Undergraduate Program Subject Outline

Faculty of Computer Science and Engineering

http://my.uowdubai.ac.ae

Subject Code:CSCI 262 Subject Name: System Security

No of Credit Points: 6
Session: Autumn Year: 2013 Section:
Pre-requisite(s): CSCI121 or CSCI 124 Co-requisite(s):

LECTURE INFORMATION FINAL EXAM PASSING REQUIREMENT:40%

Day: Sundays Wednesdays
Time: 12:30 pm-14:30pm 08:30am-09:30am
Location: Block 14 Room 202 Block 14 Room 302

COMPUTER LAB INFORMATION

Computer Lab 1
Day: Sundays
Time: 15:30pm-17:30pm
Location: Block5 Room 103

Lecturer’s Name: Halim Khelalfa

Building & Office No: Block 5 Office 108
E-mail Address: halimkhelalfa@uowdubai.ac.ae
Consultation Days and Times: Mondays 12:30pm-14:30pm,
Wednesdays 10:30 am-13:30pm, and 15:30pm-16:30pm
Subject Coordinator: Halim Khelalfa

Tutor’s Name: Mr. Khalid Najjar

Building & Office No: Block Office
E-mail Address:
Consultation Days and Times: TBA

UG Subject Outline Template F-ACD-DB-01.04.01 V13 12 Aug 2012 Page 1

Add Subject Code and Name
1 SUBJECT DESCRIPTION
The subject covers fundamental computer security technologies in the following aspects:
(a) Operating system security such as physical security, file protections, system abuses,
attacks and protections;
(b) Database security including data integrity, data recover, data encryption/ decryption,
access control, and authentication;
(c) Mobile code security including malicious logic, host and mobile code protection, mobile
agents' security.
(d) Intrusion detection;
(e) Security policies;
(f) Security management and risk analysis.

2 LEARNING OUTCOMES
Upon successful completion of this subject, a student should be able to:
(a) Analyse risks and threats to computer systems.
(b) Evaluate and manage the security in computer systems.
(c) Apply models of security in Operating Systems and select methods for providing protection.
(d) Apply security mechanisms in database management systems.
(e) Manage security for mobile code systems.

3 SUBJECT SCHEDULE
Related
Lecture Topic(s) Text
week starts ends Chapter(s)
1 15-Sep 19-Sep Introduction, Foundation of security, security policy 1,2
2 22-Sep 26-Sep Authentication, Access control. 3,4
Trusted computing and multilevel security, security
13
3 29-Sep 3-Oct models, common criteria
4 5-Oct Database system security. 5
lab october
Intrusion detection systems, firewalls. 8
5 6-Oct 10-Oct 12
13-Oct 17-Oct Break
6 20-Oct 24-Oct Malware, Reverse engineering & obfuscation. 6
7 27-Oct 31-Oct Denial of service attacks, protection methods. 7
8 3-Nov 7-Nov Buffer overflows, secure code, cross-site scripting. 10
9 10-Nov 14-Nov Other software security issues, revision. 11
10 17-Nov 21-Nov Phishing, auditing. 18
11 24-Nov 28-Nov Linux security / Windows security 12
12 1-Dec 5-Dec Security of Mobile code Notes
13 8-Dec 12-Dec IT security mgt, risks, controls 14
14 15-Dec 19-Dec Break
15 22-Dec 26-Dec Break
16 29-Dec 2-Jan Break
17 5-Jan 9-Jan Exams
18 12-Jan 16-Jan Exams

UG Subject Outline Template F-ACD-DB-01.04.01 V13 12 Aug 2012 Page 2

Add Subject Code and Name
 3.1

Week starts ends Tutorial/Computer Lab Activities Lab Assignments

1 15-Sep 19-Sep
2 22-Sep 26-Sep Tutorial and practical lab exercises

3 29-Sep 3-Oct Tutorial and practical lab exercises First assignment

4 5-Oct Tutorial and practical lab exercises
5 6-Oct 10-Oct Tutorial and practical lab exercises
13-Oct 17-Oct Break
6 20-Oct 24-Oct Tutorial and practical lab exercises Second assignment
7 27-Oct 31-Oct Tutorial and practical lab exercises
8 3-Nov 7-Nov Tutorial and practical lab exercises
9 10-Nov 14-Nov Tutorial and practical lab exercises Third assignment
10 17-Nov 21-Nov Tutorial and practical lab exercises
11 24-Nov 28-Nov Tutorial and practical lab exercises
12 1-Dec 5-Dec Tutorial and practical lab exercises Fourth Assignment
13 8-Dec 12-Dec Tutorial and practical lab exercises

