214573 - Information System Security - 2005

Kasetsart University
Department of Computer Engineering

Class Info: 

Wednesdays 6:00-9:00 PM
Room 101, 1st Floor, SMC Building

Instructor Info:

Dr. Monchai Sopitkamon
Room 306, Computer Engineering Building
Phone: 02-942-8555 x 1432
E-mail: fengmcs at ku dot ac dot th
(please prefix the subject of your message with 214573)



  • Slides for lecture 13 have been posted under the Syllabus section.
  • Final exam will cover lectures 6-13 and articles of weeks 10 and 13.
  • Slides for lecture 12 have been posted under the Syllabus section.
  • Final exam date has been changed to Sunday Mar 5th at 13:00 PM. See the Important Dates section.
  • Journal Portfolio is due next Wed Feb 22nd at the beginning of the class. Be sure to check with the Journals section for what are required in your final journal portfolio..
  • Slides for lecture 11 have been posted under the Syllabus section.
  • Solutions to midterm exam can be downloaded here.
1/25/2006 Slides for lecture 10 have been posted under the Syllabus section.
1/11/2006 Updated slides for lecture 8 have been posted under the Syllabus section.
1/8/2006 Slides for lecture 8 have been posted under the Syllabus section.
  • A "Paper Subm" folder has been created on Maxlearn for you to submit the paper summary file by Monday 9th at 11:00 PM.
  • This Sunday's class (1-4 PM) will be held at the same room as our regular class room.
1/4/2006 Slides for lecture 7 have been posted under the Syllabus section.
  • Last night's class was cancelled. We'll still have a midterm exam on Dec 28 during class hours. The exam will cover study material until our last lecture, the lecture 6, on the Syllabus. It will be close-book. The questions will be essay type. Basic, non-programmable calculators are allowed. Exam instructions will be provided on the first page of exam sheet.

  • The other book, "Principles of Information Security," is available at the CS department for 390 Baht.

  • I've just created a Web board on Maxlearn for this course for you to post questions/issues related to midterm or other things. i'll try to answer them as best as i can.


The number of articles on the week of lecture 9 has been reduced to just one paper. Please see the updated Syllabus. I will leave the Security in Computing books with K.Supiradee at the CS Dept. tomorrow. Anyone interested in buying the book please leave the money with her.


The "Security in Computing" book's price is 610 and should be available at the CS Dept. this evening.  To purchase this book, please try bringing the exact amount of cash since the department may not have enough change for every one.
The price of the "Principles of Information Security" book is 390 and should be here next week.

12/13/2005 The article for Lecture 8 under the Syllabus section has been changed. Please do a summarization/presentation on this paper instead of the old one.
12/07/2005 Slides for lecture 5 have been posted under the Syllabus section.
12/1/2005 Slides for lectures 3 and 4 have been posted under the Syllabus section.

Slides for tonight's and next week's lectures have been posted


Cryptography review, cryptographic protocols, secure electronic transactions, public key certificates and infrastructures, authentication and authorization certificates, secure credential services, performance impacts of security, mobile code security, security of agent-based systems, electronic payment systems, intellectual property protection, privacy in e-commerce, legal-aspects of secure electronic commerce, client-side and server-side security issues, timestamping, and notarization.

Back to the top


Grades are based on a midterm, a journal portfolio, and a final exam.
Grades will be numerical on the scale 0-100. Your final numerical grade, G, is computed as follows:
G = 0.35 * Midterm + 0.35 * Final + 0.20 * Journal Portfolio + 0.10 * Class Participation
The following table is used to convert your final numerical grade G to a letter grade:

letter grade
[90,100)  A
[85,90)  B+
[81,85)  B
[77,81)  C+
[65, 77)  C
[55, 65) D+
[50, 55) D
< 50  F

Back to the top


Main Text Books:

  1. M. Whitman and H. Mattord. Principles of Information Security, 2nd Edition, Course Technology, 2005, ISBN: 0619063181
  2. C.P. Pfleeger and  S. L. Pfleeger, Security in Computing,  3rd Edition., Prentice Hall, 2003, ISBN: 0130355488

Supplemental Text Book:

  1. M. Greenstein and M. Vasarhelyi, Electronic Commerce: Security, Risk Management, and Control, McGraw Hill, 2nd Edition, 2002, ISBN: 007-251-9150. Visit the book's web site and check the resources available on that site.

Other recommended books:

  1. D. A. Menasce and V. Almeida, Scaling for E-Business: technologies, models, performance, and capacity planning, Prentice Hall, 2000, ISBN: 0-13-086328-9. Visit the book's web site and check the resources available on that site.
  2. A. K. Ghosh, E-commerce Security, John Wiley, 1998.
  3. B. Schneier, Applied Cryptography: Protocols, Algorithms and Source Code in C, 2nd. edition, John Wiley, 1996, ISBN: 0-471-12845-7.
  4. M.G. Solomon and M. Chapple, Information Security Illuminated, Jones and Bartlett Publishers, 2005.


