Download File Ref.No.42471/GA - IV - E2/2013/CU UNIVERSITY OF CALICUT

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
Document related concepts

Security-focused operating system wikipedia , lookup

Transcript 
File Ref.No.42471/GA - IV - E2/2013/CU
UNIVERSITY OF CALICUT
Abstract
Faculty of Engineering - Board of Studies in Engineering(PG) - Syllabus - M.Tech Course in Information Security- with effect
from 2014 admission - Approved - Sanctioned - Orders issued.
G & A - IV - E
U.O.No. 7797/2014/Admn
Dated, Calicut University.P.O, 11.08.2014
Read:-1. U.O. No. 4126/2014/Admn dated 25-04-2014
2. Item No. 1(a) of the Minutes of the meeting of the Board of Studies in Engineering(PG) held on 19-06-2014.
3. Item No. 2 of the minutes of the meeting of the Faculty of Engineering held on 25-06-2014.
ORDER
Vide paper read as 1st above, an Expert Committee was constituted to frame
the syllbus for M.Tech Programme in
Information Security in tune with the M.Tech Regulations -2010 of this University.
Vide paper read as 2nd above, the Board of Studies in Engineering (PG) at its meeting
held on 19-06-2014, resolved to
approve the syllabus of M.Tech Programme in Information Security, submitted by the Expert Committee, fixing the Eligibility
Criteria to the Programme to be B.Tech Degree in Computer Science and Engineering / Information Technology or Equivalent.
The meeting of the Faculty of Engineering held on 25-06-2014, vide item No. 2 of its minutes, resolved to approve the minutes
of the meeting of the Board of Studies in Engineering(PG) held on 19-06-2014.
Considering the exigency of implementing the syllabi, the Hon'ble Vice Chancellor, after having examined the matter in
detail, has accorded sanction to implement the syllabus for M.Tech Programme in Information Security, subject to ratification
by the Academic Council.
Sanction has therefore been accorded for implementing the syllabus of M.Tech Course in
Information Security with
eligibility criteria for admission to the course to be B.Tech Degree in Computer Science and
Engineering / Information Technology or Equivalent, subject to ratification by the Academic Council
Orders are issued accordingly.
( Syllabus is appended)
Muhammed S
Deputy Registrar
To
Principals of all affiliated Engineering Colleges
Copy to : - PS to VC/PA to PVC/ PA to Registrar/PA to CE/ DR/AR M.Tech/ CDC / Dean, Faculty of Engineering/
Chairman, BS in Engineering/ PRO/Enquiry Section/SA( to upload in the University website)
Forwarded / By Order
Section Officer
Syllabi & Scheme
for M.Tech Course in
INFORMATION SECURITY
of Calicut University
Scheme of M.Tech. Programme in INFORMATION SECURITY
Total
T
P
Semester
End Exam
Duration
Credits
L
3
1
0
100
100
200
3
4
3
1
0
100
100
200
3
4
3
1
0
100
100
200
3
4
3
3
0
0
15
1
1
0
0
5
0
0
2
2
4
100
100
100
100
700
100
100
0
0
500
200
200
100
100
1200
3
3
-
4
4
2
2
24
Hours/Week
Course Code
1
CIS 14 101
2
CIS 14 102
3
CIS 14 103
4
5
6
7
CIS 14 104
CIS 14 105
CIS 14 106 (P)
CIS 14 107 (P)
Name of the Subject
Advanced Mathematical Structures
(Same as MCS 10 101)
Trusted Operating System Design
Access Control and Authentication
System
Risk Management and Security
Elective-I
Seminar
Operating System and Security Lab
Total
Elective-I
CIS 14 105 (A) Database Design and Security
CIS 14 105 (B) Secure Software Engineering
CIS 14 105 (C) Game Theory (Same as MCS 10 105 (C))
L – Lecture, T- Tutorial, P – Practical
Page No: 1 End Sem
Sl.
No.
Internal
Evaluationn
FIRST SEMESTER
Scheme of M.Tech. Programme in INFORMATION SECURITY
End Sem
Total
Semester
End Exam
Duration
Credits
Sl.
No.
Internal
Evaluationn
SECOND SEMESTER
100
100
100
100
100
100
100
100
100
100
100
0
200
200
200
200
200
100
3
3
3
3
3
-
4
4
4
4
4
2
2
100
0
100
-
2
4
700
500
1200
-
24
Hours/Week
Course Code
1
2
3
4
5
6
CIS 14 201
CIS 14 202
CIS 14 203
CIS 14 204
CIS 14 205
CIS 14 206 (P)
7
CIS 14 207 (P)
Name of the Subject
Advanced Cryptography
Network Security
Secure Network Protocol
Elective-II
Elective-III
Seminar
Computer Network and Security
Lab/Mini Project
Total
L
3
3
3
3
3
0
T
1
1
1
1
1
0
P
0
0
0
0
0
2
0
0
15
5
Elective-II
CIS 14 204 (A) Security Assessment and Verification
CIS 14 204 (B) Cyber Law and Security Policies
CIS 14 204 (C) Algorithms and Complexity
Elective-III
CIS 14 205 (A) Advanced Networking Technologies (Same as MCS 10 205 (A))
CIS 14 205 (B) Secure E-Commerce
CIS 14 205 (C) Biometric Security
L – Lecture, T- Tutorial, P – Practical
Page No: 2 Scheme of M.Tech. Programme in INFORMATION SECURITY
Elective-IV
Elective-V
Industrial Training
CIS 14 304 (P) Master Research Project
Phase - I
Total
T
P
3
3
0
1
1
0
0
0
0
100
100
50
Guide 50
0
0
22
6
2
22
EC# 50
350
Elective-IV
CIS 14 301 (A) PKI and Trust Management
CIS 14 301 (B) Cloud Computing
CIS 14 301 (C) High Speed Networks (Same as MCS 10 302 (A))
Elective-V
CIS 14 302 (A) Security Threats
CIS 14 302 (B) Cyber Crime Investigation and Digital Forensics
CIS 14 302 (C) Financial Mathematics
L – Lecture, T- Tutorial, P – Practical
# EC - Evaluation Committee
Page No: 3 100
100
0
Guide
100
EC#
100
400
Credits
CIS 14 301 CIS 14 302 CIS 14 303 (P) L
Semester End
Exam Duration
4
Name of the Subject
Total
1
2
3
Course Code
End Sem
Hours/Week
Sl.
No.
Internal
Evaluationn
THIRD SEMESTER
200
200
50
3
3
-
4
4
1
300
-
6
750
-
15
Scheme of M.Tech. Programme in INFORMATION SECURITY
CIS 14 401 (P)
Guide
EC#
Ext.
Guide
Viva
Voce
30
150
150
150
150
600
12
30
150
150
150
150
600
3750
12
75
Name of the Subject
L
1
Credits
Course Code
Total
Sl.
No.
