Elective –I

Course Code: BCS604

Credits: 3:2:0

Python programming language

Unit Course Contents
No.
1 Introduction To Python: Installation and Working with Python, Understanding
Python variables, Python basic Operators, Understanding python blocks.
Python Data Types: Declaring and using Numeric data types: int, float, complex,
Using string data type and string operations, Defining list and list slicing, Use of
Tuple data type
2 Python Program Flow Control: Conditional blocks using if, else and elif, Simple
for loops in python, For loop using ranges, string, list and dictionaries, Use of
while loops in python, Loop manipulation using pass, continue, break and else.
Python Functions, Modules And Packages: Organizing python codes using
functions, Organizing python projects into modules, Importing own module as
well as external modules, Understanding Packages, Powerful Lamda functions in
python.
3 Python String, List And Dictionary Manipulation: Building blocks of python
programs, Understanding string in build methods, List manipulation using in
build methods, Dictionary manipulation, Programming using string, list and
dictionary in build functions.
Python File Operation: Reading and writing config files in python,
Understanding read and write functions, Programming using file operations.
4 Python Object Oriented Programming – Oops: Concept of class, object and
instances, Constructor, class attributes and destructors, Real time use of class in
live projects, Inheritance , overlapping and overloading operators, Adding and
retrieving dynamic attributes of classes, Programming using Oops support
5 Python Regular Expression, Python Exception Handling, Python Database
Interact ion
6 Python Multithreading: Understanding threads, Forking threads, Synchronizing
the threads, Programming using multithreading.
Python CGI Introduction.

Text Books:

1. Python Programming: Using Problem Solving Approach by Reema Tharej, Oxford

Publication.
2. Python Programming - Learn & Practice  by, Swapnil Saurav
3. Python Programming: A Complete Guide for Beginners to Master, Python Programming
Language by Brian Draper.
 Open Source Techniques
 
Unit Course Contents
No.
01
Introduction: About Android, Smart phones future, Preparing the Environment:
Installing the SDK, Creating Android Emulator, Installing Eclipse, Installing
Android Development Tools, Choosing which Android version to use
02 Android Architecture: Android Stack, Android applications structure, Creating a
project, Working with the AndroidManifest.xml, Using the log system, Activities
UI Architecture: Application context, Intents, Activity life cycle, Supporting
multiple screen sizes
03
User Interface Widgets: Text controls, Button controls, Toggle buttons, Images.
Notification and Toast: Parameters on Intents, Pending intents, Status bar
notifications, Toast notifications
04
Menus: Localization, Options menu, Context menu, Dialogs: Alert dialog,
Custom dialog, Dialog as Activity
05
Lists: Using string arrays, Creating lists, Custom lists, Location and Maps:
Google maps , Using GPS to find current location, Working with data storage:
Shared preferences, Preferences activity, Files access, SQLite database
06
Animation: View animation, Drawable animation, Content providers: Content
provider introduction, Query providers, Network Communication: Web Services,
HTTP Client, XML and JSON, Services: Service lifecycle, Foreground service,
Publishing Your App: Preparing for publishing, Signing and preparing the
graphics, Publishing to the Android Market.

Text Books:

1 Building Android Apps IN EASY STEPS McGraw-Hill Education

2 Professional Android 2 Application Development Reto Meier Wiley India Pvt Ltd
3 Beginning Android Mark L Murphy Wiley India Pvt Ltd

4 Pro Android Sayed Y Hashimi and Satya Komatineni Wiley India Pvt Ltd
 XML and Web Services
 
Unit Course Contents
No.
01 Introduction : Role Of XML - XML and The Web - XML Language Basics -
SOAP - Web Services - Revolutions Of XML - Service Oriented Architecture
(SOA).
02 XML Technology : XML Technology, XML - Name Spaces - Structuring With
Schemas and DTD - Presentation Techniques - Transformation - XML
Infrastructure
03 SOAP: Overview Of SOAP - HTTP - XML-RPC - SOAP: Protocol - Message
Structure - Intermediaries - Actors - Design Patterns And Faults - SOAP With
Attachments.
04 WEB Services: Overview - Architecture - Key Technologies - UDDI - WSDL -
ebXML - SOAP And Web Services In E-Com - Overview Of .NET And J2EE.
05 XML Security: Security Overview - Canonicalization - XML Security
Framework - XML Encryption - XML Digital Signature - XKMS Structure -
Guidelines For Signing XML Documents - XML In Practice.

 
Text Books:

1.   Frank. P. Coyle, XML, Web Services And The Data Revolution, Pearson Education,
2002.
2.   Ramesh Nagappan , Robert Skoczylas and Rima PatelSriganesh, Developing Java Web    
Services, Wiley Publishing Inc.
3.   Sandeep Chatterjee, James Webber, Developing EnterpriseWeb
Services, Pearson Education.
4.    McGovern, et al., Java Web Services Architecture, Morgan Kaufmann Publishers.
5. Gustavo A, Fabio C, Harumi K, Vijay M. Web Services: Concepts, Architectures and
Applications. Springer (Universities Press).
 Elective –II
Course Code: BCS605
Credits: 3:2:0

Database Security

Sr. Course content

No
1 Introduction to databases; ACID properties; database security lifecycle; data
classification; data risk assessment; database security architecture; feedback
mechanisms; database installation and configuration: profiles, passwords, privileges,
and roles; databases security controls, security models, user administration
2 Database application security models: Take-Grant Model; PN model; Bell and
LaPadula Model, Biba Model, Clack-Wilson model; Lattice Model, Roll-based access
control, XML databases.
3 Database Vulnerabilities, Threats & Physical Security: external and internal database
threats; flaws in perimeter security; database security hierarchy; security in distributed
databases; evaluate database security; evaluate organization’s asset; system event
triggers; flaws fixes and security patches; managing USB ports and USB enabled
devices; database obscurity; virtual private database; SQL injection; backup
mechanisms.
4 Data security policy: database security risks; database security testing; database
auditing models and tools; user management strategies; maintenance policy,
assessment and (counter) measures.

Text Books:

1 Database Security – A. Basta andM. Zgola [Cengage Learning]

2 Database Security -- Castano, Fugini, Martella [Pearson]
3 Database Security and Auditing-- Hassan Afyouni [Cengage Learning]
4 Effective Oracle Database 10g Security by Design -- David C. Knox [McGraw-Hill]
 Theory of Computation

Unit Course Contents

No.
1 Review of Mathematical Theory: Sets, Functions, Logical statements,
Proofs, relations, languages, Mathematical induction, strong principle,
Recursive definitions
2 Regular Languages and Finite Automata: Regular expressions, regular
languages, applications, Automata with output-Moore machine, Mealy
machine, Finite automata, memory requirement in a recognizer, definition,
union, intersection and complement of regular languages. Non Determinism
Finite Automata, Conversion from NFA to FA, ^- Non Determinism Finite
Automata Conversion of NFA- ^ to NFA and equivalence of three
Kleene’s Theorem, Minimization of Finite automata Regular And Non
Regular Languages – pumping lemma.
3 Context free grammar (CFG): Definition, Unions Concatenations And Kleen’s
of Context free language Regular grammar, Derivations and Languages,
Relationship between derivation and derivation trees, Ambiguity
Unambiguous CFG and Algebraic Expressions BacosNaur Form (BNF),
Normal Form – CNF
4 Pushdown Automata, CFL And NCFL: Definition, deterministic PDA,
Equivalence of CFG and PDA, Pumping lemma for CFL, Intersections and
Complements of CFL, Non-CFL
5 Turing Machine (TM): TM Definition, Model Of Computation And Church
Turning Thesis, computing functions with TM, Combining TM, Variations Of
TM, Non Deterministic TM, Universal TM, Recursively and Enumerable
Languages, Context sensitive languages and Chomsky hierarchy.
6 Computable Functions: Partial, total, constant functions, Primitive Recursive
Functions, Bounded Mineralization, Regular function, Recursive Functions

Text Books:

1. An introduction to automata theory and formal languages By Adesh K. Pandey,

Publisher: S.K. Kataria& Sons
2. Introduction to computer theory By Deniel I. Cohen , Joh Wiley & Sons, Inc
3. Computation: Finite and Infinite By Marvin L. Minsky Prentice-Hall
4. Compiler Design By Alfred V Aho, Addison Weslley
5. Introduction to the Theory of Computation By Michael Sipser
6. Automata Theory, Languages, and Computation By John Hopcroft, Rajeev Motowani,
and Jeffrey Ullman
 Social Media Analysis

Unit Course Contents

No.
1 What is Online Social Networks, data collection from social networks,
challenges, opportunities, and pitfalls in online social networks, APIs
2 Collecting data from Online Social Media, Data collection
Trust and credibility in OSM, Reputation in OSM
3 Advanced techniques to deduct Trust and credibility in OSM
4 OSM & Policing , How OSM is being used by policing around the world , How
OSM is being used by policing in India , What kind of analysis would help
Police
5 OSM & Privacy, Privacy disclosures on OSM, Effects of privacy disclosures
6 Phishing in OSM, Fraudulent entities on OSM

Text Books:

1. Analyzing the Social Web by Jennifer Golbeck

 Web Security and Vulnerability Assessment

Unit Course Contents

No.
01 Working of Hackers: Invading PCs, Script Kiddies, Working of Personal
Hacker Protection, Working of Spyware and Antispyware: Introduction to
Spywares, Detection Escapism, Invading Privacy, Hijacking home page and
search pages, working of dialers, working of keyloggers and rootkits, following
spyware money trail, working of anti-spyware, Websites and privacy: Working
of Cookies, Web bugs, Websites, Websites building personal profiles, Dangers
of Internet Search: Working of Google, Individual Know-how
02 Phishing Attacks: Working of Phishing, following phishing money trail,
protection against phishing attacks, Zombies and Trojan Horses: Working of
Zombies and Bot Networks, Working of Trojan Horses, Zombie Money Trail,
Working of Zombie and Trojan Protection , Security Dangers in Browsers:
Hackers exploit Networks, Protection against browser based attacks, Worms
and viruses: Working of viruses and worms, antivirus software
03 Wi-Fi security dangers and protections: Working of Wi-Fi, Invading Wi-Fi
Networks, hotspots, Evil Twin Hacks and Protections
Working of Spam: Dangers of spam, Hiding identity and identification,
Working 1of Anti-spam software, Denial of Service Attacks and Protection:
Virtual Private Networks, Web Blocking and Parental Controls, Personal
Firewalls and Proxies
04 Vulnerability assessment: Nessus, OpenVAS, Nexpose, web application
scanning tools, Penetration testing tools: Metasploit, Canvas, Writing custom
exploits
05 Defence in Depth: Host-based and Network-based defenses (Firewalls, Intrusion
Detection/Prevention), Network analysis: TcpDump, Wireshark, Netflow,
Securing and hardening systems: Bastille, CIS, MS Baseline
06 Incident response and investigation: Log review, Log management and
correlation, incident response process and tools, Cloud security: Tools to assess
and monitor cloud-based system security

Text Books:

1. Preston Galla, How Personal and Internet Security Work,Que Publications

2. Alfred Basta and Wolf Halton, Computer Security Concepts, Issues and Implementation,
Cengage Learning
3. Shon Harris, Allen Harper, Chris Eagle and Jonathan Ness, Gray Hat Hacking: The
Ethical Hackers' Handbook, TMH Edition
4. Jon Erickson, Hacking: The Art of Exploitation, SPD
5. Peltier, T. R., Peltier, J., & Blackley, J. A. (2003). Managing a Network Vulnerability
Assessment. CRC Press.
6. Caswell, B., Beale, J., Ramirez, G., & Rathaus, N. (2005). Nessus, Snort, and Ethereal
Power Tools: Customizing Open Source Security Applications. Elsevier.
 Elective-III
Course Code: BCS704
Credits: 3:2:0
Wireless security

