Special Topics (Computer and Network Security)

First Semester AY 2019-2020


Catalog Description
Course Number and Section CMSC 191 EF
Course Title Special Topics (Computer and Network Security)
Description Concepts in protecting computer systems and networks from attacks.
Prerequisites CMSC 125 and CMSC 131 or COI
Credit 3 units

This course aims to equip students with the knowledge and skills in identifying threats and vulnerabilities as well as developing protection mechanisms for computer systems and networks.

At the end of this course the student should be able to:
  1. explain the fundamental concepts in computer systems security: confidentiality, integrity, availability, asset, threat, attack, policy, mechanism;
  2. find and identify software, platform, and network security vulnerabilities;
  3. develop and use exploits for security vulnerabilities;
  4. perform incident response and digital forensics after a security breach;
  5. apply secure programming practices;
  6. design, implement, and deploy secure network and web services; and
  7. explain and evaluate the legal and ethical implications of security attacks and breaches.
Topics (based on ACM's 2013 Curriculum Guidelines)
  1. IAS/Foundational Concepts in Security
  2. IAS/Principles of Secure Design
  3. IAS/Defensive Programming
  4. IAS/Threats and Attacks
  5. IAS/Network Security
  6. IAS/Cryptography
  7. IAS/Web Security
  8. IAS/Platform Security
  9. IAS/Security Policy and Governance
  10. IAS/Digital Forensics
  11. IAS/Secure Software Engineering
Specific topics
  • Why Computer Security is challenging?
  • Computer Security Strategy
  • Symmetric Encryption
  • Asymmetric Encryption
  • Software Security
  • Database Security
  • Penetration Testing
  • Buffer Overflow Attacks
  • TCP/IP and attacks
  • DNS and attacks
  • Malicious Software
  • IT Security Management and Risk Assessment
  • IT Security Controls, Plans, and Procedures
  • Human Resources Security
2 Long Exams 40%
Quizzes 10%
Laboratory Exercises 50%
Total 100%
Passing grade is 55%. No grade of 4.0 will be given. Grading scale is shown below.
0.00 54.99 5.0
55.00 59.99 3.0
60.00 64.99 2.75
65.00 69.99 2.5
70.00 74.99 2.25
75.00 79.99 2.0
80.00 84.99 1.75
85.00 89.99 1.5
90.00 94.99 1.25
95.00 100 1.0
Attendance Policy

Attendance will be checked every meeting. Students with four(4) or more absences will be automatically dropped from the course.

Collaboration Policy

Honor Code
  • Properly acknowledge help received.
  • No looking at solutions/programs from previous years.
  • No sharing of code with other students.
  • Be ready to explain your code.
Google Classroom:


Name Role Email
Joseph Anthony C. Hermocilla Lecturer jchermocilla@up.edu.ph
Marie Betel B. de Robles Guest Lecturer mbderobles2@up.edu.ph
Miyah D. Queliste Guest Lecturer mdqueliste@up.edu.ph


Meeting Date Topic Readings/Slides Homework Laboratory
1 8/5/2019 M (no meeting: bad weather)
2 8/12/2019 M (no meeting))
3 8/19/2019 M Introduction.Why computer security is challenging? [STA] Ch. 1
4 8/26/2019 M (no meeting)
5 9/2/2019 M Environment Variables and setuid programs [SEED]Environment Variable and Set-UID Program Lab
6 9/9/2019 M Symmetric Cryptography [STA]Ch. 2, [STA]Ch. 20, Frequency Analysis Tool [SEED]Secret-Key Encryption Lab,ciphertext.txt,pic.bmp
(makeup class) 9/12/2019 M Shellshock [SEED Shellshock] [SEED] Shellshock Attack Lab
7 9/16/2019 M Asymmetric Cryptography [STA]Ch. 21 [SEED]RSA Public-Key Encryption and Signature Lab,[SEED]Public-Key Infrastructure,Task3 Answer
8 9/23/2019 M Database Security (Lecture by Marie Betel B. de Robles) [STA]Ch. 5 [SEED]SQL Injection Attack Lab
9 9/30/2019 M (no meeting)
10 10/7/2019 M Software Security [STA]Ch. 11 [SEED]XSS Attack Lab (Elgg)
11 10/14/2019 M EXAM 1
12 10/21/2019 M Penetration Testing Penetration Testing
13 10/28/2019 M TCP/IP Attack Lab TCP/IP Attack Lab, [SEED] [SEED]TCP/IP Attack Lab
14 11/4/2018 M DNS Attack Lab DNS Attack Lab,[SEED],Video [SEED]Local DNS Attack Lab,Forward Zone File, Reverse Zone File
15 11/11/2019 M [Malicious Software],[IT Security Management and Risk Assessment] [STA]Ch.6, [STA]Ch.14 shingles32
16 11/18/2019 M [IT Security Controls, Plans, and Procedures], [Human Resources Security] [STA]Ch.15,[STA]Ch.17
17 11/25/2019 M Buffer Overflow Attacks BOF Attacks, Windows Files
18 12/2/2019 M EXAM 2


  • [STA]:Stallings, W. and Brown, L. (2015). Computer Security: Principles And Practice (3rd ed.) Pearson Education Inc.
Supplementary Textbooks
  • Wenliang Du.(2017).Computer Security: A Hands-on Approach.
  • Goodrich, M., & Tamassia, R. (2010). Introduction to computer security. Addison-Wesley Publishing Company
  • Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing. Prentice Hall Professional Technical Reference.
  • Gollmann, D. (2011). Computer Security. John Wiley & Sons.
  • Bishop, M. (2006). Introduction to computer security. Pearson Education India.
  • Bishop, M. (2003). Computer Security: Art and Science. ISBN: 0-201-44099-7. Addison-Wesley Publishing Company.
  • Kaufman, C., Perlman, R., and Speciner, M. (2002). Network security: private communication in a public world. Prentice Hall Press.
  • Jon Erickson. (2008). Hacking: The art of exploitation. No Starch Press, Inc.
  • Michael Sikorski and Andrew Honig.(2012). Practical Malware Analysis. No Starch Press, Inc.
Similar CNSEC Courses
Software and Others