T
Master Research Project
Phase - II
Total
Grand Total
P
* The students have to undertake the departmental work assigned by HOD
# EC - Evaluation Committee
Page No: 4 End Sem
Hours/Week
Internal
Evaluationn
FOURTH SEMESTER*
FIRST SEMESTER
CIS 14 101: ADVANCED MATHEMATICAL STRUCTURES
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Stochastic Processes: Renewal Processes- Reward and Cost Models, Poisson Process, Point Process
Regenerative Processes, Renewal Theorems
Module II
Markov Models: Discrete Time Markov Chain- Transition Probabilities Communication ClassesIrreducible Chains. Continuous Markov Chain- Pure Jump Continuous- Time Chains, Regular Chains,
Birth and Death Process. Semi-Markov Processes.
Module III
Single Class and Multi class Queuing Networks: Simple Markovian queues- M/G/1 queue – Open Queuing
Networks Closed Queuing Networks- Mean Value Analysis- Multi- class traffic Model- Service Time
distributions- BCMP Networks- Priority Systems.
Module IV
Time delays and blocking in queuing Networks- Time delays in single server queue- time delays in
networks of queues- Types of Blocking – Two finite queues in a closed network- aggregating Markovian
States
References
1. Ronald W. Wolff, “Stochastic Modeling and Theory of Queues”, Prentice- Hall International Inc
1989.
2. Peter G Harrison and Naresh M Patel, “Performance Modeling of Communication Networks and
Computer Architectures”, Addison – Wesley, 1992
3. Gary N Higginbottom, “Performance Evaluation of Communication Networks”, Artech House,
1998
4. Anurag Kumar, D. Manjunath and Joy Kuri, “Communication Networking: An Analytical
Approach”, Morgan Kaufman Publ. 2004
5. D. Bertsekas and R. Gallager, “Data Networks”, Prentice- Hall of India 2001
6. Ross K W, “Multiservice Loss Models for Broadband Telecommunication Networks”, SpringerVerlag, 1995
7. Warland J, “An Introduction to Queuing Networks”, Prentice- Hall ,1988
8. Cinlar E, “Introduction to Stochastic Processes”, Prentice- Hall , 1975
9. Karlin S and Taylor H, “A first Course in Corse in Stochastic Processes”, 2nd Edition Academic
Press, 1975
Page No: 5 Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 6 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 102: TRUSTED OPERATING SYSTEM DESIGN
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
10
9
10
10
13
52
Introduction- Introduction, hardware interface, operating system interface. design problems. Operating
System design techniques. Implementing processes - The system call interface, system
initialiIation, process switching, system call interrupt handling, program error interrupts, d isk driver
and interrupts, event table
system. implementing waiting, flow of control through OS, signaling
managers, process implementation. Parallel systems- Parallel hardware, OS for two processor systems,
race conditions with shared processes, atomic actions, multiprocessor OS, threads.
Module II
Interprocess communication patterns-competing and co-operating, problems, race conditions and atomic
actions, new message passing system calls. IPC pattern: mutual exclusion, signaling and rendezvous
models, producer-consumer and client server models. Deadlocks- Conditions for deadlock, dealing with
deadlocks, two-phase locking, message variations, synchronization, semaphores, Design techniques- some
example design techniques. Memory management- levels of memory management, linking and loading
process, memory management design, dynamic memory allocation, keeping track allocation of blocks,
multiprogramming issues, memory protection, memory management system calls.
Module III
Virtual memory- Fragmentation and compaction, dealing with fragmentation- paging, swapping, overlay,
page replacement- global and local page replacement algorithms, thrashing and load control, dealing with
large page tables, sharing memory, design techniques- examples of multiplexing and late binding. I/O
devices - devices and controllers, terminal devices, communication devices, disk devices, disk controllers,
SCSI interfaces, tape devices, CD-devices. I/O subsystems- I/O system software, disk device driver access
strategies, modeling disks, unification of files and device, generalized disk device drivers, disk caching.
File systems- File abstraction, naming, file system objects and operations. - case study in Windows NT and
Linux
Module IV
Protection in General Purpose Operating Systems: protected objects and methods of protection – memory
and address protection – control of access to general objects – file protection Mechanisms – user
authentication - Designing Trusted Operating Systems.
Test Book
1. Charles Crowley, “Operating Systems- A Design Oriented Approach”, TMH, 1998
2. Charles P. Pfleeger, "Security in Computing", Prentice Hall, New Delhi, 2009
References
1. Silberschatz and Galvin. “Operating system concepts”. Addison Wesley, 1998
2. Tanenbaum Andrew S. “Modern Operating System”. Eaglewood Cliffs, PHI, 1992
Page No: 7 3. Gary J. Nutt. “Operating systems - A Modern Perspective”. Second edition. Addison Wesley,
2000.
4. W. Stallings, “Operating systems- Internals and design principles”, 4 th Ed. PHI, 2002
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 8 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 103: ACCESS CONTROL AND AUTHENTICATION SYSTEM
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
10
10
10
9
13
52
Access control – Introduction - Attenuation of privileges – Trust and Assurance – Confinement problem Security design principles– Identity Management models – local –Network - federal – global web identity
– XNS approach for global Web identity - Centralized enterprise level Identity Management.
Module II
Elements of trust paradigms in computing – Third party approach to identity trust – Kerberos Explicit third party authentication paradigm – PKI approach to trust establishment – Attribute
certificates – Generalized web of trust models – Biometric Authentications.
Module III
Mandatory access control - Comparing information flow in BLP and BIBA models – Combining the BLP
and BIBA models – Chinese wall problem. Discretionary access control and Access matrix model –
definitions – Safety problem – The take grant protection model – Schematic protection model – SPM rules
and operations – Attenuating– Applications
Module IV
Role based access control – Hierarchical Access Control - Mapping of a mandatory policy to RABC –
Mapping discretionary control to RBAC – RBAC flow analysis – Separation of Duty in RBAC – RBAC
consistency properties - The privileges perspective of separation of duties – Functional specification for
RBAC .
Text Books
1. Messoud Benantar, “Access Control Systems: Security, Identity Management and Trust Models”,
Springer, 2009.
2. Elena Ferrari and M. Tamer A-zsu, “Access Control in Data Management Systems”, Morgan &
Claypool Publishers, 2010.
3. John Berger,” Biometrics for Network Security”, Prentice Hall, 2004.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Page No: 9 Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 10 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 104 : RISK MANAGEMENT AND SECURITY
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Essentials of computer security - Sources of security threats – Intruders, Viruses, Worms and related
threats - Threat identification - Threat analysis - Vulnerability identification and Assessment - Components
of Computer Security - Physical security – System access control - Goals of Security - Efforts to secure
computer networks – Ethical issues in Computer Security- Operational issues, Human issues.
Module II
Intrusion Detection System (IDS) – Types and challenges – Intrusion prevention system (IPS) – Firewalls Design Principles, Scanning, filtering and blocking. Vulnerabilities – Sources of vulnerabilities,
Vulnerability identification and Assessment, Cyber crime and Hackers, Viruses and content filtering Security Assessment, Analysis and Assurance – Computer network security protocol and standards Security Policies – Integrity policies – confidentiality policies - Security models - Access Control Matrix
Model, Take-Grant Protection Model.