4 TEXTS
4.1 REQUIRED TEXTS
William Stallings, Lawrie Brown, 2nd edition, 2011, Computer Security: Principles and
Practice, Prentice Hall

Required texts can be purchased from the University Bookshop located in Block 5 Ground
Floor.

COPYRIGHT NOTICE: The University of Wollongong in Dubai complies with UAE Federal Law No. (7)
of 2002 pertaining to Copyrights and Neighboring Rights. Severe penalties apply for copyright
violations. No copied materials will be allowed on campus, except where permitted as per UAE Federal
Law No. (7) of 2002. Any copied materials that violate UAE Laws or UOWD Policies will be
confiscated in the first instance and disciplinary actions may be taken against the person(s) involved.
4.2 RECOMMENDED READINGS
 Carlos Solari, 2009, Security in Web 2.0 + World: a standards based approach, John
Wiley and Sons
 Charles Pfleeger, 4th edition, 2007, Security in Computing, Prentice Hall
 Cole, Krutz, Conley, Reisman, Ruebush, Gollmann, Reese, 2008,Wiley Pathways
Network Security Fundamentals, John Wiley and Sons
 Davi Ottenheimer, 2012, Securing the virtual environment: how to defend against
attack.
 Dieter, Gollmann, 3rd Edition , 2011, Computer Security, John Wiley and Sons
 Dwayne Williams, Principles of Computer Security: Security+ and Beyond, Mc Graw
Hill
 Gary M. Jackson, 2012, Predicting Malicious Behavior: Tools and Techniques for
Ensuring Global Security, John Wiley and Sons

UG Subject Outline Template F-ACD-DB-01.04.01 V13 12 Aug 2012 Page 3

Add Subject Code and Name
  M Whitman and H. Mattord, 2003, Guide to Network Defense and Countermeasures,
Course Technology
 M Whitman and H. Mattord, 2006, Database Security and Auditing, Course
Technology
 M Whitman and H. Mattord,2nd edition, 2008, Management of Information Security,
Course Technology
 M Whitman and H. Mattord,3rd edition, 2006, Reading and Cases in the Management
of Information Security , Course Technology
 M Whitman and H. Mattord,3rd edition, 2010, Principles of Information Security,
Course Technology
 Matt Bishop, 2003, Computer Security: Art and Science, Addison-Wesley
 Michael Goodrich,2011, Introduction to Computer Security, Pearson Education
 Niel Ferguson, Bruce Schneier, 2003, Practical Cryptography, John Wiley and Sons
 Raymond Pranko, 2004, Corporate Computer and Network Security, Prentice Hall
 Wenbo Mao, 2004, Modern Cryptography, Prentice Hall
 Will Allsopp, 2009, Unauthorized access: physical penetration testing for IT security
teams, John Wiley and Sons
 William Stallings, 2007, 3rd Edition, Network Security Essentials : Applications and
Standards, , Pearson Education
 William Stallings, 2006, 4th Edition, Cryptography and Network Security : Principles
and Practices, Pearson Education

All of the recommended readings above are available at the UOWD Library located on the
first floor in Block 14.

