UCCS CS 4910 Intro to Computer Security

General Information

Instructor

Xi Tan, Assistant Professor

E-mail: xtan4 AT uccs.edu

Homepage: link

M/W 3:15 PM - 4:30 PM or by appointment. Student hours can be held in person, or via Teams.

Loc: Cybersecurity Center, 120J

Teaching Assistant

Qaiser Khan

Email: qkhan AT uccs.edu

Office hours: TBD

Overview

The objectives of this course consist of developing a solid understanding of fundamental principles of the security field and building knowledge of tools and mechanisms to safeguard a wide range of software and computing systems. It is intended for upper-level undergraduate and graduate students, and a tentative list of the covered topics is: cryptographic background and tools; access control; authentication; software security, malware; Internet security protocols and standards (SSL/TLS, IPsec, secure email); intrusion detection and intrusion prevention systems (firewalls); database security; privacy; identity management; security management and risk assessment; legal and ethical aspects (cybercrime, intellectual property); system and software security, etc.

Tentative Schedule

Date	Topic	Notes
Week-1 Class-1 1/19	=== No class ===
Week-1 Class-2 1/21	Overview I	Read Chap 1.
Week-2 Class-1 1/26	Overview II
Week-2 Class-2 1/28	Crypto tools I: intro (chap 2, 20)
Week-3 Class-1 2/2	Crypto tools II: block ciphers (chap 2, 20)
Week-3 Class-2 2/4	Crypto tools III: public key cryptography (chap 2, 21)	Assignment 1 Release
Week-4 Class-1 2/9	Crypto tools IV: digital signatures (chap 2, 21)
Week-4 Class-2 2/11	Crypto tools V: message integrity (chap 2)
Week-5 Class-1 2/16	Crypto tools VI: in-class discussion	MITRE eCTF 2023 (car door lock theme)
Week-5 Class-2 2/18	Lab Office Hours (in class)
Week-6 Class-1 2/23	User authentication I (chap 3)
Week-6 Class-2 2/25	User authentication II (chap 3)	Lab 1 due (Secret-Key Encryption) , Research Paper Topic Selection, Assignment 2 Release
Week-7 Class-1 3/02	Access control I (chap 4)
Week-7 Class-2 3/04	Access control II (chap 4)
Week-8 Class-1 3/09	*** Midterm Review ***
Week-8 Class-2 3/11	*** Midterm Exam ***	Cyber - A107
Week-9 Class-1 3/16	Database security I (chap 5)
Week-9 Class-2 3/18	Database security II (chap 5)	Research Paper due
Week-10 Class-1 3/23	=== Spring Break No class ===
Week-10 Class-2 3/25	=== Spring Break No class ===
Week-11 Class-1 3/30	Malicious software (chap 6)	Assignment 3 Release
Week-11 Class-2 4/01	Network security I: network concepts (chap 22)
Week-12 Class-1 4/06	Lab Office Hours (in class)
Week-12 Class-2 4/08	Network security II: DoS attack (chap 7, 22)	Lab 2 due (Packet Sniffing and Spoofing Lab)
Week-13 Class-1 4/13	Network security III: DNS attack (chap 7, 22)
Week-13 Class-2 4/15	Network security IV: Firewalls (chap 9)
Week-14 Class-1 4/20	Network security V: IDS (chap 8)	Assignment 4 Release
Week-14 Class-2 4/22	Software security I: function stack
Week-15 Class-1 4/27	Software security II: buffer overflow attack
Week-15 Class-2 4/29	Software security III: buffer overflow defense
Week-16 Class-1 5/04	Computer security ethics	Lab 3 due (Buffer-Overflow Attack Lab (Set-UID Version))
Week-16 Class-2 5/06	*** Final Exam Review ***
Final Exam 5/11 12:40PM-1:40PM	*** Final Exam (non-cumulative) ***	Cyber - A107

Resources

Required textbook:

• William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 5th edition, Pearson, 2024.

Additional resources:

• Charles Pfleeger and Shari Pfleeger, Security in Computing.
• William Stallings, Cryptography and Network Security, Principles and Practice.
• Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World.
• Edward Skoudis and Tom Liston, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses.
• Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems.

Course Structure

We will have

1. Lectures.
2. Four non-graded homework assignments.
3. Five pop-up quizzes.
4. Three hands-on labs picked from SEED Lab.
5. One research paper.
6. Two exams.

All materials will be updated to Canvas.

Research Paper

Students are required to complete a research paper on the state-of-the-art of some computer security topic. Below are the paper requirements:

1. Pick a topic interesting to you and relatively specific (e.g., encryption of vehicle communications, not just encryption)
2. Paper should contain the following:
• Survey/summarization of 8 or more scholarly references (i.e., not some blog)
• Identify if there are any companies out there applying this research. If not, which one do you think would be (explain why you think so)
• If you had to extend the research, what direction would you take it?
3. IEEE format (Details).
4. Four pages of actual text (i.e. actual paper length minus pictures, charts, references, etc.)

Disclaimer

Some of the resources were borrowed from Prof. Ziming Zhao, some were borrowed from Mark Stidd, and a partial of the copyright belongs to Pearson Education, Inc.