Module – III
Security Monitoring and Auditing - Assurance and Trust, Need for Assurance, Role of Requirements in
Assurance, Audit Assurance in Software Development Phases, Building Secure and Trusted Systems Designing an Auditing System, Implementation Considerations, Auditing to Detect Violations of a security
Policy, Auditing Mechanisms, Audit Browsing.
Module –IV
Risk management and security planning – Risk management Process Overview- Cost-Benefit Analysis,
Risk Analysis, Laws and Customs, Human Issues, Organizational issues - Information system Risk analysis
– System approach to risk management, Threat assessment, Assets and safeguards, modes of risk analysis –
Effective risk analysis, Qualitative Risk analysis, Value analysis
References
1.
2.
3.
4.
5.
Matt Bishop, “Computer Security: Art and Science”, Addison-Wesley Professional, 2003.
Joseph M.Kizza, “Computer Network security”, Springer, 2005
Matt Bishop, “Introduction to Computer Security”, Addison-Wesley Professional, 2005.
Thomas R.Peltier, “Information Security Risk Analysis”, CRC Press, 2001.
C.A.Roper, “Risk management for Security professional”, Elsevier, 1999.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Page No: 11 Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 12 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 105 (A): DATABASE DESIGN AND SECURITY
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Database System concepts and applications. Data modeling using Entity-Relationship model. Record
Storage and File organization.
Module II
The relational Data Model. Relational constraints and the Relational Algebra. SQL. ER to Relational
mapping.
Module III
Database Design Theory and Methodology- Functional Dependencies and Normalization for Relational
Databases. Object Oriented Database concepts. Object Relational and Extended Relational Database
Systems. Data warehousing and Data Mining.
Module IV
Introduction to database security, security models, physical and logical security, security requirements,
reliability and integrity, sensitive data, inference, multilevel databases and multilevel security, access
control- mandatory and discretionary , security architecture, issues.
Text Books
1. Ramez Elmasri, Shamkant B. Navathe , “Fundamentals of Database System” Addison Wesley, New
Delhi/Third/Fourth Edition
2. Ron Ben Natan, “Implementing database security and auditing”, Elsevier publications, 2005.
3. Hassan A. Afyduni, “Database Security and Auditing”, Course Technology – Cengage Learning,
NewDelhi, 2009.
References
1. Abraham Silberschatz, Hanry F Korth, Sudarshan S, “Database Systems Concepts”, McGraw Hill,
2003.
2. Raghu Ramakrishnan, "Database Management Systems", McGraw Hill/ Third Edition, 2003
3. M. Gertz, and S. Jajodia, “Handbook of Database Security- Application and Trends”, 2008,
Springer.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Page No: 13 Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 14 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 105 (B): SECURE SOFTWARE ENGINEERING
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
10
10
10
10
9
52
Problem, Process, and Product - Problems of software practitioners – approach through software reliability
engineering- experience with SRE – SRE process – defining the product – Testing acquired software –
reliability concepts- software and hardware reliability. Implementing Operational Profiles -Developing,
identifying, crating, reviewing the operation – concurrence rate – occurrence probabilities- applying
operation profiles
Module II
Engineering “Just Right” Reliability - Defining “failure” for the product - Choosing a common measure for
all associated systems. - Setting system failure intensity objectives -Determining user needs for reliability
and availability., overall reliability and availability objectives, common failure intensity objective.,
developed software failure intensity objectives. - Engineering software reliability strategies. Preparing for
Test - Preparing test cases. - Planning number of new test cases for current release.-Allocating new test
cases. - Distributing new test cases among new operations - Detailing test cases. - Preparing test procedures
Module III
Executing Test - Planning and allocating test time for the current release. - Invoking test- identifying
Identifying failures - Analyzing test output for deviations. – Determining which deviations are failures.
Establishing when failures occurred. Guiding Test - Tracking reliability growth - Estimating failure
intensity. - Using failure intensity patterns to guide test - Certifying reliability. Deploying SRE - Core
material - Persuading your boss, your coworkers, and stakeholders. - Executing the deployment - Using a
consultant.
Module IV
Using UML for Security - UML diagrams for security requirement - security business process- physical
security - security critical interaction - security state. Analyzing Model - Notation - formal semantics security analysis - important security opportunities. Model based security engineering with UML - UML
sec profile- Design principles for secure systems - Applying security patterns. Applications - Secure
channel.
Text Books
1. John Musa D, “Software Reliability Engineering”, 2nd Edition, Tata McGraw-Hill, 2005
2. Jan Jürjens, “Secure Systems Development with UML”, Springer; 2004
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
Page No: 15 End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 16 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 105 (C): GAME THEORY
Module-I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Introduction to Non Co-operative Game Theory: Extensive Form Games, Strategic Form Games, Pure
Strategy Nash Equilibrium
Module-II
Non co-operative Game Theory (in detail), Mixed Strategies, Existence of Nash Equilibrium,
Computation of Nash Equilibrium, Two Player Zero-Sum Games, Bayesian Games
Module-III
Mechanism Design: An Introduction, Dominant Strategy Implementation of Mechanisms,
Vickrey-Clorke-Groves
Mechanisms,
Bayesian
Implementation
of Mechanisms, Revenue
Equivalence Theorem, Design of Optimal Mechanisms
Module-IV
Cooperative Game Theory, Correlated Strategies, Correlated Equilibria, The Two Person Bargaining
Problem, Games in Coalitional Form, The Core Shapley Value, Other Solution Concepts for Cooperative Games.
References
1. Roger B. Myerson, “Game Theory: Analysis of Conflict”. Harvard University Press, September
1997.
2. Andreu Mas-Colell, Michael D. Whinston, and Jerry R. Green. “Microeconomic Theory”.
Oxford University Press, New York, 1995.
3. Martin J. Osborne, Ariel Rubinstein. “A Course in Game Theory”. The MIT Press, Aug 1994.
4. Philip D. Straffin, Jr. “Game Theory and Strategy”, The Mathematical Association of America,
January 1993.
5. Ken Binmore, “Fun and Games : A Text On Game Theory”, D. C. Heath & Company, 1992.
6. Paul Klemperer, “Auctions: Theory and Practice”, The Toulouse Lectures in Economics, Princeton
University Press, 2004.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Page No: 17 Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 18 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 106 (P): SEMINAR
[Hours/Week: 2]
Objective: To assess the debating capability of the student to present a technical topic. In addition, to
impart training to students to face audience and present their ideas and thus creating in them self esteem
and courage that are essential for engineers.
Individual students are required to choose a topic of their interest from Information Security related topics
preferably from outside the M.Tech syllabus and give a seminar on that topic about 30 minutes. A
committee consisting of at least three faculty members (preferably specialized in Information Security)
shall assess the presentation of the seminar and award marks to the students. Each student shall submit two
copies of a write up of his/her seminar topic. One copy shall be returned to the student after duly certifying
it by the chairperson of the assessing committee and the other will be kept in the departmental library.
Internal continuous assessment marks are awarded based on the relevance of the topic, presentation skill,
quality of the report and participation.
Internal Continuous Assessment: 100 marks
Regularity and Class Work
-
30 Marks
Record
-
20 Marks
Tests, Viva
-
50 Marks
Page No: 19 CIS 14 107 (P): Operating System and Security Lab
1. Write programs using the following system calls of Linux/Unix operating system: fork, exec,
getpid, exit, wait, close.
