Special Topics (Cybersecurity)

About

Catalog Description

Aim

This course aims to equip students with the knowledge and skills in identifying threats and vulnerabilities as well as developing protection mechanisms for computer systems and networks.

Objectives

At the end of this course the student should be able to:

1. explain the fundamental concepts in computer systems security: confidentiality, integrity, availability, asset, threat, attack, policy, mechanism;
2. find and identify software, platform, and network security vulnerabilities;
3. develop and use exploits for security vulnerabilities;
4. perform incident response and digital forensics after a security breach;
5. apply secure programming practices;
6. design, implement, and deploy secure network and web services; and
7. explain and evaluate the legal and ethical implications of security attacks and breaches.

Topics (based on ACM's 2023 CS Curriculum Guidelines: Security)

1. SEC-Foundations: Foundational Security
2. SEC-SEP: Society, Ethics, and the Profession
3. SEC-Coding: Secure Coding
4. SEC-Crypto: Cryptography
5. SEC-Engineering: Security Analysis, Design, and Engineering
6. SEC-Forensics: Digital Forensics
7. SEC-Governance: Security Governance

Specific topics

• Why Computer Security is challenging?
• Computer Security Strategy
• Symmetric Encryption
• Asymmetric Encryption
• Software Security
• Database Security
• Penetration Testing
• Buffer Overflow Attacks
• TCP/IP and attacks
• DNS and attacks
• Malicious Software
• IT Security Management and Risk Assessment
• IT Security Controls, Plans, and Procedures
• Human Resources Security

Evaluation/Grading(Tentative)

Exercises	45%
Quizzes	10%
CTF Exam	25%
Written Exam	20%
Total	100%

Passing grade is 55%. No grade of 4.0 will be given. Grading scale is shown below.

0.00	54.99	5.0
55.00	59.99	3.0
60.00	64.99	2.75
65.00	69.99	2.5
70.00	74.99	2.25
75.00	79.99	2.0
80.00	84.99	1.75
85.00	89.99	1.5
90.00	94.99	1.25
95.00	100	1.0

Attendance Policy

Attendance will be checked every meeting. Students with four(4) or more absences will be automatically dropped from the course.

Collaboration Policy

Honor Code

• Properly acknowledge help received.
• No looking at solutions/programs from previous years.
• No sharing of code with other students.
• Be ready to explain your code.

Google Classroom:

Schedule

Week	Date	Topic	Learning Materials	Laboratory
1	Jan 19-23	COURSE OVERVIEW AND ADMINISTRATIVE MATTERS
2	Jan 26-30	The Confidentiality-Integrity-Availability triad
3	Feb 2-6	Environment Variables and Set UID
4	Feb 9-13	Shellshock
5	Feb 16-20	Buffer Overflow
6	Feb 23-27	Secret-Key Encryption
7	Mar 2-6	Public-Key Infrastructure
8	Mar 9-11	Cross-Site Scripting
	Mar 12-13	READING BREAK
9	Mar 16-20	SQL Injection
10	Mar 23-27	TCP/IP Attacks
	Mar 20-Apr 3	LENTEN BREAK
11	Apr 6-10	Local DNS Attacks
12	Apr 13-17	Penetration Testing
13	Apr 20-24	Malware Analysis
14	Apr 27-May 1	(Buffer Week)
15	May 4-8	(Buffer Week)
16	May 11-13	CTF EXAM
Finals Week	May 15-22	WRITTEN EXAM

Resources

Main Resources

• Lecture: [STA]:Stallings, W. and Brown, L. (2024). Computer Security: Principles And Practice (5th ed.) Pearson Education Inc.
• Labs: SEED Labs

Supplementary Textbooks

• Wenliang Du.(2017).Computer Security: A Hands-on Approach.
• Goodrich, M., & Tamassia, R. (2010). Introduction to computer security. Addison-Wesley Publishing Company
• Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing. Prentice Hall Professional Technical Reference.
• Gollmann, D. (2011). Computer Security. John Wiley & Sons.
• Bishop, M. (2006). Introduction to computer security. Pearson Education India.
• Bishop, M. (2003). Computer Security: Art and Science. ISBN: 0-201-44099-7. Addison-Wesley Publishing Company.
• Kaufman, C., Perlman, R., and Speciner, M. (2002). Network security: private communication in a public world. Prentice Hall Press.
• Jon Erickson. (2008). Hacking: The art of exploitation. No Starch Press, Inc.
• Michael Sikorski and Andrew Honig.(2012). Practical Malware Analysis. No Starch Press, Inc.

Similar CNSEC Courses

• IT 280
• Stanford
• MIT
• UMD
• UCB

Software and Others

• Center for Internet Security
• The Hacker News
• NICE
• SecGen vuln VM generator
• Awesome Pentest
• ACM Cybersecurity Curricula Recommendations 2017
• Vagrant
• VirtualBox
• Kali Linux
• Phrack Magazine
• Exploit DB
• Common Vulnerabilities Exposures
• Damn Vulnerable Web Applications
• National Vulnerability Database
• PentesterLab
• Cybersecurity in the Philippines
• Penetration Test Execution Standard
• Vulnerable by Design
• Metasploit Unleashed
• Shellcode Database