Special Topics (Computer and Network Security)

Second Semester AY 2018-2019

About

Catalog Description
Course Number and Section CMSC 191 EF
Course Title Special Topics (Computer and Network Security)
Description Concepts in protecting computer systems and networks from attacks.
Prerequisites CMSC 125 and CMSC 131 or COI
Credit 3 units
Aim

This course aims to equip students with the knowledge and skills in identifying threats and vulnerabilities as well as developing protection mechanisms for computer systems and networks.

Objectives
At the end of this course the student should be able to:
  1. explain the fundamental concepts in computer systems security: confidentiality, integrity, availability, asset, threat, attack, policy, mechanism;
  2. find and identify software, platform, and network security vulnerabilities;
  3. develop and use exploits for security vulnerabilities;
  4. perform incident response and digital forensics after a security breach;
  5. apply secure programming practices;
  6. design and deploy secure network and web services; and
  7. explain and evaluate the legal and ethical implications of security attacks and breaches.
Topics (based on ACM's 2013 Curriculum Guidelines)
  1. IAS/Foundational Concepts in Security
  2. IAS/Principles of Secure Design
  3. IAS/Defensive Programming
  4. IAS/Threats and Attacks
  5. IAS/Network Security
  6. IAS/Cryptography
  7. IAS/Web Security
  8. IAS/Platform Security
  9. IAS/Security Policy and Governance
  10. IAS/Digital Forensics
  11. IAS/Secure Software Engineering
Specific topics
  • Why Computer Security is challenging?
  • Computer Security Strategy
  • Symmetric Encryption
  • Asymmetric Encryption
  • Software Security
  • Database Security
  • Penetration Testing
  • Buffer Overflow Attacks
  • TCP/IP ans attacks
  • DNS and attacks
  • Malicious Software
  • IT Security Management and Risk Assessment
  • IT Security Controls, Plans, and Procedures
  • Human Resources Security
Evaluation/Grading(Tentative)
2 Long Exams 40%
Quizzes 10%
Laboratory Exercises 50%
Total 100%
Passing grade is 55%. No grade of 4.0 will be given. Grading scale is shown below.
0.00 54.99 5.0
55.00 59.99 3.0
60.00 64.99 2.75
65.00 69.99 2.5
70.00 74.99 2.25
75.00 79.99 2.0
80.00 84.99 1.75
85.00 89.99 1.5
90.00 94.99 1.25
95.00 100 1.0
Attendance Policy

Attendance will be checked every meeting. Students with four(4) or more absences will be automatically dropped from the course.

Collaboration Policy

Honor Code
  • Properly acknowledge help received.
  • No looking at solutions/programs from previous years.
  • No sharing of code with other students.
  • Be ready to explain your code.
Google Classroom:

Staff

Name Role Email
Joseph Anthony C. Hermocilla Lecturer jchermocilla@up.edu.ph
Marie Betel B. de Robles Guest Lecturer mbderobles2@up.edu.ph
Miyah D. Queliste Guest Lecturer mdqueliste@up.edu.ph

Lecture/Laboratory

Meeting Date Topic Readings/Slides Homework Laboratory
1 1/14/2019 M Introduction
2 1/21/2019 M Why computer security is challenging? [STA]Ch. 1 [SEED]Environment Variable and Set-UID Program Lab
3 1/28/2019 M Environment Variables and Shellshock [SEED]Shellshock Attack Lab
4 2/4/2019 M Symmetric Cryptography [STA]Ch. 2,[STA]Ch. 20,Frequency Analysis [SEED]Secret-Key Encryption, ciphertext.txt,pic.bmp
5 2/11/2019 M (no meeting: PalICSihan)
6 2/18/2019 M Asymmetric Cryptography [STA]Ch. 21 [SEED]RSA Public-Key Encryption and Signature Lab,[SEED]Public-Key Infrastructure,Task3 Answer
7 2/25/2019 M (no meeting: holiday)
8 3/4/2019 M Database Security (Lecture by Marie Betel B. de Robles) [STA]Ch. 5 [SEED]SQL Injection Attack Lab
9 3/11/2019 M Software Security [STA]Ch. 11 XSS Attack Lab (Elgg)
10 3/18/2019 M Penetration Testing Penetration Testing
11 3/25/2019 M EXAM 1
12 4/1/2019 M Buffer Overflow Attacks (Guest lecture by MDQueliste) BOF Attacks, Windows Files
13 4/8/2019 M TCP/IP Attack Lab TCP/IP Attack Lab [SEED]TCP/IP Attack Lab
14 4/15/2018 M DNS Attack Lab DNS Attack Lab,[SEED] DNS Attacks Slides [SEED]Local DNS Attack Lab,[Forward Zone File],[Reverse Zone File]
15 4/22/2019 M [Malicious Software], [IT Security Management and Risk Assessment] [STA]Ch.6,[STA]Ch.14 shingles32
16 4/29/2019 M [IT Security Controls, Plans, and Procedures],[Human Resources Security] [STA]Ch.15, [STA]Ch.17
17 5/6/2019 M Free Lab
18 5/15/2019 M EXAM 2

Resources

Textbook
  • [STA]:Stallings, W. and Brown, L. (2015). Computer Security: Principles And Practice (3rd ed.) Pearson Education Inc.
Supplementary Textbooks
  • Wenliang Du.(2017).Computer Security: A Hands-on Approach.
  • Goodrich, M., & Tamassia, R. (2010). Introduction to computer security. Addison-Wesley Publishing Company
  • Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing. Prentice Hall Professional Technical Reference.
  • Gollmann, D. (2011). Computer Security. John Wiley & Sons.
  • Bishop, M. (2006). Introduction to computer security. Pearson Education India.
  • Bishop, M. (2003). Computer Security: Art and Science. ISBN: 0-201-44099-7. Addison-Wesley Publishing Company.
  • Kaufman, C., Perlman, R., and Speciner, M. (2002). Network security: private communication in a public world. Prentice Hall Press.
  • Jon Erickson. (2008). Hacking: The art of exploitation. No Starch Press, Inc.
  • Michael Sikorski and Andrew Honig.(2012). Practical Malware Analysis. No Starch Press, Inc.
Similar CNSEC Courses
Software and Others