Special Topics (Cybersecurity)

About

Catalog Description

Aim

This course aims to equip students with the knowledge and skills in identifying threats and vulnerabilities as well as developing protection mechanisms for computer systems and networks.

Objectives

At the end of this course the student should be able to:

1. explain the fundamental concepts in computer systems security: confidentiality, integrity, availability, asset, threat, attack, policy, mechanism;
2. find and identify software, platform, and network security vulnerabilities;
3. develop and use exploits for security vulnerabilities;
4. perform incident response and digital forensics after a security breach;
5. apply secure programming practices;
6. design, implement, and deploy secure network and web services; and
7. explain and evaluate the legal and ethical implications of security attacks and breaches.

Topics (based on ACM's 2023 CS Curriculum Guidelines: Security)

1. SEC-Foundations: Foundational Security
2. SEC-SEP: Society, Ethics, and the Profession
3. SEC-Coding: Secure Coding
4. SEC-Crypto: Cryptography
5. SEC-Engineering: Security Analysis, Design, and Engineering
6. SEC-Forensics: Digital Forensics
7. SEC-Governance: Security Governance

Specific topics

• Why Computer Security is challenging?
• Computer Security Strategy
• Symmetric Encryption
• Asymmetric Encryption
• Software Security
• Database Security
• Penetration Testing
• Buffer Overflow Attacks
• TCP/IP and attacks
• DNS and attacks
• Malicious Software
• IT Security Management and Risk Assessment
• IT Security Controls, Plans, and Procedures
• Human Resources Security

Evaluation/Grading(Tentative)

Exercises	45%
Quizzes	10%
CTF Exam	25%
Written Exam	20%
Total	100%

Passing grade is 55%. No grade of 4.0 will be given. Grading scale is shown below.

0.00	54.99	5.0
55.00	59.99	3.0
60.00	64.99	2.75
65.00	69.99	2.5
70.00	74.99	2.25
75.00	79.99	2.0
80.00	84.99	1.75
85.00	89.99	1.5
90.00	94.99	1.25
95.00	100	1.0

Attendance Policy

Attendance will be checked every meeting. Students with four(4) or more absences will be automatically dropped from the course.

Collaboration Policy

Honor Code

• Properly acknowledge help received.
• No looking at solutions/programs from previous years.
• No sharing of code with other students.
• Be ready to explain your code.

Google Classroom:

Schedule

Week	Date	Topic	Learning Materials	Laboratory
1	Jan 27-31	COURSE OVERVIEW AND ADMINISTRATIVE MATTERS
2	Feb 3-7	The Confidentiality-Integrity-Availability triad
3	Feb 10-14	Environment Variables and Set UID
4	Feb 17-21	Shellshock
5	Feb 24-28	Buffer Overflow
6	Mar 3-7	Secret-Key Encryption
7	Mar 10-14	Public-Key Infrastructure
8	Mar 17-21	Cross-Site Scripting
	Mar 24-28	READING BREAK
9	Mar 31-Apr 4	SQL Injection
10	Apr 7-11	TCP/IP Attacks
	Apr 17-19	LENTEN BREAK
11	Apr 21-25	Local DNS Attacks
12	Apr 28-May 2	Penetration Testing
13	May 5-9	Malware Analysis
14	May 12-16	(Buffer Week/DFIR)
15	May 19-23	CTF EXAM
Finals Week	May 26-31	WRITTEN EXAM

Resources

Main Resources

• Lecture: [STA]:Stallings, W. and Brown, L. (2024). Computer Security: Principles And Practice (5th ed.) Pearson Education Inc.
• Labs: SEED Labs

Supplementary Textbooks

• Wenliang Du.(2017).Computer Security: A Hands-on Approach.
• Goodrich, M., & Tamassia, R. (2010). Introduction to computer security. Addison-Wesley Publishing Company
• Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing. Prentice Hall Professional Technical Reference.
• Gollmann, D. (2011). Computer Security. John Wiley & Sons.
• Bishop, M. (2006). Introduction to computer security. Pearson Education India.
• Bishop, M. (2003). Computer Security: Art and Science. ISBN: 0-201-44099-7. Addison-Wesley Publishing Company.
• Kaufman, C., Perlman, R., and Speciner, M. (2002). Network security: private communication in a public world. Prentice Hall Press.
• Jon Erickson. (2008). Hacking: The art of exploitation. No Starch Press, Inc.
• Michael Sikorski and Andrew Honig.(2012). Practical Malware Analysis. No Starch Press, Inc.

Similar CNSEC Courses

• IT 280
• Stanford
• MIT
• UMD
• UCB

Software and Others

• Center for Internet Security
• The Hacker News
• NICE
• SecGen vuln VM generator
• Awesome Pentest
• ACM Cybersecurity Curricula Recommendations 2017
• Vagrant
• VirtualBox
• Kali Linux
• Phrack Magazine
• Exploit DB
• Common Vulnerabilities Exposures
• Damn Vulnerable Web Applications
• National Vulnerability Database
• PentesterLab
• Cybersecurity in the Philippines
• Penetration Test Execution Standard
• Vulnerable by Design
• Metasploit Unleashed
• Shellcode Database