UCCS CS 4910 Intro to Computer Security

General Information

Instructor

Xi Tan, Assistant Professor

E-mail: xtan4 AT uccs.edu

Homepage: link

M/W 3:15 PM - 4:30 PM or by appointment. Student hours can be held in person, or via Teams.

Loc: Cybersecurity Center, 120J

Teaching Assistant

Qaiser Khan

Email: qkhan AT uccs.edu

Office hours: TBD

Overview

The objectives of this course consist of developing a solid understanding of fundamental principles of the security field and building knowledge of tools and mechanisms to safeguard a wide range of software and computing systems. It is intended for upper-level undergraduate and graduate students, and a tentative list of the covered topics is: cryptographic background and tools; access control; authentication; software security, malware; Internet security protocols and standards (SSL/TLS, IPsec, secure email); intrusion detection and intrusion prevention systems (firewalls); database security; privacy; identity management; security management and risk assessment; legal and ethical aspects (cybercrime, intellectual property); system and software security, etc.

Tentative Schedule

Date	Topic	Notes
Week-1 Class-1 1/19	=== No class ===
Week-1 Class-2 1/21	Overview I	Read Chap 1.
Week-2 Class-1 1/26	Overview II
Week-2 Class-2 1/28	Crypto tools I: intro (chap 2, 20)
Week-3 Class-1 2/2	Crypto tools II: block ciphers (chap 2, 20)
Week-3 Class-2 2/4	Crypto tools III: public key cryptography (chap 2, 21)	Assignment 1 Release
Week-4 Class-1 2/9	Crypto tools IV: digital signatures (chap 2, 21)
Week-4 Class-2 2/11	Crypto tools V: message integrity (chap 2)
Week-5 Class-1 2/16	User authentication I (chap 3)
Week-5 Class-2 2/18	Lab Office Hours (in class)
Week-6 Class-1 2/23	User authentication II (chap 3)	Lab 1 due (Secret-Key Encryption)
Week-6 Class-2 2/25	Access control I (chap 4)	Research Paper Topic Selection, Assignment 2 Release
Week-7 Class-1 3/02	Access control II (chap 4)
Week-7 Class-2 3/04	Database security I (chap 5)
Week-8 Class-1 3/09	*** Midterm Review ***
Week-8 Class-2 3/11	*** Midterm Exam ***	Cyber - A107
Week-9 Class-1 3/16	Database security II (chap 5)
Week-9 Class-2 3/18	Malicious software (chap 6)	Research Paper due
Week-10 Class-1 3/23	=== Spring Break No class ===
Week-10 Class-2 3/25	=== Spring Break No class ===
Week-11 Class-1 3/30	Network security I: network concepts (chap 22)	Assignment 3 Release
Week-11 Class-2 4/01	Network security II: DoS attack (chap 7, 22)
Week-12 Class-1 4/06	Lab Office Hours (in class)
Week-12 Class-2 4/08	Network security III: DNS attack (chap 7, 22)	Lab 2 due (Packet Sniffing and Spoofing Lab)
Week-13 Class-1 4/13	Network security IV: Firewalls (chap 9)
Week-13 Class-2 4/15	Network security V: IDS (chap 8)
Week-14 Class-1 4/20	Software security I: function stack	Assignment 4 Release
Week-14 Class-2 4/22	Software security II: buffer overflow attack
Week-15 Class-1 4/27	Software security III: buffer overflow defense
Week-15 Class-2 4/29	OS Security (Chap 12)
Week-16 Class-1 5/04	Computer security ethics	Lab 3 due (Buffer-Overflow Attack Lab (Set-UID Version))
Week-16 Class-2 5/06	*** Final Exam Review ***
Final Exam 5/11 12:40PM-1:40PM	*** Final Exam (non-cumulative) ***	Cyber - A107

Resources

Required textbook:

• William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 5th edition, Pearson, 2024.

Additional resources:

• Charles Pfleeger and Shari Pfleeger, Security in Computing.
• William Stallings, Cryptography and Network Security, Principles and Practice.
• Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World.
• Edward Skoudis and Tom Liston, Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses.
• Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems.

Course Structure

We will have

1. Lectures.
2. Four non-graded homework assignments.
3. Five pop-up quizzes.
4. Three hands-on labs picked from SEED Lab.
5. One research paper.
6. Two exams.

All materials will be updated to Canvas.

Research Paper

Students are required to complete a research paper on the state-of-the-art of some computer security topic. Below are the paper requirements:

1. Pick a topic interesting to you and relatively specific (e.g., encryption of vehicle communications, not just encryption)
2. Paper should contain the following:
• Survey/summarization of 8 or more scholarly references (i.e., not some blog)
• Identify if there are any companies out there applying this research. If not, which one do you think would be (explain why you think so)
• If you had to extend the research, what direction would you take it?
3. IEEE format (Details).
4. Four pages of actual text (i.e. actual paper length minus pictures, charts, references, etc.)

Disclaimer

Some of the resources were borrowed from Prof. Ziming Zhao, some were borrowed from Mark Stidd, and a partial of the copyright belongs to Pearson Education, Inc.