CS 450/650 Fundamentals of Integrated Computer Security
Department of Computer Science & Engineering
UNR, Fall 2014
Course Information -
ABET Criteria -
||Tuesday & Thursday, 1:00 - 2:15am @ PE 101
||Dr. Mehmet H. Gunes
||mgunes <at> unr.edu
||SEM 238 (Scrugham Engineering-Mines)
||Tuesday & Thursday, 11:00 - 12:30 am or by appointment
You may look at earlier courses from Spring 2010,
Spring 2012, and
Network security, database and system security, access control, policy and
ethics development, attacks, and counter attack measures, security tools and
malicious code, current trends and research.
The objective of this course is to cover principles of computer and network
security along with some relevant background in basic cryptography. We will
discuss various attack techniques and how to defend against them. After
completing this course, students will be able to analyze, design, and build
secure systems of moderate complexity.
- Principles of Operating Systems (CS 446).
- An understanding of algorithmic complexity, operating systems, and networking protocols.
- C/C++ or Java programming experience in UNIX-like environment.
- Charles P. Pfleeger, Shari Lawrence Pfleeger, "Security
in Computing", Prentice Hall, 4th edition.
- Charlie Kaufman, Radia Perlman, Mike Speciner, "Network
Security: Private Communication in a Public World", Prentice Hall, 2nd
- Matt Bishop, "Computer
Security: Art and Science", Addison-Wesleyl.
- Richard E. Smith, "Elementary
Information Security", Jones&Bartlet Learning.
This is a tentative list of topics, subject to modification and reorganization.
- Introduction to computer security
- Computer Security Concepts
- Threats, Attacks, and Assets
- Computer Security Technology and Principles
- Cryptographic Tools
- User Authentication
- Access Control
- Database and Cloud Security
- Malicious Software
- Denial-of-Service Attacks
- Intrusion Detection
- Firewalls and Intrusion Prevention Systems
- Software Security and Trusted Systems
- Buffer Overflow
- Software Security
- Operating System Security
- Trusted Computing and Multilevel Security
- Management Issues
- Security Management and Risk Assessment
- Human Resources Security
- Legal and Ethical Aspects
- Cryptographic Algorithms
- Symmetric Encryption and Message Confidentiality
- Public-Key Cryptography and Message Authentication
- Network Security
- Internet Security Protocols and Standards
- Internet Authentication Applications
- Wireless Network Security
- Except this web page, all course materials will be posted at the WebCampus.
- The organization of the course will evolve as the semester progresses.
I'm quite confident that it will be challenging but a fun course.
- Presentation slides are available on the class web page.
However, they might be modified before/during the lectures.
- Unless instructed otherwise, use of electronic devices including laptops
are not allowed during lectures and exams.
- Class participation in terms of asking questions is highly encouraged.
Please do not be afraid to ask questions no matter how simple you might
think the answer could be. This type of interaction helps improve the
effectiveness of the class and breaks the monotony.
- Students are encouraged to bring articles, demos, web pages, news events,
etc. that are relevant to course topics to the attention of the instructor.
The success of the course depends on everyone in the class engaging the
material and bringing energy, enthusiasm, and intellect to class
- Extra credit will be offered to the undergraduate students who attend the departmental colloquia (an extra point for two colloquium attendance). You will be reminded in class about upcoming talks but you should also check the colloquia page on a regular basis (http://www.cse.unr.edu/get-involved/colloquia/).
- There will be six in-class quizzes. The lowest graded one will not affect your overall grade. These quizzes will be closed book/notes and extremely time-constrained, i.e., 5-10 mins. Questions in these quizzes will be designed to give you an opportunity to test and affirm your knowledge of the course content.
- There will be six homework assignments. The lowest graded one will not affect your overall grade. You may collaborate when solving the assignments, however when writing up the solutions you must do so on your own. Late assignments will be penalized by 20% per day, except
holidays. Assignments will be accepted only through WebCampus.
- There will be five lab assignments. Providing hands on experience, the
assignments will provide in depth analysis of security protocols. Some lab
assignments will be scheduled in Reconfigurable Networking Lab in
SEM 211A and provide you an opportunity to experiment with networking
equipment. Late assignment reports will be penalized by 20% per day, except
- There will be one midterm exam and one final exam. You should plan on
taking the exams on the scheduled times. No late/early exams unless in case
of an emergency situation such as health emergency or similar un-avoid-able
situations and you need to provide convincing documentation for it. The
exams will be closed books and closed notes but a single page cheat sheet
(double side, letter) is allowed. No calculators (unless otherwise stated)
and no other electronic devices such as laptops, cell phones, beepers, etc.
should be used during the exam.
- There will be extra questions in assignments and exams for CS 650
- From time to time, we may discuss vulnerabilities in computer systems.
This is not intended as an invitation to go exploit those vulnerabilities!
It is important that we be able to discuss real-world experience candidly;
everyone is expected to behave responsibly. Breaking into other people's
systems is inappropriate, and the existence of a security hole is no
- Assignments and exams must be prepared strictly individually.
You are welcome to discuss the problems or solution strategies with your class mates but the resulting work should be your own.
Copying from each other or from other sources is considered as cheating.
Any form of cheating such as plagiarism or ghostwriting will incur a severe penalty, usually failure in the course.
Please refer to the UNR policy on Academic Standards.
- Surreptitious or covert video-taping of class or unauthorized audio recording of class is prohibited by law and by Board of Regents policy. This class may be videotaped or audio recorded only with the written permission of the instructor. In order to accommodate students with disabilities, some students may be given permission to record class lectures and discussions. Therefore, students should understand that their comments during class may be recorded.