2. Write programs using the I/O system calls of Linux/Unix operating system (open, read, write)
3. Implementation of Memory and Address Protection
4. Implementation of Access Control List
5. Write Shell Scripting using grep, sed & awk.
6. Setting of File Permissions and Protections.
7. Setting up the local security policy.
Internal Continuous Assessment: 100 marks
Regularity & Class work
-
30 marks
Record
-
20 marks
Tests, Viva
-
50 marks
Page No: 20 SECOND SEMESTER
CIS 14 201: ADVANCED CRYPTOGRAPHY
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Cryptography and modern cryptography – The setting of private-key encryption – Historical ciphers and
their cryptanalysis – Basic principles of modern cryptography – Services, Mechanisms and Attacks – OSI
security architecture - Foundations of Cryptology.
Module II
Definition – Substitution ciphers – Transposition ciphers - Stream and block ciphers. Characteristics of
good ciphers - Data Encryption Standard (DES) – International Data Encryption Algorithm – Advanced
Encryption Standard – Block cipher modes of operation – Confidentiality using symmetric encryption.
Module III
Introduction to Number Theory - Prime Numbers - Fermat's and Euler's Theorems - The Chinese
Remainder Theorem - Principles of Public Key Cryptosystems – The RSA Algorithm – Key Management
– Diffie Hellman Key Exchange – Elliptic Curve Cryptography.
Module IV
Authentication requirements – Authentication functions – Message Authentication Codes (MAC) – Hash
functions – Security of hash functions and MACs. MD5 Message Digest Algorithm – Secure Hash
Algorithm (SHA) –HMAC – Digital Signatures - Authentication Protocols - Digital Signature Standard
(DSS).
References
1. Bernard Menezes, “Network Security and Cryptography”, Cengage Learning, New Delhi, 2010.
2. Ingemar J.Cox, Matthew L.Miller, Jeffrey A.Bloom, Jessica Fridrich, Ton Kalker, “Digital
Watermarking and Steganography”, Morgan Kaufmann Publishers, New York, 2008.
3. William Stallings, “Cryptography and Network Security, Prentice Hall, New Delhi, 2006.
4. Wenbo Mao, “Modern Cryptography – Theory and Practice”, Pearson Education, New Delhi, 2006.
5. Jonathan Katz, Yehuda Lindell, “Introduction to Modern Cryptography”, Chapman & Hall/CRC,
New York, 2007.
6. Bruce Schneier, “Applied Cryptography”, John Wiley & Sons, New York, 2004.
7. Atul Kahate, “Cryptography and Network Security”, Tata McGrew Hill, 2003.
8. Jorg Roth, “Complexity Theory & Cryptology – An Introduction to Crypto-complexity”, Springer 2005
Page No: 21 Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 22 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 202: NETWORK SECURITY
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Introduction to Security in Networks – Characteristics of Networks – Intrusion – Kinds of security
breaches – Plan of attack - Points of vulnerability – Methods of defense – Control measures – Effectiveness
of controls. Transport Level Security – Web Security Issues – SSL – TLS – HTTPS - SSH
Module II
E-Mail Security – PGP – S/MIME – IP Security - Firewalls design principles – Trusted systems –
Electronic payment protocols.
Module III
Wireless Fundamentals: Wireless Hardware- Wireless Network Protocols- Wireless Programming WEP
Security. Wireless Cellular Technologies – concepts – Wireless reality – Security essentials – Information
classification standards - Wireless Threats: Cracking WEP - Hacking Techniques- Wireless Attacks –
Airborne Viruses.
Module IV
Standards and Policy Solutions – Network Solutions – Software Solutions – Physical Hardware SecurityWireless Security – Securing WLAN – Virtual Private Networks – Intrusion Detection System – Wireless
Public Key infrastructure. Tools – Auditing tools – Pocket PC hacking – wireless hack walkthrough.
References
1.
2.
3.
4.
5.
Russel Dean Vines, “Wireless Security Essentials:Defending Mobile from Data Piracy”, JW&S, 1
Cyrus, Peikari and Seth Fogie, “Maximum Wireless Security”, SAMS Publishing 2002.
Yi-Bing Lin & Imrich Chlamtac, “Wireless and Mobile Networks Architectures”, JW Sons, 2001.
Raj Pandya, “Mobile and Personal Communication systems and services”, PHI, 2001.
Tara M. Swaminathan & Charles R. Eldon, “Wireless Security and Privacy- Best Practices &
Design Techniques”, AW, 2002.
6. Bruce Potter and Bob Fleck, “802.11 Security”, O’Reilly Publications, 2002.
7. Burkhardt, “Pervasive Computing”, Pearson Education, India Edition, 2007.
8. J. Schiller, “Mobile Communication”, Pearson Education, India Edition, 2002.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Page No: 23 Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 24 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 203: SECURE NETWORK PROTOCOL
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
10
9
10
10
13
52
OSI: ISO Layer Protocols:-Application Layer Protocols-TCP/IP, HTTP, SHTTP, LDAP, MIME, POP& POP3-RMON-SNTP-SNMP. Presentation Layer Protocols-Light Weight Presentation Protocol
Session layer protocols –RPC protocols-transport layer protocols- ITOT,RDP,RUDP,TALI,TCP/UDP,
compressed
TCP.
Network
layer
Protocols
–
routingprotocols-border gateway protocolexterior gateway protocol-internet protocol IPv4- IPv6- Internet Message Control Protocol- IRDPTransport Layer Security-TSL-SSL-DTLS
Module II
Data Link layer Protocol – ARP – In ARP – IPCP – IPv6CP – RARP – SLIP .Wide Area and Network
Protocols- ATM protocols – Broadband Protocols – Point to Point Protocols – Other WAN Protocolssecurity issues.
Module III
Local Area Network and LAN Protocols – ETHERNET Protocols – VLAN protocols – Wireless LAN
Protocols – Metropolitan Area Network Protocol – Storage Area Network and SAN ProtocolsFDMA, WIFI and WIMAX Protocols- security issues. Mobile IP – Mobile Support Protocol for IPv4 and
IPv6 – Resource Reservation Protocol. Multi-casting Protocol – VGMP – IGMP – MSDP.
Module IV
Network Security and Technologies and Protocols – AAA Protocols – Tunneling Protocols – Secured
Routing Protocols – GRE- Generic Routing Encapsulation – IPSEC – Security architecture for IP –
IPSECAH – Authentication Header – ESP – IKE – ISAKMP and Key management Protocol. IEEE 802.11
- Structure of 802.11 MAC – WEP- Problems with WEP – Attacks and Risk- Station security – Access
point Security – Gate way Security – Authentication and Encryption.
