MSc/Masters » Module Details

IY5602 Standards and Evaluation Criteria

Second term, optional module.

Module leader

A. W. Dent.

Aims

Almost all real world information security is governed by information security standards. These standards cover everything from how to best manage information security in an organisation to how to encrypt documents in a secure way. In this module, we aim to give an overview of standardised security techniques, and examine their advantages and disadvantages. This means that, if you later come across a security standard, then you're likely to know what it is talking about!

Objectives

At the end of the module the student should have gained an appreciation of the scope and some of the technical content of existing and emerging security standards. This will have relevance both in the development of security policies, and in the procurement and configuration of systems to meet security policy needs. The topics covered within the module are also of fundamental importance in the specification and development of new security products.

Provisional Syllabus

Standardised information security: The need for standards. Advantages and disadvantages of standards. Method for producing standards.

Security framework standards: Security management standards (ISO/IEC 17799, ISO/IEC 27001, ISO/IEC 27004, ISO/IEC TR 14516). Services and mechanisms (ISO 7498-2). Authentication frameworks (ISO/IEC 10181-2). Access control frameworks (ISO/IEC 10181-3). Key management frameworks (ISO/IEC 17700-1). Public key infrastructures (ITU-T X.509).

Security mechanism standards: Encryption algorithms (ISO/IEC 18033). Block cipher modes of operation (ISO/IEC 10116). MAC algorithms (ISO/IEC 9797). Digital signature techniques (ISO/IEC 9796, ISO/IEC 14888). Cryptographic hash-functions (ISO/IEC 10118). Random bit generation (ISO/IEC 18031).

Security protocol standards: Entity authentication protocols (ISO/IEC 9798). Key establishment protocols (ISO/IEC 11770). Non-repudiation protocols (ISO/IEC 13888). Time-stamping protocols (ISO/IEC 18014).

Evaluation Criteria: TCSEC (Orange Book); ITSEC; Common Criteria (ISO/IEC 15408).

Method of examination

Written examination.

Main references

A.W. Dent, C.J. Mitchell, User's Guide to Standards and Cryptography, Artech House, 2005.

Other useful books

A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997. [Also available electronically at http://cacr.math.uwaterloo.ca/hac/].

D. Gollmann, Computer Security, John Wiley & Sons, 2006.