Special Topics (Cybersecurity)

Second Semester AY 2022-2023

About

Catalog Description
Course Number and Section CMSC 191 EF
Course Title Special Topics (Cybersecurity)
Description Concepts in protecting computer systems and networks from attacks.
Prerequisites CMSC 125 and CMSC 131 or COI
Credit 3 units
Aim

This course aims to equip students with the knowledge and skills in identifying threats and vulnerabilities as well as developing protection mechanisms for computer systems and networks.

Objectives
At the end of this course the student should be able to:
  1. explain the fundamental concepts in computer systems security: confidentiality, integrity, availability, asset, threat, attack, policy, mechanism;
  2. find and identify software, platform, and network security vulnerabilities;
  3. develop and use exploits for security vulnerabilities;
  4. perform incident response and digital forensics after a security breach;
  5. apply secure programming practices;
  6. design, implement, and deploy secure network and web services; and
  7. explain and evaluate the legal and ethical implications of security attacks and breaches.
Topics (based on ACM's 2013 Curriculum Guidelines)
  1. IAS/Foundational Concepts in Security
  2. IAS/Principles of Secure Design
  3. IAS/Defensive Programming
  4. IAS/Threats and Attacks
  5. IAS/Network Security
  6. IAS/Cryptography
  7. IAS/Web Security
  8. IAS/Platform Security
  9. IAS/Security Policy and Governance
  10. IAS/Digital Forensics
  11. IAS/Secure Software Engineering
Specific topics
  • Why Computer Security is challenging?
  • Computer Security Strategy
  • Symmetric Encryption
  • Asymmetric Encryption
  • Software Security
  • Database Security
  • Penetration Testing
  • Buffer Overflow Attacks
  • TCP/IP and attacks
  • DNS and attacks
  • Malicious Software
  • IT Security Management and Risk Assessment
  • IT Security Controls, Plans, and Procedures
  • Human Resources Security
Evaluation/Grading(Tentative)
Labs/Quizzes 75%
CTF Exam 25%
Total 100%
Passing grade is 55%. No grade of 4.0 will be given. Grading scale is shown below.
0.00 54.99 5.0
55.00 59.99 3.0
60.00 64.99 2.75
65.00 69.99 2.5
70.00 74.99 2.25
75.00 79.99 2.0
80.00 84.99 1.75
85.00 89.99 1.5
90.00 94.99 1.25
95.00 100 1.0
Attendance Policy

Attendance will be checked every meeting. Students with four(4) or more absences will be automatically dropped from the course.

Collaboration Policy

Honor Code
  • Properly acknowledge help received.
  • No looking at solutions/programs from previous years.
  • No sharing of code with other students.
  • Be ready to explain your code.
Google Classroom:

Staff

Name Role Email
Joseph Anthony C. Hermocilla Instructor jchermocilla@up.edu.ph
Elijah Nicholas C. Isunnga Instructor ecisungga@up.edu.ph

Schedule

Week Date Topic Learning Meterials Homework Laboratory
1 The Confidentiality-Integrity-Availablilty Triad
2 Environment Variables and Set-UID programs
3 Shellshock
4 Buffer Overflow
5 Secret-Key Encryption
6 Public-Key Infrastructure
7 Cross-site Scripting
8 SQL Injection
9 TCP/IP Attacks
10 Local DNS Attack Labs
11 Penetration Testing
12 Malware
13 TBA
14 TBA
15 CTF

Resources

Main Resources
  • Lecture: [STA]:Stallings, W. and Brown, L. (2015). Computer Security: Principles And Practice (3rd ed.) Pearson Education Inc.
  • Labs: SEED Labs
Supplementary Textbooks
  • Wenliang Du.(2017).Computer Security: A Hands-on Approach.
  • Goodrich, M., & Tamassia, R. (2010). Introduction to computer security. Addison-Wesley Publishing Company
  • Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing. Prentice Hall Professional Technical Reference.
  • Gollmann, D. (2011). Computer Security. John Wiley & Sons.
  • Bishop, M. (2006). Introduction to computer security. Pearson Education India.
  • Bishop, M. (2003). Computer Security: Art and Science. ISBN: 0-201-44099-7. Addison-Wesley Publishing Company.
  • Kaufman, C., Perlman, R., and Speciner, M. (2002). Network security: private communication in a public world. Prentice Hall Press.
  • Jon Erickson. (2008). Hacking: The art of exploitation. No Starch Press, Inc.
  • Michael Sikorski and Andrew Honig.(2012). Practical Malware Analysis. No Starch Press, Inc.
Similar CNSEC Courses
Software and Others