Text Books
1. Jawin, “Networks Protocols Handbook”, Jawin Technologies Inc., 2005.
2. Ralph Oppliger “SSL and TSL: Theory and Practice”, Arttech House, 2009.
References
1. Bruce Potter and Bob Fleck, “802.11 Security”, O’Reilly Publications, 2002.
2. Lawrence Harte, “Introduction to WCDMA”, Althos Publishing, 2004.
3. Lawrence Harte, “Introduction to WIMAX”, Althos Publishing, 2005.
Page No: 25 Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 26 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 204 (A): SECURITY ASSESSMENT AND VERIFICATION
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Evolution of information security, information assets, security standards, organizational impacts, security
certifications, elements of information security program, need for security assessment, security assessment
process.
Module II
Security assessment planning – Business drivers, scope definition, consultant’s perspective, Client’s
perspective, Development of project plan. Initial information gathering – Initial preparation, analysis of
gathered information.
Module III
Business process evaluation, Technology evaluation, Risk analysis, Risk mitigation. Security Risk
assessment project management, Security risk assessment approaches and methods.
Module IV
Information security standards, information security Legislation, formal security verification, security
verification with SSL.
Text Books
1. Sudhanshu Kairab, “A practical guide to security assessments”, CRC press, 2005.
2. Douglas J.Landoll, “A Security risk assessment Handbook”, Auerbach publications, 2006
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 27 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 204 (B): CYBER LAW AND SECURITY POLICIES
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Introduction to Computer Security: Definition, Threats to security, Government requirements, Information
Protection and Access Controls, Computer security efforts, Standards, Computer Security mandates and
legislation, Privacy considerations, International security activity.
Module II
Secure System Planning and administration, Introduction to the orange book, Security policy requirements,
accountability, assurance and documentation requirements, Network Security, The Red book and
Government network evaluations.
Module III
Information security policies and procedures: Corporate policies- Tier 1, Tier 2 and Tier3 policies process management-planning and preparation-developing policies-asset classification policy-developing
standards.
Module IV
Information security: fundamentals-Employee responsibilities- information classification-Information
handlingTools
of
information
securityInformation
processing-secure
program
administration.Organizational and Human Security: Adoption of Information Security Management
Standards, Human Factors in Security- Role of information security professionals.
References
1. Debby Russell and Sr. G.T Gangemi, "Computer Security Basics (Paperback)”, 2nd Edition, O’
Reilly Media, 2006.
2. Thomas R. Peltier, “Information Security policies and procedures: A Practitioner’s Reference”, 2nd
Edition Prentice Hall, 2004.
3. Kenneth J. Knapp, “Cyber Security and Global Information Assurance: Threat Analysis and
Response Solutions”, IGI Global, 2009.
4. Thomas R Peltier, Justin Peltier and John blackley, ”Information Security Fundamentals”, 2nd
Edition, Prentice Hall, 1996
5. Jonathan Rosenoer, “Cyber law: the Law of the Internet”, Springer-verlag, 1997.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Page No: 28 Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 29 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 204 (C): ALGORITHMS AND COMPLEXITY
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
10
9
10
10
13
52
Analysis: RAM model – Notations, Recurrence analysis - Master's theorem and its proof - Amortized
analysis - Advanced Data Structures: B-Trees, Binomial Heaps, Fibonacci Heaps, Disjoint Sets, Union by
Rank and Path Compression
Module II
Graph Algorithms and complexity: Matroid Theory, All-Pairs Shortest Paths, Maximum Flow and Bipartite
Matching.
Module III
Randomized Algorithms : Finger Printing, Pattern Matching, Graph Problems, Algebraic Methods,
Probabilistic Primality Testing, De-Randomization
Module IV
Complexity classes - NP-Hard and NP-complete Problems - Cook's theorem NP completeness reductions.
Approximation algorithms – Polynomial Time and Fully Polynomial time Approximation Schemes.
Probabilistic Complexity Classes, Probabilistic Proof Theory and Certificates.
References
1. Dexter Kozen, “The Design and Analysis of Algorithms”, Springer, 1992.
2. T. H. Cormen, C. E. Leiserson, R. L. Rivest, “Introduction to Algorithms”, Prentice Hall India,
1990.
3. S. Basse, “Computer Algorithms: Introduction to Design and Analysis”, Addison Wesley, 1998.
4. U. Manber, “Introduction to Algorithms: A creative approach”, Addison Wesley, 1989.
5. V. Aho, J. E. Hopcraft, J. D. Ullman, “The design and Analysis of Computer Algorithms”, Addison
Wesley, 1974.
6. R. Motwani and P. Raghavan, “Randomized Algorithms”, Cambrdige University Press, 1995.
7. C. H. Papadimitriou, “Computational Complexity”, Addison Wesley, 1994
8. Leonard Adleman, “Two theorems on random polynomial time”. In Proceedings of the 19th IEEE
Symposium on Foundations of Computer Science, pages 75–83, 1978.
9. J. Gill. “Computational complexity of probabilistic Turing machines”. SIAM Journal of
Computing, 6:675–695, 1977.
10. C. Lautemann, “BPP and the Polynomial Hierarchy”. Information Processing Letters, 17:215–217,
1983.
11. M. Sipser, “A complexity theoretic appraoch to randomness”, In Proceedings of the 15th ACM
Symposium on Theory of Computing, pages 330–335, 1983.
12. L.G. Valiant and V.V. Vazirani, “NP is as easy as detecting unique solutions”, Theoretical
Computer Science, 47:85–93, 1986.
Page No: 30 Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Module II
Module III
Module IV
Question 1 : 20 marks
Question 2 : 20 marks
Question 3 : 20 marks
Question 4 : 20 marks
Question 5 : 20 marks
Question 6 : 20 marks
Question 7 : 20 marks
Question 8 : 20 marks
Page No: 31 CIS 14 205 (A): ADVANCED NETWORKING TECHNOLOGIES
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Troubleshooting and Management – Host Configuration, Connectivity, Testing Path Characteristics, Packet
Capture, Device Discovery and Mapping – Troubleshooting Strategies – Components – Bridges, Routers
and Switches – Network OS – Novel Netware, Linux, Windows 2000 and Macintosh OS.
Module II
IP next generation – Addressing, Configuration, Security, QOS - VOIP- Issues in VOIP – Distributed
Computing and Embedded System – Ubiquitous Computing - VPN.- Understanding Storage Networking –
Storage Networking Architecture – The Storage in Storage Networking, The Network in Storage
Networking, Basic Software for Storage Networking – SAN Implementation Strategies.
Module III
WDM – WDM Network Design – Control And Management – IP Over WDM – Photonic Packet
Switching.
Module IV
Monitoring and Control – SNMP, V2 & V3 - RMON and RMON2 – SMI – RMON & v2 Standard – ATM
RMON Standard – Monitoring Internet.
References
1. John D. Sloan , ”Network Troubleshooting”, Aug’2001 – O’Reilly.
2. Radic Perlman, “Interconnections: Bridges, Routers, Switches and Internetworking Protocols “ ,
Second Edition, Addison Wesley professional, 1999.
3. Andrew S. Tanenbaum, “Modern operating system“, Pearson Education
4. Silvano gai,” Internetworking IPV6 with CISCO Routers” , McGraw– Hill computer
communication series.
5. Tom clark,” Designing Storage Area Network: A practical reference for implementing fiber channel
and IP SAN’s ”, Second Edition, Addison Wesley professional ,2003.
