CMSC 191 (Special Topics): Cybersecurity (Seond Semester 2022-2023)

About

Catalog Description

Course Number and Section	CMSC 191 EF
Course Title	Special Topics (Cybersecurity)
Description	Concepts in protecting computer systems and networks from attacks.
Prerequisites	CMSC 125 and CMSC 131 or COI
Credit	3 units

Aim

This course aims to equip students with the knowledge and skills in identifying threats and vulnerabilities as well as developing protection mechanisms for computer systems and networks.

Objectives

At the end of this course the student should be able to:

explain the fundamental concepts in computer systems security: confidentiality, integrity, availability, asset, threat, attack, policy, mechanism;
find and identify software, platform, and network security vulnerabilities;
develop and use exploits for security vulnerabilities;
perform incident response and digital forensics after a security breach;
apply secure programming practices;
design, implement, and deploy secure network and web services; and
explain and evaluate the legal and ethical implications of security attacks and breaches.

Topics (based on ACM's 2013 Curriculum Guidelines)

IAS/Foundational Concepts in Security
IAS/Principles of Secure Design
IAS/Defensive Programming
IAS/Threats and Attacks
IAS/Network Security
IAS/Cryptography
IAS/Web Security
IAS/Platform Security
IAS/Security Policy and Governance
IAS/Digital Forensics
IAS/Secure Software Engineering

Specific topics

Why Computer Security is challenging?
Computer Security Strategy
Symmetric Encryption
Asymmetric Encryption
Software Security
Database Security
Penetration Testing
Buffer Overflow Attacks
TCP/IP and attacks
DNS and attacks
Malicious Software
IT Security Management and Risk Assessment
IT Security Controls, Plans, and Procedures
Human Resources Security

Evaluation/Grading(Tentative)

Labs/Quizzes	75%
CTF Exam	25%
Total	100%

Passing grade is 55%. No grade of 4.0 will be given. Grading scale is shown below.

0.00	54.99	5.0
55.00	59.99	3.0
60.00	64.99	2.75
65.00	69.99	2.5
70.00	74.99	2.25
75.00	79.99	2.0
80.00	84.99	1.75
85.00	89.99	1.5
90.00	94.99	1.25
95.00	100	1.0

Attendance Policy

Attendance will be checked every meeting. Students with four(4) or more absences will be automatically dropped from the course.

Collaboration Policy

Honor Code

Properly acknowledge help received.
No looking at solutions/programs from previous years.
No sharing of code with other students.
Be ready to explain your code.

Google Classroom:

Name	Role	Email
Joseph Anthony C. Hermocilla	Instructor	jchermocilla@up.edu.ph
Elijah Nicholas C. Isunnga	Instructor	ecisungga@up.edu.ph

Resources

Main Resources

Lecture: [STA]:Stallings, W. and Brown, L. (2015). Computer Security: Principles And Practice (3rd ed.) Pearson Education Inc.
Labs: SEED Labs

Supplementary Textbooks

Wenliang Du.(2017).Computer Security: A Hands-on Approach.
Goodrich, M., & Tamassia, R. (2010). Introduction to computer security. Addison-Wesley Publishing Company
Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing. Prentice Hall Professional Technical Reference.
Gollmann, D. (2011). Computer Security. John Wiley & Sons.
Bishop, M. (2006). Introduction to computer security. Pearson Education India.
Bishop, M. (2003). Computer Security: Art and Science. ISBN: 0-201-44099-7. Addison-Wesley Publishing Company.
Kaufman, C., Perlman, R., and Speciner, M. (2002). Network security: private communication in a public world. Prentice Hall Press.
Jon Erickson. (2008). Hacking: The art of exploitation. No Starch Press, Inc.
Michael Sikorski and Andrew Honig.(2012). Practical Malware Analysis. No Starch Press, Inc.

Week	Date	Topic	Learning Meterials	Homework	Laboratory
1		The Confidentiality-Integrity-Availablilty Triad
2		Environment Variables and Set-UID programs
3		Shellshock
4		Buffer Overflow
5		Secret-Key Encryption
6		Public-Key Infrastructure
7		Cross-site Scripting
8		SQL Injection
9		TCP/IP Attacks
10		Local DNS Attack Labs
11		Penetration Testing
12		Malware
13		TBA
14		TBA
15		CTF

Special Topics (Cybersecurity)