Lecture

(Undergraduate) Basis and Practice in Programming:


Text: Operating System: Concepts (Ninth Edition, Wiley)
Avi Silberschatz, Peter Baer Galvin, Greg Gagne

운영체제 (교보문고)
조유근, 고건, 박민규

Operating System Security (Morgan & Claypool Publishers)
Trent Jaeger

Course Handouts: 0. Syllabus

1~20. Set of Slides Provided by Authors

References:

(Undergraduate) Introduction to Information Security:

Text:

Course Handouts: 1. Cyber Warfare Today

2. Information Security Policy

3. Cryptography Basics
    - Encryption, Digital Signatures, Certificates

4. Authentication
    - Password, Biometrics, Tokens, Certificates

5. Secure Platforms
    - OS, TPM, Access Control, Information Flow Control

6. Network Vulnerabilities and Defense
    - Sniffing, Impersonation, DoS, etc
    - WEP, SSL, IPSec, Firewalls, IDS, etc

7. Network Security Monitoring

8. Digital Forensics

9. Information Assurance

10. Psychological Elements
    - User Interfaces (Usable Security), Social Engineering

References:


(Undergraduate) Introduction to Information Assurance and Security Engineering - Build, Test, and Evaluate Trustworthy Systems:

Text: Introduction to Computer Security (Addison-Wesley)
Matt Bishop

(Recommendation) Security Engineering (Wiley)
Ross Anderson

(Recommendation) Threat Modeling: Designing for Security (Wiley)
Adam Shostack

Using the Common Criteria for IT Security Evaluation (CRC Press)
Debra S. Herrmann

(Recommendation) 국제공통평가 기준을 이용한 보안 평가론 (홍릉과학출판사)
김승주, 원동호

Course Handouts: 0. Syllabus

1. Introduction to Information Assurance and Security Engineering

2. Foundations

3. Identifying Threats & Threat Risk Modeling

References: (Threat Risk Modeling) Study on the Femtocell vulnerability analysis using Threat Modeling (위협 모델링 기법을 이용한 펨토셀 취약점 분석에 대한 연구)
Jaeki Kim

(Threat Risk Modeling) Security Requirements Analysis on IP Camera via Threat Modeling and Common Criteria (보안위협모델링과 국제공통평가기준을 이용한 IP Camera 보안요구사항 분석)
Jisoo Park

(Threat Risk Modeling) MS Threat Modeling Tool 2017 User's Guide
SANE Lab. at Korea Univ.



(Graduate) IT Security Evaluation Methods:

Text: Using the Common Criteria for IT Security Evaluation (CRC Press)
Debra S. Herrmaun

(Recommendation) 국제공통평가 기준을 이용한 보안 평가론 (홍릉과학출판사)
김승주, 원동호

Course Handouts: 0. Syllabus

1. History of CC - International - 

2. 
History of CC - Domestic -

3. Introduction to CC

4. CC Part 1 : General Model

5. CC Part 2 : SFRs

6. CC Part 3 : SARs

References: (PP) Firewall Protection Profile V2.0 
KISA

(PP) ePassport Protection Profile V2.1 (See also Seungjoo Kim's Security Issues in Electronic Passports)
KISA

(PP) Modeling Trusted Computing Support in a Protection Profile for High Assurance Security Kernels
Hans Löhr, Ahmad-Reza Sadeghi, Christian Stüble, Marion Weber, and Marcel Winandy

(ST) Firewall Security Target Example 

(OR) Firewall Observation Report Example

(ETR) MS Windows Server 2003 Certificate Server Evaluation Technical Report Example
NIAP

(FPR) Protection Profiles for Remailer Mixes. Do the New Evaluation Criteria Help?
Kai Rannenberg and Giovanni Iachello

(ADV_SPM) Formal Security Policy Models for Smart Card Evaluations
Gerd Beuster et al.

