BSc: Fundamentals of Computer Security

From IU
Revision as of 23:48, 19 October 2021 by S.seytnazarov (talk | contribs) (Created page with "= Fundamentals of Computer Security = * <span>'''Course name:'''</span> Fundamentals of Computer Security * <span>'''Course number:'''</span> XYZ * <span>'''Knowledge area:''...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Fundamentals of Computer Security

  • Course name: Fundamentals of Computer Security
  • Course number: XYZ
  • Knowledge area: xxx

Course characteristics

Key concepts of the class

What is the purpose of this course?

Course Objectives Based on Bloom’s Taxonomy

What should a student remember at the end of the course?

By the end of the course, the students should be able to recognize and define

What should a student be able to understand at the end of the course?

By the end of the course, the students should be able to describe and explain (with examples)

What should a student be able to apply at the end of the course?

By the end of the course, the students should be able to apply

Course evaluation

Course grade breakdown
Component Points
Laboratory assignments 55%
Final exam 35%
Attendance 10%

Important: In order to successfully finish the course, the student is required to score at least 50% in final exam.

Grades range

Course grading range
A. Excellent 90-100
B. Good 75-89
C. Satisfactory 60-74
D. Poor 0-59

Resources and reference material

  • Textbook:

Course Sections

The course is organized in 8 weeks, with every weeks 4 academics hours of lectures and 4 academic hours of tutorials/labs. The main sections of the course and approximate hour distribution between them is as follows:

Course Sections
Section Section Title Teaching Hours
1 Computer security technology and principles 12
2 Software and system security 24
3 Cryptographic algorithms 24

Section 1: Introduction to subject, computer networks basics, transport layer protocols, and socket programming

Topics covered in this section

  • General introduction to the course
  • Computer networks basic
  • Socket programming
  • UDP socket programming
  • TCP socket programming

What forms of evaluation were used to test students’ performance in this section?

Yes/No
Development of individual parts of software product code 1
Homework and group projects 1
Midterm evaluation 0
Testing (written or computer based) 1
Reports 0
Essays 0
Oral polls 1
Discussions 1


Typical questions for ongoing performance evaluation within this section

  1. What are the distributed systems?
  2. Give an example of distributed systems.
  3. What are the advantages of layered architecture?
  4. What are the roles of transport protocols?
  5. How the TCP and UDP differ from each other? When one is preferred over the other?
  6. What is socket programming?
  7. How socket programming is different for UDP and TCP?

Typical questions for seminar classes (labs) within this section

  1. Write a simple UDP/TCP client-server echo program
  2. Write a simple chatting program using UDP/TCP sockets
  3. Given the simple echo server program, apply socket timeouts and catch timeout exceptions
  4. Write a UDP-based reliable file transfer protocol
  5. Write a program that parallelly executes the CPU-bound tasks using multiple processes

Test questions for final assessment in this section

  1. Describe an advantage of layered architecture?
  2. Describe the differences between TCP and UDP protocols?
  3. Provide examples when using UDP can be more reasonable than TCP?
  4. Describe how UDP and TCP socket programming differ from each other?

Section 2: Multithreaded socket programming, RPCs, and distributed system architecture

Topics covered in this section

  • Multithreading and multithreaded socket programming
  • Remote procedure calls (RPCs)
  • Distributed system architectures

What forms of evaluation were used to test students’ performance in this section?

Yes/No
Development of individual parts of software product code 1
Homework and group projects 1
Midterm evaluation 0
Testing (written or computer based) 1
Reports 0
Essays 0
Oral polls 1
Discussions 1


Typical questions for ongoing performance evaluation within this section

  1. How the threads differ from processes?
  2. What are the I/O and CPU-bound tasks?
  3. For what kind of tasks, using threads is preferred than using processes?
  4. What is a remote procedure call?
  5. What are some well-known distributed system architectures?
  6. Discuss the structured and unstructured decentralized architectures.

