Special Topics (Cybersecurity)

About

Catalog Description

Aim

This course aims to equip students with the knowledge and skills in identifying threats and vulnerabilities as well as developing protection mechanisms for computer systems and networks.

Objectives

At the end of this course the student should be able to:

1. explain the fundamental concepts in computer systems security: confidentiality, integrity, availability, asset, threat, attack, policy, mechanism;
2. find and identify software, platform, and network security vulnerabilities;
3. develop and use exploits for security vulnerabilities;
4. perform incident response and digital forensics after a security breach;
5. apply secure programming practices;
6. design, implement, and deploy secure network and web services; and
7. explain and evaluate the legal and ethical implications of security attacks and breaches.

Topics (based on ACM's 2023 CS Curriculum Guidelines: Security)

1. SEC-Foundations: Foundational Security
2. SEC-SEP: Society, Ethics, and the Profession
3. SEC-Coding: Secure Coding
4. SEC-Crypto: Cryptography
5. SEC-Engineering: Security Analysis, Design, and Engineering
6. SEC-Forensics: Digital Forensics
7. SEC-Governance: Security Governance

Specific topics

• Why Computer Security is challenging?
• Computer Security Strategy
• Symmetric Encryption
• Asymmetric Encryption
• Software Security
• Database Security
• Penetration Testing
• Buffer Overflow Attacks
• TCP/IP and attacks
• DNS and attacks
• Malicious Software
• IT Security Management and Risk Assessment
• IT Security Controls, Plans, and Procedures
• Human Resources Security

Evaluation/Grading(Tentative)

Exercises	45%
Quizzes	10%
CTF Exam	25%
Written Exam	20%
Total	100%

Passing grade is 55%. No grade of 4.0 will be given. Grading scale is shown below.

0.00	54.99	5.0
55.00	59.99	3.0
60.00	64.99	2.75
65.00	69.99	2.5
70.00	74.99	2.25
75.00	79.99	2.0
80.00	84.99	1.75
85.00	89.99	1.5
90.00	94.99	1.25
95.00	100	1.0

Policies

Attendance Policy

The University Policy on Attendance will apply.

Collaboration Policy

All lab activities will be done individually. Discussions are allowed but there should be no sharing/direct copying of code.

Academic Integrity and Generative AI Use

• Properly acknowledge help received by indicating your sources in your submissions.
• No looking at solutions/programs from previous years.
• No sharing of code with other students. Be ready to explain your code.
• By default you are not allowed to used AI tools during lab classes. You may use AI tools in this course only when allowed and never to replace your own work. AI can help with brainstorming, explanations, or debugging (if permitted), but you must verify results, credit the tool, and explain your work yourself. Do not use AI to generate complete solutions for graded work, plagiarize, or submit misleading content. Misuse will be treated as academic misconduct. Use AI to learn, not to cheat.

Communication and LMS

We will use Google Classroom and Slack.

Schedule

Week	Date	Topic	Learning Materials	Laboratory
1	Aug 11-15	COURSE OVERVIEW AND ADMINISTRATIVE MATTERS
2	Aug 18-22	The Confidentiality-Integrity-Availability triad
3	Aug 25-29	Environment Variables and Set UID
4	Sep 1-5	Shellshock
5	Sep 8-12	Buffer Overflow
6	Sep 15-19	Secret-Key Encryption
7	Sep 22-26	Public-Key Infrastructure
8	Sep 29-Oct 3	Cross-Site Scripting
	Oct 6-10	READING BREAK
9	Oct 13-17	SQL Injection
10	Oct 20-24	TCP/IP Attacks
11	Oct 27-31	Local DNS Attacks
12	Nov 3-7	Penetration Testing
13	Nov 10-14	Malware Analysis
14	Nov 17-21	(Buffer Week/DFIR)
15	Nov 24-28	CTF EXAM
16	Dec 1-5	(Buffer Week)
Finals Week	TBA	WRITTEN EXAM

Resources

Main Resources

• Lecture: [STA]:Stallings, W. and Brown, L. (2024). Computer Security: Principles And Practice (5th ed.) Pearson Education Inc.
• Labs: SEED Labs

Supplementary Textbooks

• Wenliang Du.(2017).Computer Security: A Hands-on Approach.
• Goodrich, M., & Tamassia, R. (2010). Introduction to computer security. Addison-Wesley Publishing Company
• Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing. Prentice Hall Professional Technical Reference.
• Gollmann, D. (2011). Computer Security. John Wiley & Sons.
• Bishop, M. (2006). Introduction to computer security. Pearson Education India.
• Bishop, M. (2003). Computer Security: Art and Science. ISBN: 0-201-44099-7. Addison-Wesley Publishing Company.
• Kaufman, C., Perlman, R., and Speciner, M. (2002). Network security: private communication in a public world. Prentice Hall Press.
• Jon Erickson. (2008). Hacking: The art of exploitation. No Starch Press, Inc.
• Michael Sikorski and Andrew Honig.(2012). Practical Malware Analysis. No Starch Press, Inc.

Similar CNSEC Courses

• IT 280
• Stanford
• MIT
• UMD
• UCB

Software and Others

• Center for Internet Security
• The Hacker News
• NICE
• SecGen vuln VM generator
• Awesome Pentest
• ACM Cybersecurity Curricula Recommendations 2017
• Vagrant
• VirtualBox
• Kali Linux
• Phrack Magazine
• Exploit DB
• Common Vulnerabilities Exposures
• Damn Vulnerable Web Applications
• National Vulnerability Database
• PentesterLab
• Cybersecurity in the Philippines
• Penetration Test Execution Standard
• Vulnerable by Design
• Metasploit Unleashed
• Shellcode Database