Issuu on Google+

CSCI 181 Applied Cryptography Key management, hash functions, stream ciphers, web of trust, time stamping, secret sharing, quantum cryptography, running time analysis, cryptanalytic techniques. CSCI 182 Digital Steganography History and applications; Techniques: substitution, transform domain, distortion, statistical, cover; Evaluation: benchmarking, statistical analysis; Attacks: distortion, counterfeiting, detection; Theory: perfect and computational security.

Bachelor of Science in Computer Science and Engineering with an emphasis in Information Assurance IA Coursework Option AMTH 387 and COEN 150 or 250, and 10 additional units selected from COEN 178 (Databases), 152 (or 252), 225, 226, 253, 254, 350, 351, and MATH 178 or CSCI 182.

Master of Science in Computer Science and Engineering with an emphasis in Information Assurance

Nirdosh Bhatnagar, lecturer, Department of Applied Mathematics; Ph.D., Stanford University

Rance J. DeLong, lecturer, Department of Computer Engineering. President and CEO, Trusted Systems Laboratories. B.A and B.S., Moravian College JoAnne Holliday, associate professor, Department of Computer Engineering. B.S., UC Berkeley; M.S., Northeastern U.; Ph.D., UC Santa Barbara Ed Schaefer, professor, Department of Mathematics and Computer Science. B.S., UC Davis; Ph.D., UC Berkeley Thomas Schwarz, S.J., associate professor, Department of Computer Engineering. Dr. rer. Nat., FernUni. Hagen; M.S. and Ph.D., UC San Diego Nicholas Tran, associate professor, Department of Mathematics and Computer Science. B.S., University of Minnesota; Ph.D., UC Santa Barbara

For further information, please contact Center for Advanced Study and Practice of Information Assurance

School of Engineering Core Requirements: Emerging Topics in Engineering Engineering and Business/Entrepreneurship Engineering and Society

Department of Computer Engineering

Santa Clara University does not discriminate on the basis of race, color, national and/or ethnic origin, sex, marital status, sexual preference, disability, religion, veteran’s status, or age in the administration of any of its educational policies, scholarships and loan programs, athletics, and other school-administered policies and programs, as well as employment.


Thesis Option: Students wishing to do a thesis may consult with their academic advisor regarding a modification of these requirements.

Center for Advanced Study and Practice of Information Assurance

Steve Chiappari, senior lecturer, Department of Applied Mathematics. B.S., Santa Clara University; Ph.D., University of Illinois

MSCE Core Requirements: Theory of Algorithms Computer Architecture Operating Systems

IA Specialization Track: AMTH 387, COEN 250, 252, 253, 351, and one of COEN 225, 226, 254, 350, or 352

S a n ta C l a r a U n i v e r s i t y

Information Assurance Faculty

6/09 500

The Jesuit university in Silicon Valley

Center for Advanced Study and Practice of Information Assurance

What is Information Assurance? The National Security Agency has defined Information Assurance as “Information operations that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. This includes repair and recovery of systems by incorporating protection, detection, and reaction capabilities.” SCU Center for Advanced Study and Practice of Information Assurance (CASPIA) Responding to the tremendous need in our society for trained professionals to oversee the responsible handling of computer and network security, and in keeping with SCU’s Jesuit tradition of educating students to be ethical, contributing members of society, the Center for Advanced Study and Practice of Information Assurance (CASPIA) was founded to promote research, education, and good practice in information security (INFOSEC) and information assurance (IA).

Computers and the Internet have revolutionized the way we live and do business, but have left us vulnerable. Real damage to human life and wellbeing is threatened by a lack of security in our power grids, water treatment facilities, and other intelligent systems that are controlled over the Internet. It is the Center’s mission to teach how to make these systems safer, protecting against the misuse of computers. We, the engineers who have given society computer technology, must also provide the knowledge and ability to control it. Knowledge of information assurance and security are integral to the writing of code; to the design, operation, and maintenance of systems; and to the use and storage of data. Managers in virtually every profession and business that uses computers must be well versed in information assurance.

SCU Courses in Information Assurance The Committee on National Security Systems and the National Security Agency have certified that Santa Clara University offers courseware that has been reviewed and determined to meet National Training Standards for Information Systems Security Professionals, NSTISSI 4011 and 4012. AMTH 387 Cryptology Covers both cryptography: writing information to keep it secret; and cryptanalysis: attacking ciphers or secret messages. Examines symmetric encryption like AES and asymmetric ciphers (public key) like RSA and El-Gamal. Explores the mathematical foundations of cryptography. COEN 225 Secure Coding Writing secure code in C and C++. Vulnerabilities that enable exploits by malicious code or content. Attack modes such as buffer overflow and format string exploits. COEN 226 Certification and Accreditation Presents the policies and processes by which the security risks in critical government information systems are assessed, mitigated and managed. COEN 150 Introduction to Information Security Overview of information assurance. Legal and ethical issues concerning security and privacy. Software vulnerabilities. Authentication and access control. Java Security.

COEN 152/252 Computer Forensics Procedures for identification, preservation, and extraction of electronic evidence. Auditing and investigation of network and host system intrusions, analysis and documentation of information gathered, and preparation of expert testimonial evidence. Forensic tools and resources. Ethics, law, policy, and standards of digital evidence. COEN 250 Information Security Management Techniques and technologies for information security management, including risk management. Legal and ethical issues. Developing and enforcing a security policy. Contingency, continuity, and disaster recovery planning. COEN 253 Secure Sys Dev & Evaluation Software engineering for secure systems. Formal methods for specifying and analyzing security policies and systems requirements. Design and implementation of secure systems, and verification of security properties. Evaluation criteria, including the Common Criteria for Information Security Technology Evaluation. COEN 254 Secure Sys Dev & Evaluation II Formal methods for specifying security policies and verification of security properties. A hands-on course in methods for high assurance using systems such as PVS from SRI and the NRL protocol analyzer. COEN 350 Network Security Protocols for secure communication. Authentication, key management and certification. Security for network layers, including the TCP/IP protocol, ATM, private virtual networks, and firewalls. Internetworking and Internet protocols. COEN 351 Internet & E-Commerce Security Special security requirements of the Internet. WWW and e-mail security. Java security features, CGI scripts, cookies, and certified code. Intrusion prevention strategies. Designing secure e-commerce systems. COEN 352 Adv. Topics in Info. Assurance Topics may include advanced cryptology, advanced computer forensics, secure business transaction models, or other topics. May be repeated for credit if topics differ. MATH 178 Cryptography History, cryptanalysis, and running time analysis. Classical cryptosystems, RSA, DES, discrete log over finite fields and elliptic curves, stream ciphers and signatures.

Center for Advanced Study and Practice of Information Assurance