Introduction - The University of Texas at Dallas

Download Report

Transcript Introduction - The University of Texas at Dallas 

Information Security Analytics
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
Course Outline
 May 27: Introduction to Security, Data and Applications Security
 June 3: Security Governance and Risks
 June 10: Architecture
 June 17: Access Control
 June 24: Cryptography
 July 1: Network Security
 July 8: Physical Security, Exam #1
 July 15: Applications Security
 July 22: Legal Aspects, Forensics
 July 29: Operations Security, Disaster Planning
Text Book
 CISSP All-in-One Exam Guide, Fifth Edition
 Author: Shon Harris
 Hardcover: 1216 pages
 Publisher: McGraw-Hill Osborne Media; 5 edition (January 15, 2010)
 Language: English
 ISBN-10: 0071602178
 ISBN-13: 978-0071602174
Course Rules
 Unless special permission is obtained from the instructor, each
student will work individually.
 Copying material from other sources will not be permitted unless the
source is properly referenced.
 Any student who plagiarizes from other sources will be reported to
the Computer Science department and any other committees as
advised by the department
 No copying of anything from a paper except for about 10 words in
quotes. No copying of figure even if it is attributed. You have to draw
all figures.
Course Plan
 Exam #1: 20 points – July 8, 2011
 Exam #2: 20 points - August 5, 2011 (Location: ECS South 2.415)
- ECSS 2.415
 Two term papers 10 points each: Total 20 points
- Term paper 1: Due July 1, 2011
- Term Paper 2: Due July 29, 2011
 Programming project : 20 points
- Due August 5 (new due date: August 10)
 Two Assignments: 10 points each: Total: 20 points
- Assignment #1: Due June 24, 2011
- Assignment #2: Due July 22, 2011
Assignment #1
 Explain with examples the following
- Discretionary access control
- Mandatory access control
- Role-based access control (RBAC)
- Privacy aware role based access control
- Temporal role based access control
- Risk aware role-based access control
- Attribute-based access control
- Usage control (UCON)
Term Paper #1
 Write paper on Identity Management for Cloud Computing
- Identity Management
- Cloud Computing security challenges
- Apply identity management to cloud computing
- Directions
Assignment #2
 Suppose you are give the assignment of the Chief Security Officer of
a major bank (e.g., Bank of America) or a Major hospital (e.g.,
Massachusetts General)
 Discuss the steps you need to take with respect to the following (you
need to keep the following in mining: Confidentiality, Integrity and
Availability;; you also need to understand the requirements of
banking or healthcare applications and the policies may be:
- Information classification
- Risk analysis
- Secure networks
- Secure data management
- Secure applications
Term Paper #2
 Write paper on any topic discussed in class (that is, any of the 10
CISSP modules)
Contact
 For more information please contact
- Dr. Bhavani Thuraisingham
- Professor of Computer Science and
- Director of Cyber Security Research Center Erik Jonsson School
of Engineering and Computer Science EC31, The University of
Texas at Dallas Richardson, TX 75080
- Phone: 972-883-4738
- Fax: 972-883-2399
- Email: [email protected]
- URL:
- http://www.utdallas.edu/~bxt043000/
Project
 Software
 Design document
- Project description
- Architecture (prefer with a picture) and description (software –
e.g., Oracle, Jena etc.)
- Results
- Analysis
- Potential improvements
- References
Paper: Original – you can use material from
sources, reword (redraw) and give reference
 Abstract
 Introduction
 Body of the paper
- Comparing different approaches and analyzing
- Discuss your approach,
- Survey
 Conclusions
 References
- ([1]. [2], - - -[THUR99].
- Embed the reference also within the text.
- E.g., Tim Berners Lee has defined the semantic web to be -[2].
--
Guide to the lectures for Exam #2
 Malware discussed in Lectures 2, 22, 23, 24, 25, 26 (2)
 Data and Applications Security : Lecture 11, 16, 17 (2 +1?)
 Network security: Lecture 10 (2 +1?)
 Physical security: Lecture 12 (1/3)
 Operations security : Lecture 15 (1/3)
 Business continuity planning: Lecture 14 (1/3)
 Legal aspects (forensics, privacy): Lectures 13, 20, 21 (2)
 Extra Credit
 Hardware security: Lecture 25: URL (please read paper – maybe
extra credit)
 Ontology.CVE/NVD (maybe extra credit): Lecture 18
 Social network security (maybe extra credit): Lecture 19
Papers to read
 Privacy preserving data mining
- Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving
Data Mining. SIGMOD Conference 2000: 439-450
 Hardware security (extra credit maybe)
- Please see URL in Lecture 25 – last page
 Social network security (extra credit maybe)
- Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat
Kantarcioglu, Bhavani M. Thuraisingham: A semantic web based
framework for social network access control. SACMAT 2009:
177-186