  • Must be feasible for a small computer science
    program (70 majors 10-15 graduates per year)
  • We present one design and its rationale that
    meets these constraints

7
Guidelines ACM, IEEE-CS, ABET-CAC
  • 2001 ACM/IEEE Computer Society Curriculum
    Guidelines for Computer Science
  • Encourages a small core combined with options
  • Body of Knowledge (BoK)
  • Subset of BoK that should be in any computer
    science curriculum

8
Guidelines ACM, IEEE-CS, ABET-CAC
  • ABET-CAC (Computing Accreditation Commission)
    Accreditation Criteria
  • IV-6. The core materials must provide basic
    coverage of algorithms, data structures, software
    design, concepts of programming languages, and
    computer organization and architecture.

9
(No Transcript)
10
New Curriculum Framework The Options
  • How many courses and how many prerequisites?
  • Ideal
  • Many courses in an option to cover the area well
  • Student must have completed all of the courses in
    the core (with at least a grade of C)

11
New Curriculum Framework The Options
  • Reality
  • Degree needs to be 120 credit hours
  • 54 credit hours of Liberal Studies and General
    Electives
  • Student must be able to graduate in four years
    (assuming satisfactory progress)
  • 22 Transfer students with an A.S. degree should
    be able to graduate in two years

12
New Curriculum Framework The Options
  • Compromise
  • Major has 40 hours of CS courses and 31 hours of
    Mathematics and Sciences
  • CS Core is 25 hours
  • Options are 15 hours (5 courses of 3 credit
    hours)
  • Option courses have as prerequisites
  • second programming course (our CS2, locally
    CS151)
  • our intro to computer systems course (for most
    option courses)

13
New Curriculum Framework The Options
  • Three Options
  • Computer Systems
  • Information Security
  • Custom
  • All options allow at least one free choice
  • Recall goal of more student choices
  • gt at most four required courses in an option

14
Initial Information Security Option
  • Two key computer systems courses
  • Operating Systems and Internet Protocols
  • Pair each with an information security course
    that covers the corresponding security issues
  • Operating Systems gt Computer Security
  • Internet Protocols gt Internet Security
  • The two pairs are independent

15
(No Transcript)
16
Final Information Security Option
  • Independence does not work because so many topics
    build on cryptography and its security uses
  • Solution
  • Order them with new names
  • Information Security I and II
  • Internet Protocols co-req first
  • Since cryptographic applications are more
    naturally developed for internet security

17
(No Transcript)
18
InfoSec I and Internet Protocols
  • Example Cross-Connections
  • InfoSec I authentication and example attacks
  • Internet Protocols TCP connection establishment
    handshake
  • 3-way, random start sequence numbers, including
    random start sequence number for the other side

19
InfoSec I and Internet Protocols
  • Example Cross-Connections
  • InfoSec I message integrity and non-repudiation
  • gtDigital signatures and message digests
  • gt Hash functions
  • Internet Protocols hash functions for error
    detection
  • Checksums in UDP, TCP, and IP
  • Cyclic Redundancy Check in Ethernet

20
InfoSec I and Internet Protocols
  • Example Cross-Connections
  • InfoSec I trusted intermediaries, key
    distribution, and certification
  • Internet Protocols development of IPC
    (Inter-Process Communication)
  • Sockets
  • Remote Procedure Call/Remote Method Invoc.
  • Web services
  • Grid computing (Globus, SimpleCA certificate
    authority)

21
InfoSec I and Internet Protocols
  • Example Cross-Connections
  • InfoSec I firewalls and packet filtering rules
  • Internet Protocols IP routing tables and key
    packet header fields
  • IP addresses
  • UDP/TCP source and destination ports
  • ICMP message type
  • Other TCP header bits SYN and ACK

22
InfoSec II and Operating Systems
  • Example Cross-Connections
  • InfoSec II process address space
    vulnerabilities
  • Operating Systems segment protection (read-only
    versus read-write), stack overflow, memory
    management protection features (segmentation
    faults during address translation)

23
InfoSec II and Operating Systems
  • Example Cross-Connections
  • InfoSec II program vulnerabilities, buffer
    overflows and software reverse engineering
  • Operating Systems assembly language, code
    analysis, automatic bounds checking

24
InfoSec II and Operating Systems
  • Example Cross-Connections
  • InfoSec II system vulnerabilities
  • Operating Systems
  • trapping to the kernel (PSW and Interrupt Vector
    Table) and changing from user mode to kernel mode
    (not allowed machine instructions)
  • access control, file permission modes, setuid bit

25
Conclusions
  • Issue How to create a prominent role for
    Information Security in
  • a B.S. in Computer Science curriculum
  • consistent with ACM/IEEE-CS/ABET-CAC guidelines
  • a small computer science program
  • in a way that shows the close connection to
    computer systems
  • Result One Design and Rationale
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Information Security and Computer Systems: An Integrated Approach" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!