6. Richard M Barker Paul Massiglia – John Wiley & Sons inc, “Storage Area Network Essentials: A
complete guide to understanding and implementing SANS“, 2001.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Page No: 32 Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 33 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 205 (B): SECURE E-COMMERCE Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Introduction to E-Commerce – Network and E-Commerce – Types of E-Commerce – E- Commerce
Business Models: B2C, B2B, C2C, P2P and M-commerce business models – E- Commerce Payment
systems: Types of payment system – Credit card E-Commerce transactions – B2C E-Commerce Digital
payment systems – B2B payment system.
Module II
Security and Encryption: E-Commerce Security Environment – Security threats in E-Commerce
environment – Policies, Procedures and Laws.
Module III
Inter-organizational trust in E-Commerce: Need – Trading partner trust – Perceived benefits and risks of ECommerce – Technology trust mechanism in E-Commerce – Perspectives of organizational, economic and
political theories of inter-organizational trust – Conceptual model of inter-organizational trust in ECommerce participation.
Module IV
Introduction to trusted computing platform: Overview – Usage Scenarios – Key components of trusted
platform – Trust mechanisms in a trusted platform. Trusted platforms for organizations and individuals –
Trust models and the E-Commerce domain.
References
1. Kenneth C. Laudon and Carol Guercio Trave, “E-Commerce Business Technology Society”,
Pearson Education, 2005.
2. Pauline Ratnasingam, “Inter-Organizational Trust for Business-to-Business E- Commerce”, IRM
Press, 2005.
3. Siani Pearson, et al, “Trusted Computing Platforms: TCPA Technology in Context” , Prentice Hall
PTR, 2002.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Page No: 34 Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 35 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 205 (C): BIOMETRIC SECURITY
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Biometrics- Introduction- benefits of biometrics over traditional authentication systems –benefits of
biometrics in identification systems-selecting a biometric for a system –Applications – Key biometric
terms and processes - biometric matching methods -Accuracy in biometric systems.
Module II
Physiological Biometric Technologies: Fingerprints - Technical description –characteristics - Competing
technologies - strengths – weaknesses – deployment - Facial scan – Technical description - characteristics weaknesses-deployment - Iris scan - Technical description – characteristics - strengths – weaknesses –
deployment - Retina vascular pattern – Technical description – characteristics - strengths – weaknesses –
employment - Hand scan – Technical description-characteristics - strengths – weaknesses deployment –
DNA biometrics.
Module III
Behavioral Biometric Technologies: Handprint Biometrics - DNA Biometrics - signature and handwriting
technology - Technical description – classification - keyboard / keystroke dynamics - Voice – data
acquisition - feature extraction - characteristics - strengths – weaknesses- deployment.
Module IV
Multi biometrics: Multi biometrics and multi factor biometrics - two-factor authentication with passwords tickets and tokens – executive decision - implementation Plan.
References
1. Samir Nanavathi, Michel Thieme, and Raj Nanavathi, “Biometrics -Identity verification in a
network”, Wiley Eastern, 2002.
2. John Chirillo and Scott Blaul,” Implementing Biometric Security”, Wiley Eastern Publications,
2005.
3. John Berger,” Biometrics for Network Security”, Prentice Hall, 2004.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Page No: 36 Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 37 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 206 (P): SEMINAR
[Hours/Week: 2]
Objective: To assess the debating capability of the student to present a technical topic. In addition, to
impart training to students to face audience and present their ideas and thus creating in them self esteem
and courage that are essential for engineers.
Individual students are required to choose a topic of their interest from Information Security related topics
preferably from outside the M.Tech syllabus and give a seminar on that topic about 30 minutes. A
committee consisting of at least three faculty members (preferably specialized in Information Security)
shall assess the presentation of the seminar and award marks to the students. Each student shall submit two
copies of a write up of his/her seminar topic. One copy shall be returned to the student after duly certifying
it by the chairperson of the assessing committee and the other will be kept in the departmental library.
Internal continuous assessment marks are awarded based on the relevance of the topic, presentation skill,
quality of the report and participation.
Internal Continuous Assessment: 100 marks
Regularity and Class Work
-
30 Marks
Record
-
20 Marks
Tests, Viva
-
50 Marks
Page No: 38 CIS 14 207 (P): Computer Network and Security Lab
1. Client-Server Design using Socket programming in C/C++/Java,
2. Design of Web Proxy with Caching/Filtering features,
3. Working with Sniffers for monitoring network communication (Ethereal) on DNS, HTTP, HTTP
with Authentication, DHCP, TCP, UDP, IP
4. Using open SSL for web server - browser communication
5. Using IP TABLES on Linux and setting the filtering rules
6. Configuring S/MIME for e-mail communication
7. DNS Sec Implementation
8. IPSec Implementation
9. Using NMAP for ports monitoring
10. PGP (Gnu PG) Implementation
Internal Continuous Assessment: 100 marks
Regularity & Class work
-
30 marks
Record
-
20 marks
Tests, Viva
-
50 marks
Page No: 39 THIRD SEMESTER
CIS 14 301 (A): PKI AND TRUST MANAGEMENT
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
10
10
10
9
13
52
Overview of PKI technology Basic Security Concepts, PKI Entities, Related Technologies. Work
Performed by Certificate Authorities Attack on CA. PKI standards General PKIX Standardization
Requirements. Digital Certificates and SSL.
Module II
PKI design issues PKI structure, Inter-domain, revocation, policy. PKI standards. Architecture for PKI –
baseline requirements for global PKI, components – crypto primitive, cryptographic, long term, protocol
security, secure protocol, security policy.
Module III
Implementing secure web services requirements, implementation and deployment, implementation cost,
performance. Managing PKI, requesting, obtaining, using and revoking a certificate, case studies.
Module IV
Trust management challenges, taxonomy framework, architecture, system components, system setting and
operations.
Text Book
1. John R. Vacca, “Public Key Infrastructure”, Auerbach publications, New york, 2004.
References
1. JeanMarc Seigneur, Adam Slagell, “Collaborative Computer Security and Trust Management”,
Information Science Reference, New York(IGI Global), 2010.
2. Klaus Schmeh, “Cryptography and Public Key Infrastructure on the Internet”, Allied Publishers,
2004.
3. Carlisle Adams, Steve Lloyd, “Understanding PKI: Concepts, Standards, and Deployment
Considerations”, AddisonWesley, 2003.
4. Kapil Raina, “PKI Security Solutions for the Enterprise”, Wiley, 2003.
5. Brian Komar, "Windows Server 2008 PKI and Certificate Security", Microsoft Press, 2008.
6. W. Mao, “Modern Cryptography: Theory & Practice”, Pearson Education, 2004.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
Page No: 40 End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 41 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 301 (B): CLOUD COMPUTING
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Technologies for Network-Based System – System Models for Distributed and Cloud Computing – NIST
Cloud Computing Reference Architecture. Cloud Models: Characteristics – Cloud Services – Cloud models
(IaaS, PaaS, SaaS) – Public vs Private Cloud –Cloud Solutions - Cloud ecosystem – Service management –
Computing on demand.