(AVA) Security Tools for Common Criteria Testing
Quang Trinh

Certifying Open Source — The Linux Experience
K.S.(Doc) Shankar and Helmut Kurth

A Comparison of Security Standards
Marcus Streets


(Graduate) Security Engineering:

Text: Introduction to Computer Security (Addison-Wesley)
Matt Bishop

Computer Security : Art and Science (Addison-Wesley)
Matt Bishop

(Recommendation) Computer Security (Wiley)
Dieter Gollmann

(Recommendation) Security Engineering (Wiley)
Ross Anderson

(Recommendation) A Practical Guide to Security Engineering and Information Assurance (CRC Press)
Debra S. Herrmann

Threat Modeling: Designing for Security (Wiley)
Adam Shostack

(Recommendation) 보안 경제학 (서울대학교 출판부))
서승우

Course Handouts: 0. Syllabus

1. Introduction to Information Assurance and Security Engineering

2.
Foundations

3. Identifying Threats & Threat Risk Modeling

4. Security Policy Modeling

5. Secure Design

6. Security Testing

7. Security Evaluation Standards

References: (Foundations) Information Security and Information Assurance: Discussion about the Meaning, Scope, and Goals
Yulia Cherdantseva and Jeremy Hilton

(Foundations) Basic Concepts and Taxonomy of Dependable and Secure Computing
Algirdas Avizienis, Jean-Claude Laprie, Brian Randell, and Carl Landwehr

(Foundations) From Information Security to Cyber Security
Rossouw von Solms and Johan van Niekerk

(Threat Risk Modeling) The Economic Impacts of NIST's Data Encryption Standard (DES) Program
TASC, Inc.

(Threat Risk Modeling) Study on the Femtocell vulnerability analysis using Threat Modeling (위협 모델링 기법을 이용한 펨토셀 취약점 분석에 대한 연구)
Jaeki Kim

(Threat Risk Modeling) Security Requirements Analysis on IP Camera via Threat Modeling and Common Criteria (보안위협모델링과 국제공통평가기준을 이용한 IP Camera 보안요구사항 분석)
Jisoo Park

(Threat Risk Modeling) MS Threat Modeling Tool 2017 User's Guide
SANE Lab. at Korea Univ.

(Security Policy Modeling) Formal Security Policy Models for Smart Card Evaluations
Gerd Beuster et al.

(Secure Design) How to Evaluate the Security of Real-Life Cryptographic Protocols? - The Cases of ISO/IEC 29128 and CRYPTREC -
Shin'ichiro Matsuo, Kunihiko Miyazaki, Akira Otsuka, and David Basin

(Security Testing) Symbolic Execution for Software Testing: Three Decades Later
Cristian Cadar and Koushik Sen

(Security Testing) A Survey of Symbolic Execution Techniques
Roberto Baldoni, Emilio Coppa, Daniele Cono D'Elia, Camil Demetrescu, and Irene Finocchi

(Security Testing) Automated Verification of Real-World Cryptographic Implementations
Aaron Tomb

(Security Testing) Operating System Verification — An Overview
Gerwin Klein

(Security Testing) BitBlaze: A New Approach to Computer Security via Binary Analysis
Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek Saxena

(Security Evaluation Standards) The ISO Common Criteria for IT Security Evaluation : Part 1, Part 2, and Part 3.
ISO/IEC

(Security Evaluation Standards) FIPS US Federal standards (relevant FIPS: nos 46, 180, 186, and 197)
NIST

(Security Evaluation Standards) The ISO/IEC 17799 standard : Part 1, Code of Practice for Information Security Management and Part 2, Specification of Information Security Management Systems
ISO/IEC


(All) Technical Writing:

Text: 한국의 이공계는 글쓰기가 두렵다 (북코리아)
임재춘

Course Handouts: 1. Why Do You Need to Study Technical Writing?

2. Students Self-Introduction 

3. 
Technical Writing

4. Mid-Term Project Presentation : Writing a Newspaper Column 

5. Presentation Skill

6. Technical Debate

References: