Best Practices Managing Security and Privacy for Cloud Computing (AIT 690.02)

Dr. Massimiliano Albanese, Department of Applied Information Technology

Spring 2012. Wednesdays, 7:20 pm - 10:00 pm, Enginering Building 1110, Fairfax Campus

Office hours. Wednesdays, 2:00 pm - 4:00 pm, Engineering Building, Fairfax Campus

George Mason University

Catalog Description

This course offers a survey of security and privacy issues in Cloud Computing systems, along with an overview of current best practices and available technologies. In this course, we examine cloud computing models, look into the threat model and security issues related to data and computation outsourcing, and explore practical applications of secure Cloud Computing.

The course is offered as an Advanced Topics course in Spring 2012, and will be offered as a regular course (AIT 670) in Fall 2012. Find this course in Patriot Web.

Course Goals

Upon successful completion of this course students will:

-         become familiar with the technology that enables and supports the effective use of Cloud Computing infrastructures;

-         become familiar with an array of security and privacy issues in Cloud Computing systems, current best practices, and open problems;

-         become familiar with legal and regulatory issues pertaining Cloud Computing;

-         acquire experience in discussing and writing about Cloud Computing and security related issues.


Registration in MS, Applied IT program or permission of Instructor.

Course Format

The course will employ lectures, in class-quizzes to assess progress, assignments, a mid-term exam, and a final exam. Students will be required to write a technical paper on a topic which must be approved in advance by the instructor.

Textbooks and reading materials

Required Textbook

Securing the Cloud

Vic (J.R.) Winkler

ISBN: 9781597495929

Syngress, 2011


Recommended Readings

Recommended readings include publications from standardization bodies such as NIST, government agencies, and the research community. Below is a tentative list of recommended readings.

   1)         “DRAFT Cloud Computing Synopsis and Recommendations”, NIST, May 2011

   2)         “NIST Cloud Computing Standards Roadmap”, NIST, July 2011

   3)         “Guidelines on Security and Privacy in Public Cloud Computing”, NIST, January 2011

Additional readings and lecture slides will be made available by the instructor before class.


Course Outline

Below is an outline of the 15 weekly class meetings.

  1. Introduction to the Course - Lecture 1: Introduction to Cloud Computing (Chapter 1)
  2. Lecture 2: Overview of Networking Concepts
  3. Lecture 3: Overview of Security Concepts
  4. In-class quiz - Lecture 4: Cloud Computing Architecture (Chapter 2)
  5. Lecture 5: Security Concerns and Legal Aspects (Chapter 3)
  6. Lecture 6: Securing the Cloud: Architecture (Chapter 4)
  7. Lecture 7: Securing the Cloud: Data (Chapter 5)
  8. Mid-term exam
  9. Lecture 8: Securing the Cloud: Key Strategies and Best Practices (Chapter 6)
  10. Lecture 9: Security Criteria: Building an Internal Cloud (Chapter 7)
  11. Lecture 10: Security Criteria: Selecting an External Cloud Provider (Chapter 8)
  12. Lecture 11: Evaluating Cloud Security: An Information Security Framework (Chapter 9)
  13. Student presentations
  14. Lecture 12: Operating a Cloud (Chapter 10)
  15. Final exam


Grading Policy

Grading will be based on class participation, in-class quizzes, assignments, team project, term paper, mid-term and final exams. Points for course activities will accrue as follow:




Class participation



In-class quiz



Mid-term exam



Graded assignments (2 @ 50 points each)






Term paper



Final exam







Final letter grades are assigned as follows. Breakpoints may be adjusted depending on overall class performance.

Point % range

Letter grade

97% - 100%


93% - 96.9%


90% - 92.9%


87% - 89.9%


83% - 86.9%


80% - 82.9%


77% - 79.9%


73% - 76.9%


70% - 72.9%


67% - 69.9%


63% - 66.9%


60% - 62.9%





Students who wish to recover credits lost in other course activities can volunteer to give short presentations (5-8 slides, 15 minutes) on a topic of their choice. Each short presentation will earn up to 30 points, for a maximum of two presentations per student during the whole course. Students must notify the instructor in advance of their intention to give a short presentation. Time and topic of the presentation must be approved by the instructor.

Regular attendance is strongly recommended. Students will be held responsible for all material covered in class. Quizzes and exams are given on the dates specified on the course schedule. Absence from taking any quiz/exam will result in a score of zero, unless cleared in advance with the instructor and arranged for a makeup session. Excusable absences are normally related to unavoidable and documented emergency situations.