4.3 LECTURE NOTES

All teaching materials can be downloaded from the student intranet: https://myuowdubai.ac.ae
5 ASSESSMENT
Assessment tasks Weight Individual/ Group Date
Lab assignments 20% Week 2-13
Tutorial and Practical Individual
exercises
Programming assignments 40% Individual Week 3, 6, 9,12
Final Exam 40% Individual
5.1 ASSESSMENT OF LEARNING OUTCOMES
Learning Outcome Measures (Elements of Assessment)

(a) Analyse risks and threats to
computer systems.
(b) Evaluate and manage the security in
computer systems.
(c) Apply models of security in Operating
Systems and select methods for
providing protection.
(d) Apply security mechanisms in
database management systems.
(e) Manage security for mobile code
systems.
Tutorials and practical exercises, final exam
Lab assignments, Tutorials and practical exercises, final
exam
Tutorials and practical exercises, final exam
Tutorials and practical exercises, final exam
Lab assignments, Tutorials and practical exercises, final
exam

UG Subject Outline Template F-ACD-DB-01.04.01 V13 12 Aug 2012 Page 4

Add Subject Code and Name
 5.2 ASSESSMENT TASKS

Assessment Task: Programming assignments

Type: Individual
Description: Programming assignment
Learning Outcome Measured: (a), (b),
Total Marks: 100
Weighting: 40%
Due Date: Week 3, 6, 9, 12
Word Length (if applicable):
Power point presentation
Hand in to: Lab tutor
TurnItIn submission required [Last and final submission is prior to lecture of week
by: 11. You are allowed to resubmit your work two times
prior to the final submission

OUTLINE AND REQUIREMENTS

 There are four Programming assignments.

 Each assignment must be completed within the deadline mentioned in the handout.
 The lab paper must be handed out to the lab assistant. If you do not complete your lab
assignment within the time allocated, a 10% penalty will be applied for every additional
working day

Assessment Task: Tutorial Assignments

Type: Individual
Learning Outcome Measured: (a), (b), (c), (d) , (e), (f)
Total Marks: 100
Weighting: 20%
Date, Time and Location: Exercises and practices weeks 2 through 13
OUTLINE AND REQUIREMENTS
 You must complete and submit the assignments as stated by the handouts that the lecturer will
provide you with. You should attempt all the tutorial questions during the tutorial session. The
lecturer will pick on random weeks tutorial assignments for marking.
 If you do not complete your tutorial assignment during the lab session, a 10% penalty
will be applied for every additional working day

UG Subject Outline Template F-ACD-DB-01.04.01 V13 12 Aug 2012 Page 5

Add Subject Code and Name
MARKING CRITERIA
The tutorial and exercises will count for 20% of the subject mark.Marking will be based on
correctness and clarity of answers, as well as you contribution to the tutorials.
Your contribution to the tutorials is based on how well you solve the problems, how you
participate in the questions/answers with the lab assistant, as well as how you perform at the
whiteboard. Expect to be called on to solve questions and explain your solution at the white
board several times during the session.
Your tutorial mark is calculated as follows:
 60% the mark you obtained in marked tutorials
 40% the mark you obtained in your active participation in the tutorials (including
how you solve the problems, and how well you perform at the whiteboard).
Every time you solve a question or problem on the whiteboard I will mark you.

OUTLINE AND REQUIREMENTS

You will be tested on all material covered up to week 7 (included)

MARKING CRITERIA
Exam will be marked on correctness and clarity of answers

Assessment Task: Final Exam

Learning Outcome Measured: (a), (b), (c), (d) , (e), (f)
Total Marks: 100
Weighting: 40%
Date: To be held during the official examination period.
Please refer to the Exam Timetable available on the Student
Online Resources website ( http://my.uowdubai.ac.ae) closer
to the exam period.

5.3 GRADES AWARDED

The approved grades of performance and associated ranges of marks for undergraduate subjects
are:
High Distinction (HD) 85 – 100%
Distinction (D) 75 – 84%
Credit (C) 65 – 74%
Pass (P) 50 – 64%50%
Pass Supplementary(PS) 0 – 49%(and not meeting the attendance requirements)
Fail (F) Not meeting the final exam passing requirements – see the Assessment Policy
Technical Fail (TF) PP-REG-DB-2.1

5.4 SATISFACTORY COMPLETION REQUIREMENTS

In order to be considered for a grade of Pass (P) or better in this subject, students must
achieve the minimum required mark in the Final Examination (see page 1 for required
score); students who obtain a composite mark greater than or equal to 50% but do not satisfy
the Final Examination minimum pass requirements in the final examination will be awarded a
“Technical Fail” grade.