Unit Course Contents

No.
1 Generation of wireless security; wired equivalent privacy; WiFi protected
access; security protocols pertaining to wireless networks; rogue access points,
eavesdropping, interception, countermeasures. Securing Adhoc networks,
security provisioning in adhoc environment, Key management issues, routing
and security in adhoc networks Wireless Attacks / Mitigation, monitoring,
tracking, and Secure design.
2 IPSec, VPN, key management; security issues of routers, switch and gateways,
radius (Cisco router), extensible authentication protocol; port-based
authentication (802.lx); denial of service at link, IP, TCP layers.
3 Mobile communication security: 2G, 2.5G, 3G, 4G, 5G; UMTS, GSM, GPRS,
3GPP; A3/A5/A8, Kasumi, platform security, apps security; phone hardware
security. Cellular Jamming, Attacks, Mitigation, Secure Mobile VoIP Services,
Mobile App Security.
4 Real-time encryption for satellite data; tools and devices for wireless security.
5 RFID : Security, Privacy, Techniques, Protocols, MITM attacks, Secure RFID ,
etc.
6 Bluetooth : Attacks, Scanning, Vulnerability, Mitigation, Recon, eavesdropping

Text Books:

1 Wireless Security – R. K. Nichols and P. C. Lekkas [McGraw-Hill]

Some additional materials needed
 Intrusion detection and prevention System

Unit Course Contents

No.
01 Approaches in Anomaly based Intrusion Detection Systems: Introduction,
Payload based vs. header based approaches, setting up an ABS, PAYL &
POSEIDON, Conclusions
02 Formal Specification for Fast Automatic Profiling of Program Behavior:
Introduction, Related Works, Methodology, Case Study, Remus configuration
and conclusions. Learning Behaviour Profiles from Noisy Sequences:
Introduction, Learning by abstraction, Regular Expressions, String Alignment
and Flexible Matching, Learning Algorithm, Evaluation of Artificial Traces,
User Profiling.
03 Correlation Analysis of Intrusion Alerts: Introduction, Approaches based on
similarity between Alert Attributes, approaches based on predefined attack
scenarios, approaches based on prerequisites and consequences of attacks,
approaches based on multiple information sources, Privacy issues in auto
correlation
04 An approach to preventing, correlating, predicting multi-step network attacks:
Introduction, Related work, preliminaries, Hardening network to prevent
multistep intrusions, Correlating and predicting multiple steps attacks
05 Response: Bridging the link between Intrusion Detection alerts and security
policies: Security Policy Formalism, Threat Response system, From alerts to new
policies
06 Intrusion Detection and Reaction: An integrated approach to network security:
Proposed Framework, Architecture for Intrusion Detection, Intrusion reactions,
attack sessions, intrusion detection subsystem, traffic classification and intrusion
reaction, testing.

Text Books:

1. Roberto Di Pietro and Luigi Mancini, Intrusion Detection Systems, Springer

2. Rafeeq Ur Rehman, Intrusion Detection Systems with Snort, Pearson Education, Prentice
Hall
3. Guide to Intrusion Detection and Prevention Systems, National Institute of Science and
Technology
 Compiler Design

