معرفی گروه


University of Tehran

Kish International Campus

Master Program in

Information Technology- Information Security

Introduction

The Master of Information Technology – Information Security program at Kish campus of University of Tehran is a graduate professional program that prepares students to work in the high-demand IT security industry
To achieve the objectives of the program and to enhance students' learning experience, Kish campus provides an Information Security Lab to enhance the curriculum of the program. This lab facility hosts an array of network settings and consists of a variety of network in a secure setting.

The curriculum also provides students with the opportunity to apply core course concepts to a substantial project in the workplace. This plan of study introduces students to the fundamental knowledge of the ever-changing IT security field.


 

Master Degree Curriculum in Information Technology- Information Security

Part A: Core Courses

Row

Course Name

Units

Hours

Practical (Hours)

1

Fundamentals of Information Systems Security

3

48

 

2

Applied Cryptography

3

48

 

3

Network Security

3

48

 

4

Secure Computer Systems

3

48

 

5

Database Security

3

48

 

6

Security Protocols

3

48

 

7

Seminar

2

32

 

 

       

Total

20

   

Part B: Elective Courses (2 Courses must be elected)

Row

Course Name

Units

Hours

Practical (Hours)

1

Security Architecture, Design and Analysis

3

48

 

2

Advanced Topics in Information Security

3

48

 

3

E-Commerce Security

3

48

 

4

Secure Communication Systems

3

48

 

5

Secure System Management

3

48

 

6

Formal Models and Information Security

3

48

 

7

Information Hiding

3

48

 

Total

6

   

Part C: Thesis

Row

Course Name

Units

Hours

Lab(Hours)

1

Thesis

6

   

Total

6

   

 

Fundamentals of Information Systems Security

Course content:

The Need for Information Security , Information Systems Security, The Internet of Things Is Changing How We Live, Malicious Attacks, Threats, and Vulnerabilities, The Drivers of the Information Security Business, Access Controls, Security Operations and Administration, Auditing, Testing, and Monitoring, Risk, Response, and Recovery, Cryptography, Networks and Telecommunications, Malicious Code and Activity, Information Security Standards, Information Systems Security Education and Training, U.S. Compliance Laws

References

[1]

D. Kim and M. G. Solomon, Fundamentals of Information Systems Security, Jones & Bartlett Learning, 2016.


Applied Cryptography

Course content:

Foundations, Protocol building blocks, Basic protocols, Intermediate protocols, Advanced protocols, Esoteric protocols, Key length, Key management, Algorithm types and modes, Using algorithms, Mathematical background, Data encryption standard, Other block ciphers, Stil other block ciphers, Combinig block ciphers, Pseudo-random-sequence generators and stream ciphers, Other stream ciphers and real random-sequence generators, One-way hash functions, Public-key algorithms, Public-key digital signature algorithms, Identification schemes, Key-exchage algorithms, Special algorithms for protocols, Politics

References

[1]

B. Schneier, applied cryogrhy :protocols, algorithms, and source code in c, wiley, 2017.


Network Security

Course content:

Computer Network Fundamentals, Computer Network Security Fundamentals, Security Threats and Threat Motives to Computer Networks, Introduction to Computer Network Vulnerabilities, Cyber Crimes and Hackers, Scripting and Security in Computer Networks and Web Browsers, Security Assessment, Analysis, and Assurance, Disaster Management, Access Control and Authorization, Authentication, Cryptography, Firewalls, System Intrusion Detection and Prevention, Computer and Network Forensics, Virus and Content Filtering, Standardization and Security Criteria: Security Evaluation of Computer Products, Computer Network Security Protocols, Security in Wireless Networks and Devices, Security in Sensor Networks, Virtualization Technology and Security, Cloud Computing Technology and Security, Mobile Systems and Corresponding Intractable Security Issues, Internet of Things (IoT): Growth, Challenges, and Security

References

[1]

J. M. Kizza, Guide to Computer Network Security, Springer, 2017.


Secure Computer Systems

Course content:

Introduction to Computer Architecture and Security, Digital Logic Design, Computer Memory and Storage , Bus and Interconnection, I/O and Network Interface, Central Processing Unit , Advanced Computer Architecture, Assembly Language and Operating Systems, TCP/IP and Internet, Design and Implementation: Modifying Neumann Architecture

References

[1]

S. . Wang and R. S. Ledley, computer architecture and security, Wiley, 2013.


Database Security

Course content:

Recent Advances in Access Control, Access Control Models for XML, Access Control Policy Languages in XML, Database Issues in Trust Management and Trust Negotiation, Authenticated Index Structures for Outsourced Databases, Towards Secure Data Outsourcing, Managing and Querying Encrypted Data, Security in Data Warehouses and OLAP Systems, Security for Workflow Systems, Secure Semantic Web Services, Geospatial Database Security, Security Re-engineering for Databases: Concepts and Techniques, Database Watermarking for Copyright Protection, Database Watermarking: A Systematic View, Trustworthy Records Retention, Damage Quarantine and Recovery in Data Processing Systems, Hippocratic Databases: Current Capabilities and Future Trends, Privacy-Preserving Data Mining: A Survey, Privacy in Database Publishing: A Bayesian Perspective, Privacy Preserving Publication: Anonymization Frameworks and Principles, Privacy Protection through Anonymity in Location-based Services, Privacy-enhanced Location-based Access Control, Efficiently Enforcing the Security and Privacy Policies in a Mobile Environment

References

[1]

M. Gertz and S. Jajodia, Handbook of Database Security: Applications and Trends, Springer, 2008.


Security Protocols

Course content:

Preliminaries, Operational Semantics, Security Properties, Verification , Multi-protocol Attacks, Generalizing NSL for Multi-party Authentication, Historical Background and Further Reading

References

[1]

C. Cremers and S. Mauw, Operational Semantics and Verification of Security Protocols, Springer, 2012.


Security Architecture, Design and Analysis

Course content:

Network security foundations, Designing secure networks, Secure network designs

References

[1]

S. Convery, Network Security Architectures, Cisco Press, 2004.


Advanced Topics in Information Security

Course Contents:

Critically evaluate some of the important past and current research that has been undertaken within the information systems discipline;

Demonstrate an appreciation of the diversity of research currently being undertaken within the information systems discipline;

Identify research articles in the information systems discipline that they might wish to use in their theses or research report;

Distinguish among research approaches in the information systems discipline and identify approaches that might be useful in subsequent work.

· A Bit of Theory

· Coordination in Standards Setting

· The Issue of Speed

· IPR Problems

  • Applications

· The Economic Perspective

· After Standardization

References

[1]

K. Jakobs, Advanced Topics in Information Technology Standards and Standardization Research Series, Idea Group , 2006.


E-Commerce Security

Course content:

Security Testing of an Online Banking Service, Software Security Analysis, New Security Issues in Mobile E-Commerce, Problems in Policing E-Commerce Crime, Strategies for Developing Policies and Requirements for Secure and Private Electronic Commerce, Protocols for Secure Remote Database Access with Approximate 87
Matching, A New Approach to Reasoning about Accountability in Cryptographic Protocols for E-Commerce, Provisional Authorizations

References

[1]

A. K. Ghosh, e-commerce security and privacy, Kluwer Academic Publishers, 2001.


Secure Communication Systems

Course content:

Threats and Solutions, An Introduction to Encryption and Security Management, Voice Security in Military Applications, Telephone Security, Secure GSM systems, Security in Private VHF/UHF Radio Networks, Electronic Protection Measures - Frequency Hopping, Link and Bulk Encryption, Secure Fax Network, PC Security, Secure Email, Secure Virtual Private Networks, Military Data Communication, Management, Support and Training

References

[1]

R. Sutton, Secure Communication: Applications and Management, wiley, 2002.


Secure System Management

Course content:

Challenges in Managing Information Security in the New Millennium , Information Systems Security and the Need for Policy , New Millennium; New Technology; Same Old Right and Wrong , Ethical Elements of Security and Developments in Cyberspace that Should Promote Trust in Electronic Commerce , Cyber Terrorism and the Contemporary Corporation , Addressing Prescription Fraud in the British National Health Service: Technological and Social Considerations , The Irish Experience with Disaster Recovery Planning: High Levels of Awareness May Not Suffice , An Analysis of the Recent IS Security Development Approaches: Descriptive and Prescriptive Implications , Internet and E-Business Security , Assurance and Compliance Monitoring Support , Intelligent Software Agents: Security Issues of a New Technology , Principles for Managing Information Security in the New Millennium

References

[1]

G. Dhillon, Information Security Management: Global Challenges in the New Millennium, Idea Group, 2001.


Formal Models and Information Security

Course content:

Running example, Messages and deduction, Equational theory and static equivalence, A cryptographic process calculus, Security properties, Automated verification: bounded case, Automated verification: unbounded case, Further readings and conclusion

References

[1]

V. Cortier, Formal Models and Techniques for Analyzing Security Protocols, V. Cortier and S. Kremer, 2014.


Information Hiding

Course content:

Introduction to Information Hiding, Multimedia Steganography, Steganalysis, Network Steganography, Robust Watermarking, Watermarking Security, Fingerprinting, Fragile and Authentication Watermarks, Media Forensics, Watermarking in the Encrypted Domain

References

[1]

S. Katzenbeisser and F. Petitcolas, Information Hiding, ARTECH HOUSE, 2016.