UCCS CS 4910 Intro to Computer Security

General Information

Instructor

Xi Tan, Assistant Professor

E-mail: xtan4@uccs.edu

Homepage: link

M/W 3:00 PM - 4:30 PM or by appointment. Student hours can be held in person, or via Teams.

Loc: Cybersecurity Center, 120J

Teaching Assistant

Aryan: xx@uccs.edu

Office hours: By appointment

Overview

The objectives of this course consist of developing a solid understanding of fundamental principles of the security field and building knowledge of tools and mechanisms to safeguard a wide range of software and computing systems. It is intended for upper-level undergraduate and graduate students, and a tentative list of the covered topics is: cryptographic background and tools; access control; authentication; software security, malware; Internet security protocols and standards (SSL/TLS, IPsec, secure email); intrusion detection and intrusion prevention systems (firewalls); database security; privacy; identity management; security management and risk assessment; legal and ethical aspects (cybercrime, intellectual property); system and software security, microarchitectural attacks

Tentative Schedule

Date	Topic	Notes
Week-1 Class-1 1/20	=== No class ===
Week-1 Class-2 1/22	Overview I	Read Chap 1.
Week-2 Class-1 1/27	Overview II
Week-2 Class-2 1/29	Crypto Tools I (chap 2, 20)	Assignment 1 Release
Week-3 Class-1 2/3	Crypto Tools II (chap 2, 21)
Week-3 Class-2 2/5	Crypto Tools III (chap 2.4, 2.5)
Week-4 Class-1 2/10	Authentication (chap 3)
Week-4 Class-2 2/12	Access Control I (chap 4)	Assignment 1 Due
Week-5 Class-1 2/17	Access Control II (chap 4)	Assignment 2 Release
Week-5 Class-2 2/19	Database Security (chap 5)
Week-6 Class-1 2/24	Malicious Software (chap 6)	Lab 1 due (Secret-Key Encryption)
Week-6 Class-2 2/26	Network Security I: network concepts (chap 7, 22)
Week-7 Class-1 3/03	Network Security II: DoS attack (chap 7, 22)
Week-7 Class-2 3/05	*** Midterm Review ***	Assignment 2 Due
Week-8 Class-1 3/10	*** Midterm Exam ***	Cyber - A107
Week-8 Class-2 3/12	Network Security III: DNS attack (chap 8, 9)
Week-9 Class-1 3/17	Network Security IV: Firewalls and IDS (chap 9)	Assignment 3 Release
Week-9 Class-2 3/19	Operating System Security I (chap 12)
Week-10 Class-1 3/24	=== Spring Break No class ===
Week-10 Class-2 3/26	=== Spring Break No class ===
Week-11 Class-1 3/31	Operating System Security II	Lab 2 due (Packet Sniffing and Spoofing Lab)
Week-11 Class-2 4/02	Software Security I (chap 11)	Assignment 3 Due
Week-12 Class-1 4/07	Software Security II: buffer overflow
Week-12 Class-2 4/09	Software Security III: buffer overflow	Assignment 4 Release
Week-13 Class-1 4/14	Software Security IV: buffer overflow	Research Paper due
Week-13 Class-2 4/16	Software Security V: buffer overflow defense
Week-14 Class-1 4/21	Software Security VI: buffer overflow defense
Week-14 Class-2 4/23	Cloud and IoT Security I	Assignment 4 Due
Week-15 Class-1 4/28	Cloud and IoT Security II
Week-15 Class-2 4/30	Microarchitectural Attacks I: cache and cache side-channels
Week-16 Class-1 5/05	Microarchitectural Attacks II: Meltdown and Spectre	Lab 3 due (Chapter 10 Buffer-Overflow Attack Lab (Set-UID Version))
Week-16 Class-2 5/07	*** Final Exam Review ***
Final Exam 5/12 12:40PM-1:40PM	*** Final Exam (non-cumulative) ***	Cyber - A107

Resources

Required textbook:

• William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 5th edition, Pearson, 2024.

Additional resources:

• Charles Pfleeger and Shari Pfleeger, Security in Computing.
• William Stallings, Cryptography and Network Security, Principles and Practice.
• Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World.
• Edward Skoudis and Tom Liston, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses.
• Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems.

Course Structure

We will have

1. Lectures.
2. Four homework assignments.
3. Three hands-on labs picked from SEED Lab.
4. One research paper.
5. Two midterm exams.
6. Pop quizzes (bonus points!).

All materials will be updated to Canvas.

Research Paper

Students are required to complete a research paper on the state-of-the-art of some computer security topic. Below are the paper requirements:

1. Pick a topic interesting to you and relatively specific (e.g., encryption of vehicle communications, not just encryption)
2. Paper should contain the following:
• Survey/summarization of 8 or more scholarly references (i.e., not some blog)
• Identify if there are there any companies out there applying this research. If not, which one do you think would be (explain why you think so)
• If you had to extend the research, what direction would you take it?
3. IEEE format (https://www.ieee.org/conferences/publishing/templates.html)
4. Four pages of actual text (i.e. actual paper length minus pictures, charts, references, etc.)

Disclaimer

Some of the resources were borrowed from Prof. Ziming Zhao, some were borrowed from Mark Stidd, and a partial of the copyright belongs to Pearson Education, Inc.