UCCS CS 4910 Intro to Computer Security

General Information

Instructor

Xi Tan, Assistant Professor

E-mail: xtan4 AT uccs.edu

Homepage: link

M/W 3:00 PM - 4:30 PM or by appointment. Student hours can be held in person, or via Teams.

Loc: Cybersecurity Center, 120J

Teaching Assistant

Aryan Padiyal: apadiyal AT uccs.edu

Office hours: By appointment

Overview

The objectives of this course consist of developing a solid understanding of fundamental principles of the security field and building knowledge of tools and mechanisms to safeguard a wide range of software and computing systems. It is intended for upper-level undergraduate and graduate students, and a tentative list of the covered topics is: cryptographic background and tools; access control; authentication; software security, malware; Internet security protocols and standards (SSL/TLS, IPsec, secure email); intrusion detection and intrusion prevention systems (firewalls); database security; privacy; identity management; security management and risk assessment; legal and ethical aspects (cybercrime, intellectual property); system and software security, microarchitectural attacks

Tentative Schedule

Date	Topic	Notes
Week-1 Class-1 1/20	=== No class ===
Week-1 Class-2 1/22	Overview I Slides	Read Chap 1.
Week-2 Class-1 1/27	Overview II Slides
Week-2 Class-2 1/29	Crypto tools I (chap 2, 20) Slides	Assignment 1 Release
Week-3 Class-1 2/3	Crypto tools II (chap 2, 21) Slides
Week-3 Class-2 2/5	Crypto tools III (chap 2.4, 2.5) Slides
Week-4 Class-1 2/10	Crypto tools IV Slides
Week-4 Class-2 2/12	Authentication I (chap 3) Slides	Assignment 1 Due
Week-5 Class-1 2/17	Authentication II (chap 3) Slides	Assignment 2 Release
Week-5 Class-2 2/19	Access control I (chap 4) Slides
Week-6 Class-1 2/24	Access control II (chap 4) Slides	Lab 1 due (Secret-Key Encryption)
Week-6 Class-2 2/26	Database security I (chap 5)
Week-7 Class-1 3/03	Database security II
Week-7 Class-2 3/05	*** Midterm Review ***	Assignment 2 Due
Week-8 Class-1 3/10	*** Midterm Exam ***	Cyber - A107
Week-8 Class-2 3/12	Malicious software (chap 6)
Week-9 Class-1 3/17	Network security I: network concepts (chap 7, 22)	Assignment 3 Release
Week-9 Class-2 3/19	Network security II: DoS attack (chap 7, 22)
Week-10 Class-1 3/24	=== Spring Break No class ===
Week-10 Class-2 3/26	=== Spring Break No class ===
Week-11 Class-1 3/31	Network security III: DNS attack (chap 8, 9)	Lab 2 due (Packet Sniffing and Spoofing Lab)
Week-11 Class-2 4/02	Network security IV: Firewalls and IDS (chap 9)	Assignment 3 Due
Week-12 Class-1 4/07	Operating system security (chap 12)
Week-12 Class-2 4/09	Software security I (chap 11)	Assignment 4 Release
Week-13 Class-1 4/14	Software security II	Research Paper due
Week-13 Class-2 4/16	Software security III
Week-14 Class-1 4/21	Software security IV
Week-14 Class-2 4/23	Software security V	Assignment 4 Due
Week-15 Class-1 4/28	Cloud and IoT security
Week-15 Class-2 4/30	Microarchitectural attacks
Week-16 Class-1 5/05	Computer security ethics	Lab 3 due (Chapter 10 Buffer-Overflow Attack Lab (Set-UID Version))
Week-16 Class-2 5/07	*** Final Exam Review ***
Final Exam 5/12 12:40PM-1:40PM	*** Final Exam (non-cumulative) ***	Cyber - A107

Resources

Required textbook:

• William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 5th edition, Pearson, 2024.

Additional resources:

• Charles Pfleeger and Shari Pfleeger, Security in Computing.
• William Stallings, Cryptography and Network Security, Principles and Practice.
• Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World.
• Edward Skoudis and Tom Liston, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses.
• Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems.

Course Structure

We will have

1. Lectures.
2. Four homework assignments.
3. Three hands-on labs picked from SEED Lab.
4. One research paper.
5. Two midterm exams.
6. Pop quizzes (bonus points!).

All materials will be updated to Canvas.

Research Paper

Students are required to complete a research paper on the state-of-the-art of some computer security topic. Below are the paper requirements:

1. Pick a topic interesting to you and relatively specific (e.g., encryption of vehicle communications, not just encryption)
2. Paper should contain the following:
• Survey/summarization of 8 or more scholarly references (i.e., not some blog)
• Identify if there are there any companies out there applying this research. If not, which one do you think would be (explain why you think so)
• If you had to extend the research, what direction would you take it?
3. IEEE format (https://www.ieee.org/conferences/publishing/templates.html)
4. Four pages of actual text (i.e. actual paper length minus pictures, charts, references, etc.)

Disclaimer

Some of the resources were borrowed from Prof. Ziming Zhao, some were borrowed from Mark Stidd, and a partial of the copyright belongs to Pearson Education, Inc.