Typical questions for seminar classes (labs) within this section

  1. You have a list of large numbers, and you need to find if they are prime or not. Would you use multithreading, multiprocessing, or sequential programming in order to complete the task asap? Prove it in practice.
  2. You need to send multiple requests to a server and receive responses. Assume there is a few msecs of delay before you receive the response from the server. Would you use multithreading, multiprocessing, or sequential programming in order to complete the task asap? Prove it in practice. (Order of the requests/responses doesn't matter)
  3. Discuss two ways of creating the threads using threading module in Python: 1) passing the worker function as a target, 2) subclassing the Thread class
  4. Given the function implemented locally, make it available to be called through RPC from remote process? Use xmlRPC.

Test questions for final assessment in this section

  1. Discuss the differences between the threads and processes.
  2. What is the Race condition?
  3. Discuss the ways to protect the shared data from the race condition
  4. You're given the worker function that just sleeps for a second and quits, implement the same behavior in a subclass of the Thread.
  5. Discuss the RPC and its advantages over using the low-level socket programming?
  6. Discuss the decentralized architecture: structured and unstructured p2p systems.

Section 3: Coordination, consistency, and replication in distributed systems

Topics covered in this section

  • Clock synchronization algorithms (NTP, Berkeley)
  • Logical clock (Lamport clocks)
  • Mutual exclusion algorithms: permission-based, token-based
  • Election algorithms: Bully, Ring
  • Consistency models
  • Replica management
  • Consistency protocols

What forms of evaluation were used to test students’ performance in this section?

Yes/No
Development of individual parts of software product code 1
Homework and group projects 1
Midterm evaluation 0
Testing (written or computer based) 1
Reports 0
Essays 0
Oral polls 1
Discussions 1


Typical questions for ongoing performance evaluation within this section

  1. How NTP protocol works?
  2. How Berkeley protocol works?
  3. Discuss the mutual exclusion algorithms.
  4. Discuss the permanent and server-initiated replicas and their difference
  5. Explain the Primary-backup protocol.

Typical questions for seminar classes (labs) within this section

  1. Given three machines with drifting clocks, adjust their clocks using Berkeley algorithm.
  2. Explain how Bully algorithm for election works
  3. Explain how Ring algorithm for election works
  4. Explain the centralized (permission-based) method of mutual exclusion

Test questions for final assessment in this section

  1. Discuss NTP and Berkeley protocols for synchronization and explain their key difference
  2. Discuss permission-based and token-based solution for mutual exclusion.
  3. Discuss content replication: permanent, server-initiated, and client-initiated replicas.
  4. Explain the Primary-backup protocol, its advantages and disadvantages.

Section 4: Fault tolerance and security in distributed systems

Topics covered in this section

  • Intro to fault tolerance: Failure models, Failure masking by redundancy
  • Process resilience: process groups, process replication, consensus in faulty systems, failure detection
  • Reliable group communication: atomic multicast,
  • Distributed commit
  • Recovery: checkpointing
  • Intro to security: threats, design issues, cryptography
  • Secure channels: authentication, message integrity and confidentiality, secure group communication
  • Access control: general issues, firewalls, secure mobile code, denial of service
  • Secure naming
  • Security management: Key management, secure group management, authorization management

What forms of evaluation were used to test students’ performance in this section?

Yes/No
Development of individual parts of software product code 1
Homework and group projects 1
Midterm evaluation 0
Testing (written or computer based) 1
Reports 0
Essays 0
Oral polls 1
Discussions 1


Typical questions for ongoing performance evaluation within this section

  1. Discuss the failure models
  2. Discuss different failure masking techniques by redundancy
  3. What is k-fault tolerant group?
  4. What is general model of failure detection?
  5. Explain basic reliable multicasting
  6. Explain what is authentication
  7. Explain what are message confidentiality and integrity

Typical questions for seminar classes (labs) within this section

  1. Same as above

Test questions for final assessment in this section

  1. Same as above