1. Course Identity:
Course Title: Internet Information Systems Security
Course Type: 1st-semester course
Teaching Hours: 3
ECTS Credits: 6
2. Learning Objectives:
The purpose of this course is for students to understand the methodological framework for identifying vulnerabilities and security requirements of internet information systems. They will learn the forefront of protection mechanisms, security technologies, and their comprehensive implementation. Additionally, they will be trained in researching new security problems, particularly in advanced computing infrastructures.
Upon completion of the course, students are expected to:
- Understand the fundamental concepts of internet information systems security.
- Know the models and access control policies and be able to develop an appropriate security policy and the necessary protection mechanisms to support it.
- Be familiar with major cryptographic algorithms and their basic implementation in a programming environment.
- Comprehend security mechanisms and application protocols of security mechanisms at all levels of TCP/IP.
- Understand security features in Web applications.
- Be acquainted with security standards and protocols in the Web Services security framework.
- Develop secure internet services using Java, as well as code security checks.
- Learn about electronic payment security technologies.
- Explore advanced computational security (cloud, ubiquitous computing).
- Understand current research topics in the field.
3. Course Subject:
The topics covered include:
- Conceptual Foundations: basic concepts and definitions in information systems security, models, and access control policies.
- Cryptography Elements: symmetric and asymmetric encryption algorithms, cryptographic hash functions, cryptanalysis.
- Entity Authentication: authentication protocols and technologies, smart cards, biometrics, digital certificates, digital signatures, Public Key Infrastructure (PKI).
- Mobile Code Security Models: Java security model and implementation capabilities of security mechanisms and cryptographic algorithms.
- Internet Security: mechanisms and protocols of network security at the TCP/IP levels (IPSEC, SSL).
- Web Security: methodological framework for identifying threats and vulnerabilities (tools, techniques), protection mechanisms.
- Web Services Security Framework: Standards and protocols of the WS Security framework, XKMS, SAML (Security Assertion Markup Language), XML Access Control Markup Language (XACML), eXtensible Rights Markup Language (XrML), P3P (Platform for Privacy Preferences).
- Code Security Check: security attacks, code and software check methodology, code analysis technologies.
- Privacy Protection Technologies and Access Control Technologies on the World Wide Web Based on Content: Study of privacy models and RSAC, ICRA standards, and their application mechanisms.
- Security Protocols in Electronic Commerce
- Advanced Computational Security: cloud computing security, ubiquitous computing security.
- Protection of Critical Internet Infrastructures
4. Teaching Method:
Attendance: 52 hours
Research Work: 20 hours
Assignments: 20 hours
Personal Study: 40 hours
The students’ education is based on lectures, presentations, and exploration of current breach incidents, using material from certified entities that deal with security breaches, and presenting relevant bibliography for the subjects covered. Additionally, students will conduct research on a specific topic related to Internet Information Systems security.
During the course, students will use security tools and technologies in a laboratory environment and demonstrate the integrated development of secure internet information systems.
5. Student Assessment Method:
The evaluation of students is based on the final written examination, the assignments submitted during the academic year, and the research project.
6. Prerequisite Knowledge:
Students are expected to have a basic understanding of Networks, Programming, Operating Systems, and Databases, as these will be useful for part of the course material.
7. Equipment and Software Requirements:
The equipment required for students’ training in a laboratory environment is provided by the computer science department, and the software and tools used will be provided free of charge in the form of open-source licenses.