Module II
Basics of Virtualization - Types of Virtualization - Implementation Levels of Virtualization - Virtualization
Structures - Tools and Mechanisms - Virtualization of CPU, Memory, I/O Devices - Virtual Clusters and
Resource management – Virtualization for Data-center Automation.
Module III
Architectural Design of Compute and Storage Clouds – Layered Cloud Architecture Development –
Design Challenges - Inter Cloud Resource Management – Resource Provisioning and Platform Deployment
– Global Exchange of Cloud Resources.
Module IV
Parallel and Distributed Programming Paradigms – MapReduce – Mapping Applications - Programming
Support - Google App Engine, Amazon AWS - Cloud Software Environments -Eucalyptus, Open Nebula,
OpenStack, Aneka, CloudSim. Security Overview – Cloud Security Challenges and Risks – Software-as-aService Security – Security Governance – Risk Management – Security Monitoring – Security Architecture
Design – Data Security – Application Security – Virtual Machine Security - Identity Management and
Access Control – Autonomic Security.
References
1. Kai Hwang, Geoffrey C Fox, Jack G Dongarra, “Distributed and Cloud Computing, From Parallel
Processing to the Internet of Things”, Morgan Kaufmann Publishers, 2012.
2. John W.Rittinghouse and James F.Ransome, “Cloud Computing: Implementation, Management,
and Security”, CRC Press, 2010.
3. Toby Velte, Anthony Velte, Robert, “Cloud Computing, A Practical Approach”, TMH, 2009.
4. Kumar Saurabh, “Cloud Computing – insights into New-Era Infrastructure”, Wiley India, 2011.
5. George Reese, “Cloud Application Architectures: Building App Infrastructure in the Cloud”
O'Reilly
6. James E. Smith, Ravi Nair, “Virtual Machines: Versatile Platforms for Systems and Processes”,
Elsevier/Morgan Kaufmann, 2005.
7. Katarina Stanoevska-Slabeva, Thomas Wozniak, Santi Ristol, “Grid and Cloud Computing – A
Business Perspective on Technology and Applications”, Springer.
8. Ronald L. Krutz, Russell Dean Vines, “Cloud Security – A comprehensive Guide to Secure Cloud
Computing”, Wiley – India, 2010.
9. Rajkumar Buyya, Christian, S.Thamarai Selvi, ‘Mastering Cloud Computing”, TMGH,2013.
Page No: 42 Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 43 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 301 (C): HIGH SPEED NETWORKS
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Frame Relay Networks – Asynchronous transfer mode – ATM Protocol Architecture, ATM logical
Connection, ATM Cell – ATM Service Categories – AAL. High Speed LAN’s: Fast Ethernet, Gigabit
Ethernet, Fibre Channel – Wireless LAN’s. Queuing Analysis- Queuing Models – Single Server Queues –
Effects of Congestion – Congestion Control – Traffic Management – Congestion Control in Packet
Switching Networks –Frame Relay Congestion Control.
Module II
TCP Flow control – TCP Congestion Control – Retransmission – Timer Management –Exponential RTO
back off – KARN’s Algorithm – Window management – Performance of TCP over ATM. Traffic and
Congestion control in ATM – Requirements – Attributes– Traffic Management Frame work, Traffic
Control – ABR traffic Management – ABR rate control, RM cell formats, ABR Capacity allocations – GFR
traffic management.
Module III
Integrated Services Architecture – Approach, Components, Services- Queuing Discipline, FQ, PS, BRFQ,
GPS, WFQ – Random Early Detection, Differentiated Services.
Module IV
RSVP – Goals & Characteristics, Data Flow, RSVP operations, Protocol Mechanisms –Multiprotocol
Label Switching – Operations, Label Stacking, Protocol details – RTP –Protocol Architecture, Data
Transfer Protocol, RTCP.
References
1. William Stallings, “High Speed Networks and Internet”, Pearson Education, Second Edition, 2002.
2. Warland & Pravin Varaiya, ‘High Performance Communication Networks”, Jean Harcourt Asia
Pvt. Ltd., II Edition, 2001.
3. Irvan Pepelnjk, Jim Guichard and Jeff Apcar, “MPLS and VPN architecture”, Cisco Press, Volume
1 and 2, 2003.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Page No: 44 Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 45 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 302 (A): SECURITY THREATS
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Introduction: Security threats - Sources of security threats- Motives - Target Assets and vulnerabilities –
Consequences of threats- E-mail threats - Web-threats - Intruders and Hackers, Insider threats, Cyber
crimes.
Module II
Network Threats: Active/ Passive – Interference – Interception – Impersonation – Worms – Virus – Spam’s
– Ad ware - Spy ware – Trojans and covert channels – Backdoors – Bots - IP Spoofing - ARP spoofing Session Hijacking - Sabotage-Internal treats- Environmental threats - Threats to Server security.
Module III
Security Threat Management: Risk Assessment - Forensic Analysis - Security threat correlation – Threat
awareness - Vulnerability sources and assessment- Vulnerability assessment tools - Threat identification Threat Analysis - Threat Modeling - Model for Information Security Planning.
Module IV
Security Elements: Authorization and Authentication - types, policies and techniques - Security
certification - Security monitoring and Auditing - Security Requirements Specifications - Security Policies
and Procedures, Firewalls, IDS, Log Files, Honey Pots. Human factors – Security awareness, training,
Email and Internet use policies.
References
1. Joseph M Kizza, “Computer Network Security”, Springer Verlag, 2005
2. Swiderski, Frank and Syndex, “Threat Modeling”, Microsoft Press, 2004.
3. William Stallings and Lawrie Brown, “Computer Security: Principles and Practice”, Prentice Hall,
2008.
4. Thomas Calabres and Tom Calabrese, “Information Security Intelligence: Cryptographic Principles
& Application”, Thomson Delmar Learning, 2004.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Page No: 46 Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 47 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 302 (B): CYBERCRIME INVESTIGATION AND DIGITAL
FORENSICS
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Introduction and Overview of Cyber Crime, Nature and Scope of Cyber Crime, Types of Cyber Crime:
Social Engineering, Categories of Cyber Crime, Property Cyber Crime.
Module II
Unauthorized Access to Computers, Computer Intrusions, White collar Crimes, Viruses and Malicious
Code, Internet Hacking and Cracking, Virus Attacks, Pornography, Software Piracy, Intellectual Property,
Mail Bombs, Exploitation ,Stalking and Obscenity in Internet, Digital laws and legislation, Law
Enforcement Roles and Responses.
Module III
Introduction to Cyber Crime Investigation, Investigation Tools, eDiscovery, Digital Evidence Collection,
Evidence Preservation, E-Mail Investigation, E-Mail Tracking, IP Tracking, E-Mail Recovery, Hands on
Case Studies. Encryption and Decryption Methods, Search and Seizure of Computers, Recovering Deleted
Evidences, Password Cracking.
