1. Credits. A fully qualified candidate is required to successfully complete a minimum of 45 credits. Additional credits may be required in some cases.
2. Courses. Students must take a total of 45 credits of course work including a minimum of 28 credits chosen from the Concordia Institute for Information Systems Engineering's graduate courses. In order to graduate, students must have a CGPA of at least 3.00.
The breakdown of the 45 credits is as follows:
* 20 credits from five core courses from the topic area E69 Information Systems Security.
* 20 credits of elective courses selected from the following areas:
o C04 - Software Systems and Languages
o E01 - Mathematical Methods
o E47 - Signal Processing
o E48 - Computer Engineering
o E63 - Project and Report
o E70 - Information Systems Engineering
o E71 - Computer Science Program
* 5 credits for a project or an elective 4-credit course and 1-credit seminar course. The topic of the project should be in the area of Information Systems Security.
E69 - Topic Area: Information Systems Security
* INSE 6110 Foundations of Cryptography
* INSE 6120 Crypto-Protocol and Network Security
* INSE 6130 Operating Systems Security
* INSE 6140 Middleware and Application Security
* INSE 6150 Security Evaluation Methodologies
# INSE 6110 - Foundations of Cryptography (4 credits)
Cryptography and cryptanalysis, mathematical background: complexity theory, number theory, abstract algebra, finite fields. Number-theoretic reference problems: the integer factorization problem, the RSA problem, the quadratic residuosity problem, computing square roots in Zn, the discrete logarithm problem, the Diffie-Hellman problem, pseudorandom bits and sequences, stream ciphers: feedback shift registers, LFSRs, RC4. Block ciphers: SPN and fiestel structures, DES, AES, linear cryptanalysis, differential cryptanalysis, side channel attacks; public key encryption: RSA, Rabin, ElGamal, McEliece, elliptic curves cryptography; hash functions: un-keyed hash functions, MACs, attacks; digital signatures: RSA, fiat-shamir, DSA, public key infrastructure; key management, efficient implementation of ciphers. A project.
# INSE 6120 - Crypto-Protocol and Network Security (4 credits)
Cryptographic protocols, authentication protocols, key distributions protocols, e-commerce security protocols. Security protocol properties: authentication, secrecy, integrity, availability, non-repudiation, atomicity, certified delivery; crypto-protocol attacks; security protocols design, implementation and analysis. OSI security architecture, models and architectures for network security, authentication using kerberos and X.509, email security (PGP, S/MIME), IP security, IPv6, web security, SSL/TLS, virtual private networks, firewalls (screening routers, packet filtering, firewall architecture and theory, implementations and maintenance, proxy servers), content filtering, denial of service attacks, wireless networks security, network security policies, intrusion detection, host-based IDS, network based IDS, misuse detection methods, anomaly detection methods, intrusion detection in distributed systems, intrusion detection in wireless ad hoc networks. A project.
# INSE 6130 - Operating Systems Security (4 credits)
System security, MS Windows security, linux security, unix security, embedded and real-time OS, system reliability, OS security mechanisms, security administration, delegation of authority, group policy design, security configuration, password requirements, security services, protection models, protection levels, protection domains, capabilities, sharing, system kernel security, resource control, secure booting, firewalls and border security, security models and policies, security levels, authentication, confidentiality, integrity, access control strategies access matrix, access control list, mandatory, discretionary, monitoring, auditing, accountability, privilege, account security, file system protection, registry security, threat analysis, security attacks, security-hardened operating. A project.
# INSE 6140 - Middleware and Application Security (4 credits)
Malicious code, taxonomy, viruses, worms, trojan horses, logical and temporal bombs, infection process, security properties of applications, safety, high-level security, detection approaches, ad-hoc techniques: scanning, anti-virus technology, obfuscation; dynamic analysis for security: passive and active monitoring, inline and reference monitors, sandboxing; static analysis for security: data and control flow analysis for security, type-based analysis for security; self-certified code: certifying compilers, proof carrying code, efficient code certification, typed assembly languages, certificate generation, certificate verification and validation. C and C++ security, java security, byte-code verification, access controllers, security managers, permission files, security APIs, critical APIs, protection domains, security profiles, mobile code security. A project.
# INSE 6150 - Security Evaluation Methodologies (4 credits)
Security evaluation of information systems, security evaluation of software, security evaluation of products. Security code inspection, security testing, security standards, preparation of a security evaluation: impact scale, likelihood scale, severity scale. Vulnerability analysis, risk analysis, security plan elaboration. ITSEC, MARION and MEHARI methods, OCTAVE, common criteria, target of evaluation, protection profile, security functional requirement, security factors, errors, accidents, assurance requirements, assurance levels, evaluation process, compliance with the protection profile, IT security ethics, privacy, digital copyright, licensing IT security products, import and export control regulations, computer fraud and abuse, computer crime control, national and international criminal codes, incident handling, infrastructure protection and espionage laws, privacy laws, business records, security forensics, security evaluation case studies. A project.
Elective Courses in Information Systems Security
# INSE 6160 - Database Security and Privacy (4 credits)
Access control in relational databases; grant/revoke model; security by views; query modification; Oracle VPD; auditing in databases; information warfare in databases; multi-level database security; polyinstantiation and covert channel; statistical database security; inference control; security by auditing; microdata security; random perturbation; watermarking and fingerprinting databases; XML database security; encrypted databases; SQL injection attack; anomaly detection in databases; P3P; Hippocratic databases; perfect secrecy-based privacy; k-anonymity model; l-diversity; multi-party privacy preserving computation; privacy in OLAP. A project. Note: Students who have received credit for INSE 691A (Database Security and Privacy) may not take this course for credit.
# INSE 6180 - Security and Privacy Implications of Data Mining (4 credits)
Introduction to security and privacy implications of data mining and its applications; privacy legislations and national security policies; security and privacy threats caused by current data mining techniques; risks and challenges in emerging data mining applications; attacks and prevention methods: web privacy attacks, data mining-based intrusion detection; privacy-preserving data publishing. A project. Note: Students who have received credit for INSE 691D (Security Implications of Data Mining) may not take this course for credit.
# INSE 6190 - Wireless Network Security (4 credits)
Prerequisite: INSE 6110 or equivalent.
Introduction to wireless network security; security issues in cellular networks; authentication/key management in wireless LAN; security issues in mobile ad-hoc networks: trust establishment, secure routing, anonymity; selfishness & fairness in wireless networks; key distribution in sensor networks; secure data aggregation in sensor networks; security and privacy issues in RFID. A project. Note: Students who have received credit for INSE 691B (Wireless Security) may not take this course for credit.
# INSE 691E - Cybercrime Investigations (4 credits)
Introduction to cybercrimes: unauthorized access, mischief to data, possession of hacking tools, possession of child pornography; Legal aspects: Canadian judicial system, computer crime laws, charter of rights, common law, mutual legal assistance treaty, search warrants, production and assistance orders, international laws, upcoming legal changes; Investigation process: search planning, acquisition methods, environment recognition, evidence identification; Reporting process: investigation and analysis reports, notes taking; Authority of seizure; Forensic Interviews; Computer crime trials: witness preparation, court sentencing, rebuttal witness, cross-examination, testimony, credibility attacks; In-depth case Studies. A project.