Unit Course Contents

No.
01 Overview of the Translation Process, A Simple Compiler, Difference between
interpreter, assembler and compiler. Overview and use of linker and loader,
types of Compiler, Analysis of the Source Program, The Phases of a Compiler,
Cousins of the Compiler, The Grouping of Phases, Lexical Analysis, Hard
Coding and Automatic Generation Lexical Analyzers, Front-end and Back-end
of compiler, pass structure
02 Lexical Analyzer: Introduction to Lexical Analyzer, Input Buffering,
Specification of Tokens, Recognition of Tokens, A Language for Specifying
Lexical Analyzers, Finite Automata From a Regular Expression, Design of a
Lexical Analyzer Generator, Optimization of DFA
03 Parsing Theory: Top Down and Bottom up Parsing Algorithms, Top-Down
Parsing, Bottom-Up Parsing, Operator-Precedence Parsing, LR Parsers, Using
Ambiguous Grammars, Parser Generators, and Automatic Generation of
Parsers. Syntax-Directed Definitions, Construction of Syntax Trees, Bottom-
Up Evaluation of S-Attributed Definitions, L-Attributed Definitions, syntax
directed definitions and translation schemes
04 Error Recovery: Error Detection & Recovery, Ad-Hoc and Systematic
Methods
Intermediate Code Generation: Different Intermediate Forms, Syntax Directed
Translation Mechanisms And Attributed Mechanisms And Attributed
Definition.
05 Run Time Memory Management: Source Language Issues, Storage
Organization, Storage-Allocation Strategies, and Access to Non local Names,
Parameter Passing, Symbol Tables, and Language Facilities for Dynamic
Storage Allocation, Dynamic Storage Allocation Techniques.
06 Code Optimization: Global Data Flow Analysis, A Few Selected Optimizations
like Command Sub Expression Removal, Loop Invariant Code Motion,
Strength Reduction etc.
07 Code Generation: Issues in the Design of a Code Generator, The Target
Machine, Run-Time Storage Management, Basic Blocks and Flow Graphs,
Next-Use Information, A Simple Code Generator, Register Allocation and
Assignment, The DAG Representation of Basic Blocks, Peephole
Optimization, Generating Code from DAGs, Dynamic Programming Code-
Generation Algorithm, Code Generator Generators.

Text Books:

1. Compilers: Principles, Techniques and Tools By Aho, Lam, Sethi, and Ullman,
Pearson.
2. Compilers: Principles, Techniques and Tools By Aho, Sethi, and Ullman, Addison-
Wesley.
3. Compiler Design in C By Allen I. Holub, Prentice-Hall/Pearson.
4. Advanced Compiler Design and Implementation By Muchnick, Morgan and Kaufmann.

Elective-IV
Course Code: BCS705
Credits: 3:2:0
Information System and Security Management

Sr.No Course content

1 Security Risk Assessment and Management: introduction to security risk
management, risk management approaches, risk assessment, quantitative and
qualitative measures; information classification; asset classification, security
assurance approaches and standards: ISO17799, ISO27001, COBIT;
2 Network security management - Firewalls, IDS and IPS configuration
management, server administration guidelines and maintenance;
3 Management of IT security infrastructure; system log analysis malware
handling, vulnerability analysis, enforcing security policies; IS Audit;
4 Business continuity planning and disaster recovery; backup and recovery
techniques; audit tools: Snort, NESSUS, NMAP and others as appropriate; legal
and ethical issues; compliance and certificates; Indian IT Act.

Text Books:

1. Information Security Management Principles-- David Alexander, Amanda Finch, David

Sutton, Andy Taylor [BCS Learning]
2. IT Security and Risk Management -- J. Slay and A. Koronios[Wiley]
3. Information Security Management Handbook-- Harold F. Tipton and Micki
Krause [Auerbach Publications]

Multimedia Security

Unit No. Course Contents

1 Models of watermarking, channel capacity, watermarking techniques: non-
cryptographic and cryptographic; encoding and decoding; partial encryption
2 Image watermarking, video watermarking, audio watermarking, data hiding
through watermarking techniques.
3 Multimedia data hiding; digital fingerprinting; buyer-seller watermarking
model; anti-counterfeiting; image authentication, doctored video; video
authentication.
4 Digital rights management; data piracy, copyright, countermeasures; data
forgeries - detection and prevention mechanisms.

Text Books:
1. Digital Watermarking and Steganography -- Cox, Miller, Bloom, Fridrich, Kalker
[Morgan Kaufmann]
2. Multimedia Security Handbook -- Borko Furht and Darko Kirovski [CRC Press]