Module IV
Introduction to Digital Forensics, Forensic Software and Hardware, Analysis and Advanced Tools,
Forensic Technology and Practices, Forensic Ballistics and Photography, Face, Iris and Fingerprint
Recognition, Audio Video Analysis, Windows System Forensics, Linux System Forensics, Network
Forensics
Text Books
1. Bernadette H Schell, Clemens Martin, “Cybercrime”, ABC – CLIO Inc, California, 2004.
2. Nelson Phillips and Enfinger Steuart, “Computer Forensics and Investigations”, Cengage Learning,
New Delhi, 2009.
References
1. Kevin Mandia, Chris Prosise, Matt Pepe, “Incident Response and Computer Forensics “, Tata
McGraw -Hill, New Delhi, 2006.
2. Robert M Slade,” Software Forensics”, Tata McGraw - Hill, New Delhi, 2005.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
Page No: 48 End Semester Examination: 100 marks
Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 49 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 302 (C): FINANCIAL MATHEMATICS
Module I
Modules
I
II
III
IV
Tutorial
Total
Hours
9
10
10
10
13
52
Introduction to Financial Management - The Role of Financial Management - Business, Tax, and Financial
Environments - Valuation - Time Value of Money - Valuation of Long-Term Securities - Risk and Return
Module II
Tools of Financial Analysis and Planning - Financial Statement Analysis - Funds Analysis, Cash-Flow
Analysis, and Financial Planning - Working Capital Management - Overview of Working Capital
Management - Cash and Marketable Securities Management - Accounts Receivable and Inventory
Management - Short-Term Financing
Module III
Investment in Capital Assets - Capital Budgeting and Estimating Cash Flows - Capital Budgeting
Techniques - Risk and Managerial Options in Capital Budgeting - The Cost of Capital, Capital Structure,
and Dividend Policy - Required Returns and the Cost of Capital - Operating and Financial Leverage Capital Structure Determination - Dividend Policy
Module IV
Intermediate and Long-Term Financing - The Capital Market - Long-Term Debt, preferred Stock, and
Common Stock - Term Loans and Leases. Special Areas of Financial Management - Convertibles,
Exchangeables, and Warrants - Mergers and Other Forms of Corporate Restructuring - International
Financial Management
References
1. James C. Van Horne and John M. Wachowicz, “Fundamentals of Financial Management”, 11th
Edition, ISBN: 81-203-2016-6.
2. Chandra, “Fundamentals of Financial Management”, Tata McGraw Hill, 2008.
3. J.VanHorne and John Wachowicz, “Fundamentals of financial Management”, Pearson, 2008.
4. Eugene F. Brigham and Joel F. Houston, “Fundamentals of Financial Management”, South –
western cengage learning, 2009.
Internal Continuous Assessment: 100 marks
Internal continuous assessment is in the form of periodical tests, assignments, seminars or a combination of
all whichever suits best. There will be a minimum of two tests per subject. The assessment details are to be
announced to the students, right at the beginning of the semester by the teacher.
End Semester Examination: 100 marks
Page No: 50 Question Pattern
Answer any five questions by choosing at least one question from each module.
Module I
Question 1 : 20 marks
Question 2 : 20 marks
Module II
Question 3 : 20 marks
Question 4 : 20 marks
Module III
Question 5 : 20 marks
Question 6 : 20 marks
Page No: 51 Module IV
Question 7 : 20 marks
Question 8 : 20 marks
CIS 14 303 (P): INDUSTRIAL TRAINING
Hours/Week: 30 (During the period of training)
Objective: To enable the student to correlate theory and industrial practice.
The students have to arrange and undergo an industrial training of minimum two weeks in an industry
preferably dealing with Security Auditing during the semester break between semester 2 and semester 3
and complete within 15 calendar days from the start of semester 3. The students are required to submit a
report of the training undergone and present the contents of the report before the evaluation committee.
Evaluation committee will award the marks of end semester based on training quality, contents of the
report and presentation.
End semester Examination: Marks 50
Page No: 52 CIS 14 304 (P): MASTER RESEARCH PROJECT PHASE - I
[Hours/Week: 22]
Objective: To improve the professional competency and research aptitude by touching the areas which
otherwise not covered by theory or laboratory classes. The project work aims to develop the work practice
in students to apply theoretical and practical tools/techniques to solve real life problems related to industry
and current research.
The project work can be a design project/experimental project and/or computer simulation project on any
of the topics in Information Security and its allied areas. The project work is allotted individually on
different topics. The students shall be encouraged to do their project work in the parent institute itself. If
found essential, they may be permitted to continue their project outside the parent institute, subject to the
conditions of M.Tech regulations. Department will constitute an Evaluation Committee to review the
project work. The Evaluation committee consists of at least three faculty members of which internal guide
and another expert in the specified area of the project shall be two essential members.
The student is required to undertake the master research project Phase - I during the third semester and the
same is continued in the 4th semester (Phase - II). Phase 1 consist of preliminary thesis work, two reviews
of the work and the submission of preliminary report. First review would highlight the topic, objectives,
methodology and expected results. Second review evaluates the progress of the work, preliminary report
and scope of the work, which is to be completed in the 4th semester. The Evaluation committee consists of
at least three faculty members of which internal guide and another expert in the specified area of the project
shall be two essential members.
Internal Continuous Assessment
Review
First
Second
Total
Guide
50
100
150
Page No: 53 Evaluation Committee
50
100
150
FOURTH SEMESTER
CIS 14 401 (P): MASTERS RESEARCH PROJECT PHASE – II
[Hours/Week: 30]
Objective: To improve the professional competency and research aptitude by touching the areas which
otherwise not covered by theory or laboratory classes. The project work aims to develop the work practice
in students to apply theoretical and practical tools/techniques to solve real life problems related to industry
and current research.
Master Research project phase - II is a continuation of project phase - I started in the third semester. There
would be two reviews in the fourth semester, first in the middle of the semester and the second at the end of
the semester. First review is to evaluate the progress of the work, presentation and discussion. Second
review would be a pre-submission presentation before the evaluation committee to assess the quality and
quantum of the work done. This would be a pre-qualifying exercise for the students for getting approval by
the departmental committee for the submission of the thesis. At least one technical paper is to be prepared
for possible publication in journal or conferences. The technical paper is to be submitted along with the
thesis. The final evaluation of the project will be external evaluation.
Internal Continuous Assessment
Review
First
Second
Total
Guide
50
100
150
Evaluation Committee
50
100
150
End Semester Examination
Project Evaluation by external examiner
:
150 marks
Viva Voce by external and internal examiners
:
150 marks
Page No: 54
Related documents
Quiz 4 with solutions, 17 Sep 2014
Quiz 4 with solutions, 17 Sep 2014
FACULTY OF COMMERCE AND BUSINESS MANAGEMENT B.Com. (III Year) Examination BUSINESS COMMUNICATIONS
FACULTY OF COMMERCE AND BUSINESS MANAGEMENT B.Com. (III Year) Examination BUSINESS COMMUNICATIONS
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI –600 034 B.Com, DEGREE EXAMINATION - COMMERCE
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI –600 034 B.Com, DEGREE EXAMINATION - COMMERCE
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
Assignment 1 Econ 506 Total Marks - 100 Due Date
Assignment 1 Econ 506 Total Marks - 100 Due Date
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034
LOYOLA COLLEGE (AUTONOMOUS), CHENNAI – 600 034