UCCS CS 4910 Intro to Computer Security

General Information

Instructor

Xi Tan, Assistant Professor

E-mail: xtan4 AT uccs.edu

Homepage: link

M/W 3:15 PM - 4:30 PM or by appointment. Student hours can be held in person, or via Teams.

Loc: Cybersecurity Center, 120J

Teaching Assistant

TBD

Office hours: By appointment

Overview

The objectives of this course consist of developing a solid understanding of fundamental principles of the security field and building knowledge of tools and mechanisms to safeguard a wide range of software and computing systems. It is intended for upper-level undergraduate and graduate students, and a tentative list of the covered topics is: cryptographic background and tools; access control; authentication; software security, malware; Internet security protocols and standards (SSL/TLS, IPsec, secure email); intrusion detection and intrusion prevention systems (firewalls); database security; privacy; identity management; security management and risk assessment; legal and ethical aspects (cybercrime, intellectual property); system and software security, etc.

Tentative Schedule

Date	Topic	Notes
Week-1 Class-1 1/19	=== No class ===
Week-1 Class-2 1/21	Overview I	Read Chap 1.
Week-2 Class-1 1/26	Overview II
Week-2 Class-2 1/28	Crypto tools I (chap 2, 20)
Week-3 Class-1 2/2	Crypto tools II (chap 2, 21)
Week-3 Class-2 2/4	Crypto tools III (chap 2.4, 2.5)	Assignment 1 Release
Week-4 Class-1 2/9	Crypto tools IV
Week-4 Class-2 2/11	Authentication I (chap 3)	Assignment 1 Due
Week-5 Class-1 2/16	Authentication II (chap 3)
Week-5 Class-2 2/18	Lab Office Hours (in class)
Week-6 Class-1 2/23	Access control I (chap 4)	Lab 1 due (Secret-Key Encryption)
Week-6 Class-2 2/25	Access control II (chap 4)	Assignment 2 Release
Week-7 Class-1 3/02	Database security I
Week-7 Class-2 3/04	Database security II	Assignment 2 Due
Week-8 Class-1 3/09	*** Midterm Review ***
Week-8 Class-2 3/11	*** Midterm Exam ***	Cyber - A107
Week-9 Class-1 3/16	Malicious software (chap 6)
Week-9 Class-2 3/18	Network security I: network concepts (chap 7, 22)	Research Paper due
Week-10 Class-1 3/23	=== Spring Break No class ===
Week-10 Class-2 3/25	=== Spring Break No class ===
Week-11 Class-1 3/30	Network security II: DoS attack (chap 7, 22)	Assignment 3 Release
Week-11 Class-2 4/01	Network security III: DNS attack (chap 8, 9)
Week-12 Class-1 4/06	Lab Office Hours (in class)	Assignment 3 Due
Week-12 Class-2 4/08	Network security IV: Firewalls (chap 9)	Lab 2 due (Packet Sniffing and Spoofing Lab)
Week-13 Class-1 4/13	Network security V: IDS (chap 9)
Week-13 Class-2 4/15	Software security I: function stack I
Week-14 Class-1 4/20	Software security II: buffer overflow attack I	Assignment 4 Release
Week-14 Class-2 4/22	Software security III: buffer overflow attack II
Week-15 Class-1 4/27	Software security IV: buffer overflow defense	Assignment 4 Due
Week-15 Class-2 4/29	System Security
Week-16 Class-1 5/04	Computer security ethics	Lab 3 due (Buffer-Overflow Attack Lab (Set-UID Version))
Week-16 Class-2 5/06	*** Final Exam Review ***
Final Exam 5/11 12:40PM-1:40PM	*** Final Exam (non-cumulative) ***	Cyber - A107

Resources

Required textbook:

• William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 5th edition, Pearson, 2024.

Additional resources:

• Charles Pfleeger and Shari Pfleeger, Security in Computing.
• William Stallings, Cryptography and Network Security, Principles and Practice.
• Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World.
• Edward Skoudis and Tom Liston, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses.
• Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems.

Course Structure

We will have

1. Lectures.
2. Four homework assignments.
3. Three hands-on labs picked from SEED Lab.
4. One research paper.
5. Two exams.
6. Pop quizzes (bonus points!).

All materials will be updated to Canvas.

Research Paper

Students are required to complete a research paper on the state-of-the-art of some computer security topic. Below are the paper requirements:

1. Pick a topic interesting to you and relatively specific (e.g., encryption of vehicle communications, not just encryption)
2. Paper should contain the following:
• Survey/summarization of 8 or more scholarly references (i.e., not some blog)
• Identify if there are any companies out there applying this research. If not, which one do you think would be (explain why you think so)
• If you had to extend the research, what direction would you take it?
3. IEEE format (Details).
4. Four pages of actual text (i.e. actual paper length minus pictures, charts, references, etc.)

Disclaimer

Some of the resources were borrowed from Prof. Ziming Zhao, some were borrowed from Mark Stidd, and a partial of the copyright belongs to Pearson Education, Inc.