- If you have a disability for which you will need to request accommodations, please contact the instructor or someone at the
Disability Resource Center (Thompson Student Services - 101) as soon as possible.
- Academic Success Services: Your student fees cover usage of the Math Center (784-4433 or www.unr.edu/mathcenter), Tutoring Center (784-6801 or www.unr.edu/tutoring), and University Writing Center (784-6030 orwww.unr.edu/writing_center. These centers support your classroom learning; it is your responsibility to take advantage of their services. Keep in mind that seeking help outside of class is the sign of a responsible and successful student.
Both grading policy and scale are subject to change. Failure in either the
assignments or the tests will result in failure in the course.
15 - Quiz (4 of 5)
15 - Homework Assignments (5 of 6)
20 - Lab Assignments (5)
50 - Exams (2)
A : 87 - 100
B : 75 - 86
C : 63 - 74
D : 51 - 62
F : 0 - 50 (or caught cheating)
Important Note: You will have one week to appeal for your
grades after the graded assignments/tests are returned. So, please keep this in
mind if you think that there is a problem/issue with the grading of your
ABET Accreditation Criterion 3 Program Outcomes that are relevant to this
(1) An ability to apply knowledge of computing, mathematics, science, and
(3) An ability to design, implement, and evaluate a computer-based system,
process, component, or program to meet desired needs, within realistic
constraints specific to the field.
(6) An understanding of professional, ethical, legal, security and social
issues and responsibilities.
(7) An ability to communicate effectively with a range of audiences.
(8) The broad education necessary to analyze the local and global impact of
computing and engineering solutions on individuals, organizations, and
(10) A knowledge of contemporary issues.
(11) An ability to use current techniques, skills, and tools necessary for
computing and engineering practice.
This is a tentative schedule including the exam dates. It is subject to
readjustment depending on the time we actually spend in class covering the
Permanent reading assignment: it is assumed that you are familiar
with the contents of the slides of all past meetings.
||Assignments & Notes
| Tue, Aug 26
|| Lecture #1: Security Overview
|| Chapter 1
| Thu, Aug 28
|| Lecture #2: Security Overview (cont)
|| Chapter 1
| Tue, Sep 2
|| Lecture #3: Cryptographic Tools
|| Chapter 2
| Thu, Sep 4
|| Lecture #4: Cryptographic Tools (cont)
|| Chapter 2
| Tue, Sep 9
|| Lecture #5: User Authentication
|| Chapter 3 - Homework 1 due
| Thu, Sep 11
|| Lecture #6: User Authentication (cont)
|| Chapter 3
| Tue, Sep 16
|| Lecture #7: Access Control
|| Chapter 4
| Thu, Sep 18
|| Lecture #8: Access Control (cont)
|| Chapter 4 - Lab 1 due
| Tue, Sep 23
|| Lecture #9: Database Security
|| Chapter 5
| Thu, Sep 25
|| Lecture #10: Cloud Security
|| Chapter 5 - Homework 2 due
| Tue, Sep 28
|| Lecture #11: Malicious Software
|| Chapter 6
| Thu, Oct 2
|| Lecture #12: Malicious Software (cont)
|| Chapter 7
| Tue, Oct 7
|| Lecture #13: Denial of Service Attacks
|| Chapter 8 - Lab 2 due
| Thu, Oct 9
|| Lecture #14: Intrusion Detection
|| Chapter 8
| Tue, Oct 14
|| Lecture #15: Firewalls
|| Chapter 9 - Homework 3 due
| Thu, Oct 16
|| Midterm Exam
| Tue, Oct 21
|| Lecture #16: Buffer Overflow
|| Chapter 10
| Thu, Oct 23
|| Lecture #17: Software Security
|| Chapter 11
| Tue, Oct 28
|| Lecture #18: Software Security (cont)
|| Chapter 11 - Lab 3 due
| Thu, Oct 30
|| Lecture #19: Operating System Security
|| Chapter 12
| Tue, Nov 4
|| Lecture #20: Trusted Computing and Multilevel Security
|| Chapter 13 - Homework 4 due
| Thu, Nov 6
|| Lecture #21: Trusted Computing and Multilevel Security (cont)
|| Chapter 13
| Tue, Nov 11
|| Veteran's day (no class)
| Thu, Nov 13
|| Lecture #22: Legal and Ethical Aspects
|| Chapter 19
| Tue, Nov 18
|| Lecture #23: Symmetric Encryption
|| Chapter 20 - Lab 4 due
| Thu, Nov 20
|| Lecture #24: Public-Key Cryptography
|| Chapter 21
| Tue, Nov 25
|| Lecture #25: Internet Security Protocols and Standards
|| Chapter 22 - Homework 5 due
| Thu, Nov 27
|| Thanksgiving (no class)
| Tue, Dec 2
|| Lecture #26: Internet Authentication Applications - Anonymity
|| Chapter 23
| Thu, Dec 4
|| Lecture #27: Network Security - Wireless Network Security
|| Chapter 24
| Tue, Dec 9
|| Lecture #28: Digital Currencies
|| Lab 5 due on Thursday
| Tue, Dec 16
|| Final Exam @ 5:00pm (Exam covers post-midterm material.
However, you are expected to remember important pre-midterm concepts.)
|| Homework 6 due
Announcements regarding the course will be posted on this web page and
WebCampus. Please check your WebCampus e-mail daily.
Course Information -
ABET Criteria -
Last updated on Dec 8, 2014