  1. "What is Computer Security?," M. Bishop, IEEE Security and Privacy, January/Febr 2003.
  2. "Building Secure Web-Based Environments," C. Adams, IEEE Security and Privacy, Jan/Febr. 2005.
  3. "Technology and Web User Data Privacy," J. Linn, IEEE Security and Privacy, January/February 2005.
  4. "Micropayments: An Idea Whose Time Has Passed Twice?", M. Lesk, IEEE Security and Privacy, January/February 2004.
  5. "The Speed of Security," B. Schneier, IEEE Security and Privacy, July/August 2003.
  6. "Deploying and Using Public Key Technology: Lessons Learned from Real Life," R. Guida, R. Stahl, T. Bunt, G. Secrest, and J. Moorcones, IEEE Security and Privacy, July/August 2004.
  7. "The Delicate Balance: Security and Privacy," A. Stone, IEEE Security and Privacy, July/August 2004.
  8. "Selecting the Advanced Encryption Standard," W. Burr, IEEE Security and Privacy, March/April 2003.
  9. "Digital Rights Management (DRM) Architectures, R. Ianella, D-Lib Magazine, June 2001.
  10. "Comparing the Usage of Digital Rights Management Systems in the Music, Film, and Print Industry," M. Fetscherin and M. Schmid, Proc. 5th International Conference on Electronic Commerce (ICEC 2003), September 2003, Pittsburgh, PA.
  11. "First Principles of Copyright for DRM Design," L.J. Camp, IEEE Internet Computing, May/June 2003.
  12. "In Search of Usable Security: Five Lessons from the Field," D. Balfanz and D.K. Smetters, IEEE Security and Privacy, Sept/Oct. 2004.
  13. "Security Performance," D. Menasce, IEEE Internet Computing, May/June 2003, Vol. 7, No. 3.

Back "to the top



Topics & Objective

Study Material

Journal Papers


Introduction to Information Security

Chapter 1 of Whitman



The Need for Security

Chapter 2 of Whitman

Improving the security of your site by breaking into it, Dan Farmer and Wietse Venema


Elementary Cryptography

Chapter 2 of Pfleeger,
Chapter 8 of Whitman, and
Chapter 10 of Greenstein

Why Cryptography Is Harder Than It Looks, Bruce Schneier


Cryptography Explained

Chapter 10 of Pfleeger

Cryptanalysis of SHA-1, Bruce Schneier


Security in Programs I

Chapter 3.1 3.2 of Pfleeger

Using Programmer-Written Compiler Extensions to Catch Security Holes, Ken Ashcraft and Dawson Engler


Security in Programs II

Chapter 3.3 3.4 of Pfleeger

Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, et al.


Security in Programs III

Chapter 3.4 3.5 of Pfleeger

Protection, Butler Lampson


Web Site Security

Dr. Benchaphons slides

Thirty Years Later: Lessons from the Multics Security Evaluation, Paul Karger and Roger Schell


Dos and Don’ts of Client Authentication on the Web, Kevin Fu, et al.


Protection in General-Purpose OS

 Chapter 4.1 4.2 of Pfleeger

Advanced SQL Injection In SQL Server Applications, Chris Anley


Security in Networks I

Chapter 7 of Pfleeger

Security of the Internet, CERT


Security in Networks II

Chapter 7 of Pfleeger

Security Problems in the TCP/IP Protocol Suite, S.M. Bellovin


Security in Networks III

Chapter 7 of Pfleeger

Defending Yourself: The Role of Intrusion Detection Systems, McHugh, John, Alan Christie, and Julia Allen


Intrusion Detection, Access Control, and Other Security Tools

Chapter 7 of Whitman

Micropayments: An Idea Whose Time Has Passed Twice?, M. Lesk


Electronic Payment Systems

Chapter 12 of Greenstein and
Dr. Benchaphon
s slides

Risk Management is Where the Money is, Daniel Geer

NOTE: This syllabus may be subject to changes depending upon circumstances.

Back to the top


  • Security Web Site Links:
  • Research Centers:
  • Bibliography sites:
  • TPC-W: Transaction Processing Council (TPC) benchmark for E-commerce.
  • Online magazines:
  • Brian Davison's site on Web caching.
  • Internet and Web Statistics Web sites:
  • World Wide Web (W3C) Consortium. W3C develops interoperable technologies (specifications, guidelines, software, and tools) such as HTTP, XML, XSLT, P3P, Semantic Web, etc.

    Back to the top


    For each week, each student is to read an article/paper posted under the SYLLABUS section for that week, summarize (NOT duplicate) the idea(s) learned from the article in his/her own words/thoughts and discuss how the article specifically relates to what is being discussed in class for that particular week into one-page, single-spaced journal. Each student is also expected to prepare a PowerPoint presentation about that article to be given in front of the class. At the beginning of each class, I will randomly select one or more students to make a short presentation to the class about what they learned from the article (There will not be a case when certain students are chosen twice before everyone has already given one presentation). These short presentations will count toward the class participation grade.

    By the end of the course, you should put together all articles and reviews you wrote into a final portfolio.

    Final Journal Portfolio Submission:

    1. Create a table of contents of all articles. Make sure to include the article titles. Place this page first in the portfolio. The portfolio must be assembled and turned in a folder.
    2. Select the article that you enjoyed the most and write a one-page double-spaced explanation of why you liked the article the most and what you learned from it. Include this page after the table of contents.
    3. Make sure that all articles and summaries are included in your portfolio. Place them after the table of contents.

    Back to the top


    First Day of Classes  November 2, 2005. 
    Midterm exam December 28, 2005
    Journal Portfolio Due February 22, 2006
    Final Exam
    (Open books & class notes)
    March 5, 2006

    Back to the top


    No collaboration is allowed among students in any of the individual exams and assignments.

    Back to the top

    Last updated: 07/09/2008