Students must ‘reasonably’ complete all assessment tasks (including the required score for
the Final Examination,) and submit these as specified in the subject outline. ‘Reasonable’

UG Subject Outline Template F-ACD-DB-01.04.01 V13 12 Aug 2012 Page 6

Add Subject Code and Name
 completion of an assessment task will be determined based on the instructions given to the
student including: word length, demonstration of research and analysis where required,
adherence to the Plagiarism Policy guidelines, and completion of each section/component of
the assessment. Failure to ‘reasonably’ complete any assessment tasks to the standard
specified above may result in a Fail grade awarded for the subject.

6 RELEVANT POLICIES AND DOCUMENTS

All students must read and be familiar with the following UOWD policies and documents,
which are available on the Student Online Resources (my.uowdubai.ac.ae) website by
following the Policies link:
 Academic Grievance – Students
 Assessment Policy
 Attendance Policy
 Code of Conduct – Library Users
 Code of Practice – Students
 Copyright Policy
 Information Literacies Rule
 Library Regulations
 Minimum Rate of Progress
 Music, Video and Software Piracy
 Plagiarism Policy
 Plagiarism – Acknowledgement Practice
 Rules – Campus Access and Order
 Rules for Student Conduct and Discipline
 Rules for use of ITTS Facilities
 Special Consideration Policy

7 SASS
SASS (Student Academic Support Services) is a program committed to assisting students
in developing their academic skills and getting the most out of their studies. As part of their
services, SASS provides Peer Tutoring Program and Academic Workshops.

For further information contact, please contact:

SASS Admin Assistant
Room 032A, Block 5.
SASS@uowdubai.ac.ae
Ph: + 971 4 390 0602

8 PLAGIARISM
Plagiarism is a serious offense that can lead to expulsion from the university. Students must
be familiar with the Plagiarism policy which outlines the procedure that will be followed in case
of plagiarism. For more information please refer to the Plagiarism policy available on the
Student Online Resources website (http://my.uowdubai.ac.ae– follow the Policies link).

8.1 TURNITIN
In addition to a hard copy, students are required to submit all written assignments in soft
copy through the TurnItIn system which is available online at www.turnitin.com. Every student
must have a TurnItIn account. Failure to submit an assignment through TurnItIn will result in
marks for that assignment being withheld. Students do NOT need to hand in a printed
copy of the TurnItIn Originality Report! More information about TurnItIn (including how to
create an account and add a class) will be provided in the first lecture. Students can

UG Subject Outline Template F-ACD-DB-01.04.01 V13 12 Aug 2012 Page 7

Add Subject Code and Name
 download Frequently Asked Questions (FAQs) about TurnItIn from the SASS section of the
website (http://www.uowdubai.ac.ae/ss).

TurnItIn information required to add this subject:

Class ID:
Password:

8.2 REFERENCING & IN-TEXT CITATION & UOWD RULES & POLICIES
For information about Referencing and In-Text Citation, as well as a guide to some of the
UOWD Rules and Policies, please go to the Student Online Resources website
(http://my.uowdubai.ac.ae) and click on the POLICIES link. You will find the required
information under the letter “S” for “Subject Outline Information”.

9 ATTENDANCE REQUIREMENTS
For all subjects, include this statement:
Attendance in this subject is compulsory. Failure to attend all tutorials and computer labs as
per the Student Attendance Policy may result in a FAIL grade. Students are strongly
encouraged to become familiar with this policy (which can be found on the Online Resources
website at my.uowdubai.ac.ae).

10 TUTORIAL/COMPUTER LAB ENROLMENTS

All students must sign up for one tutorial and/or computer lab in Week 1. Admission to a
tutorial/computer lab will not be possible unless the student’s name is on the Attendance List
for that class. No changes will be allowed once a student has enrolled in a tutorial/computer
lab.

11 SUPPLEMENTARY ASSESSMENTS
A supplementary assessment may be offered to students whose performance in this subject is
close (45-49 or TF) to that required to pass the subject, and are otherwise identified as meriting
an offer of a supplementary assessment. The precise form of a supplementary assessment will
be determined at the time the offer of a supplementary is made.

UG Subject Outline Template F-ACD-DB-01.04.01 V13 12 Aug 2012 Page 8

Add Subject Code and Name