Course Name | Operating Systems Security |
Code | Semester | Theory (hour/week) | Application/Lab (hour/week) | Local Credits | ECTS |
---|---|---|---|---|---|
CE 304 | Fall/Spring | 2 | 2 | 3 | 5 |
Prerequisites |
| |||||||||||
Course Language | English | |||||||||||
Course Type | Elective | |||||||||||
Course Level | First Cycle | |||||||||||
Mode of Delivery | - | |||||||||||
Teaching Methods and Techniques of the Course | Application: Experiment / Laboratory / WorkshopLecture / Presentation | |||||||||||
Course Coordinator | ||||||||||||
Course Lecturer(s) | - | |||||||||||
Assistant(s) | - |
Course Objectives | The objective of this course is to teach the students security related details of most widely used operating systems, threat analysis, and countermeasures agaist the threats. |
Learning Outcomes | The students who succeeded in this course;
|
Course Description | A study of technical security policies, models, and mechanisms for confidentiality, integrity, and availability with respect to operating systems from an engineering point of view. |
Related Sustainable Development Goals |
| Core Courses | |
Major Area Courses | X | |
Supportive Courses | ||
Media and Managment Skills Courses | ||
Transferable Skill Courses |
Week | Subjects | Required Materials |
1 | Introduction, basic terms & concepts in information security & related legal issues | Preliminary study 1 |
2 | Basics of OS Security; concepts, general & common problems, threats, countermeasures | Preliminary study 2 |
3 | Access controls & methodologies, IAAA in OS & relevant technologies & applications in today’s world | Preliminary study 3 |
4 | Centralized / decentralized IAAA solutions, different IAAA architectures in secure OS | Preliminary study 4 |
5 | Audit & monitoring in OS | Preliminary study 5 |
6 | Intro to cryptography, protection of assets, data, systems in OS with today’s best practices | Preliminary study 6 |
7 | Secure system management; models, solutions, various technologies | Preliminary study 7 |
8 | Midterm | |
9 | Opensource architecture & approach and its relation with information security & OS security | Preliminary study 8 |
10 | IAAA differences of Linux vs. Windows architectures | Part I Guide to Operating Systems Security, Michael Palmer |
11 | IAAA differences of Linux vs. Windows architectures | Part II Guide to Operating Systems Security, Michael Palmer |
12 | Network related issues in OS Security | Part I Guide to Operating Systems Security, Michael Palmer |
13 | Network related issues in OS Security (including cryptographic basics) | Part II Guide to Operating Systems Security, Michael Palmer |
14 | Related vulnerabilities, threats & countermeasures (DOS attacks, malicious codes, XSS, rootkits, JavaScript, SQL, Ajax, .Net, Apache, IIS, etc) | Part I Guide to Operating Systems Security, Michael Palmer |
15 | Semester Review | |
16 | Final Exam |
Course Notes/Textbooks | Guide to Operating Systems Security, Michael Palmer, Publisher: Thomson, 2003 (2004 2nd ed), ISBN 13: 9780619160401©2004, ISBN 10: 0619160403 |
Suggested Readings/Materials | Maximum Linux Security (2nd Edition), John Ray, Sams, 2 Pap/Cdr edition, 2001, ISBN10: 0672321343, ISBN13: 9780672321344 Hacking Exposed Windows Server 2003, Joel Scambray & Stuart McClure, McGrawHill Osborne Media, 2006, ISBN10: 0072230614, ISBN13: 9780072230611 CISSP Textbook, Vallabhaneni, S.Rao, SRV Pro Publications, 2002, ASIN: B0006S7QN0 ISO27001:IEC, British Standards Institution, 2005 Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, et al, McGrawHill Osborne, Fourth Edition, 2003, ISBN 0072227427 Applied Cryptography: Protocols, Algorithms, and Source Code in C, Schneier, Bruce, Second Edition, 1998, ISBN 0471117099 Hacking Exposed Web Applications, Scambray, Joel, et al, Second Edition, McGrawHill Osborne, 2006, ISBN 0072262990 |
Semester Activities | Number | Weigthing |
Participation | ||
Laboratory / Application | 1 | 10 |
Field Work | ||
Quizzes / Studio Critiques | ||
Portfolio | ||
Homework / Assignments | 1 | 40 |
Presentation / Jury | ||
Project | ||
Seminar / Workshop | ||
Oral Exam | ||
Midterm | 1 | 20 |
Final Exam | 1 | 30 |
Total |
Weighting of Semester Activities on the Final Grade | 3 | 70 |
Weighting of End-of-Semester Activities on the Final Grade | 1 | 30 |
Total |
Semester Activities | Number | Duration (Hours) | Workload |
---|---|---|---|
Course Hours (Including exam week: 16 x total hours) | 16 | 2 | 32 |
Laboratory / Application Hours (Including exam week: 16 x total hours) | 16 | 2 | |
Study Hours Out of Class | 14 | 2 | 28 |
Field Work | |||
Quizzes / Studio Critiques | |||
Portfolio | |||
Homework / Assignments | 4 | 5 | |
Presentation / Jury | |||
Project | |||
Seminar / Workshop | |||
Oral Exam | |||
Midterms | 1 | 18 | |
Final Exams | 1 | 20 | |
Total | 150 |
# | Program Competencies/Outcomes | * Contribution Level | ||||
1 | 2 | 3 | 4 | 5 | ||
1 | To have adequate knowledge in Mathematics, Science and Computer Engineering; to be able to use theoretical and applied information in these areas on complex engineering problems. | X | ||||
2 | To be able to identify, define, formulate, and solve complex Computer Engineering problems; to be able to select and apply proper analysis and modeling methods for this purpose. | X | ||||
3 | To be able to design a complex system, process, device or product under realistic constraints and conditions, in such a way as to meet the requirements; to be able to apply modern design methods for this purpose. | X | ||||
4 | To be able to devise, select, and use modern techniques and tools needed for analysis and solution of complex problems in Computer Engineering applications; to be able to use information technologies effectively. | X | ||||
5 | To be able to design and conduct experiments, gather data, analyze and interpret results for investigating complex engineering problems or Computer Engineering research topics. | |||||
6 | To be able to work efficiently in Computer Engineering disciplinary and multi-disciplinary teams; to be able to work individually. | |||||
7 | To be able to communicate effectively in Turkish, both orally and in writing; to be able to author and comprehend written reports, to be able to prepare design and implementation reports, to present effectively, to be able to give and receive clear and comprehensible instructions. | |||||
8 | To have knowledge about global and social impact of Computer Engineering practices on health, environment, and safety; to have knowledge about contemporary issues as they pertain to engineering; to be aware of the legal ramifications of Computer Engineering solutions. | |||||
9 | To be aware of ethical behavior, professional and ethical responsibility; to have knowledge about standards utilized in engineering applications. | |||||
10 | To have knowledge about industrial practices such as project management, risk management, and change management; to have awareness of entrepreneurship and innovation; to have knowledge about sustainable development. | |||||
11 | To be able to collect data in the area of Computer Engineering, and to be able to communicate with colleagues in a foreign language. ("European Language Portfolio Global Scale", Level B1) | |||||
12 | To be able to speak a second foreign language at a medium level of fluency efficiently. | |||||
13 | To recognize the need for lifelong learning; to be able to access information, to be able to stay current with developments in science and technology; to be able to relate the knowledge accumulated throughout the human history to Computer Engineering. |
*1 Lowest, 2 Low, 3 Average, 4 High, 5 Highest