Special Topics (Computer and Network Security)

Second Semester AY 2017-2018

About

Catalog Description
Course Number CMSC 191
Course Title Special Topics (Computer and Network Security)
Description Concepts in protecting computer systems and networks from attacks.
Prerequisites CMSC 125 and CMSC 131 or COI
Credit 3 units
Aim

This course aims to equip students with the knowledge and skills in identifying threats and vulnerabilities as well as developing protection mechanisms for computer systems and networks.

Objectives
At the end of this course the student should be able to:
  1. explain the fundamental concepts in computer systems security: confidentiality, integrity, availability, asset, threat, attack, policy, mechanism;
  2. find and identify software, platform, and network security vulnerabilities;
  3. develop and use exploits for security vulnerabilities;
  4. perform incident response and digital forensics after a security breach;
  5. apply secure programming practices;
  6. design and deploy secure network and web services; and
  7. explain and evaluate the legal and ethical implications of security attacks and breaches.
Topics (based on ACM's 2013 Curriculum Guidelines)
  1. IAS/Foundational Concepts in Security
  2. IAS/Principles of Secure Design
  3. IAS/Defensive Programming
  4. IAS/Threats and Attacks
  5. IAS/Network Security
  6. IAS/Cryptography
  7. IAS/Web Security
  8. IAS/Platform Security
  9. IAS/Security Policy and Governance
  10. IAS/Digital Forensics
  11. IAS/Secure Software Engineering
Evaluation/Grading(Tentative)
2 Long Exams 40%
Quizzes 10%
Laboratory Exercises 50%
Total 100%
Passing grade is 55%. No grade of 4.0 will be given. Grading scale is shown below.
0.00 54.99 5.0
55.00 59.99 3.0
60.00 64.99 2.75
65.00 69.99 2.5
70.00 74.99 2.25
75.00 79.99 2.0
80.00 84.99 1.75
85.00 89.99 1.5
90.00 94.99 1.25
95.00 100 1.0
Attendance Policy

Attendance will be checked every meeting. Students with four(4) or more absences will be automatically dropped from the course.

Collaboration Policy

Honor Code
  • Properly acknowledge help received.
  • No looking at solutions/programs from previous years.
  • No sharing of code with other students.
  • Be ready to explain your code.
Google Classroom: hsahcg

Staff

Name Role Email
Joseph Anthony C. Hermocilla Lecturer jchermocilla@up.edu.ph
Marie Betel B. de Robles Guest Lecturer mbderobles2@up.edu.ph
Miyah D. Queliste Guest Lecturer mdqueliste@up.edu.ph

Lecture/Laboratory

Meeting Date Topic Readings/Slides Homework Laboratory
1 1/22/2018 M Setup Lab environment and VM
2 1/29/2018 M Why computer security is challenging [STA]Ch. 1 [Environment Variable and set-uid programs]
3 2/5/2018 M Computer Security Strategy [Shellshock attack],[variables.c]
4 2/12/2018 M (no meeting)
5 2/19/2018 M Symmetric Encryption [STA]Ch. 2, 20 [Symmetric Encryption],[.bmp],[words.txt]
6 2/26/2018 M Asymmetric Encryption [STA]Ch. 2, 21 [Asymmetric Encryption],[demo],[timer]
7 3/5/2018 M Database Security [STA]Ch. 5 [SQL Injection],[patch.tar.gz]
8 3/12/2018 M Software Security [STA]Ch. 11 [Cross-site scripting],[echoserv.tar],[HTTPSimpleForge.java]
9 3/19/2018 M Exam 1
10 3/26/2018 M Penetration Testing Penetration Testing and Kali Linux
11 4/2/2018 M TCP/IP [SEED Slides],[TCP/IP Attack Lab]
12 4/9/2018 M (no meeting: Araw ng Kagitingan)
13 4/16/2018 M Buffer Overflow Attacks target.tar.gz
14 4/23/2018 M DNS and Attacks [Local DNS Attack Lab],[forward zone file],[reverse zone file]
15 4/30/2018 M [Malicious Software], [IT Security Management and Risk Assessment] [STA]Ch. 6, 14 Malware Analysis
16 5/7/2018 M [IT Security Controls, Plans, and Procedures],[Human Resources Security] [STA]Ch. 15, 17 CTF
17 5/14/2018 M Exam 2

Resources

Textbook
  • [STA]:Stallings, W. and Brown, L. (2015). Computer Security: Principles And Practice (3rd ed.) Pearson Education Inc.
Supplementary Textbooks
  • Wenliang Du.(2017).Computer Security: A Hands-on Approach.
  • Goodrich, M., & Tamassia, R. (2010). Introduction to computer security. Addison-Wesley Publishing Company
  • Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing. Prentice Hall Professional Technical Reference.
  • Gollmann, D. (2011). Computer Security. John Wiley & Sons.
  • Bishop, M. (2006). Introduction to computer security. Pearson Education India.
  • Bishop, M. (2003). Computer Security: Art and Science. ISBN: 0-201-44099-7. Addison-Wesley Publishing Company.
  • Kaufman, C., Perlman, R., and Speciner, M. (2002). Network security: private communication in a public world. Prentice Hall Press.
  • Jon Erickson. (2008). Hacking: The art of exploitation. No Starch Press, Inc.
  • Michael Sikorski and Andrew Honig.(2012). Practical Malware Analysis. No Starch Press, Inc.
Similar CNSEC Courses
Software and Others