CS 450/650 Fundamentals of Integrated Computer Security
Department of Computer Science & Engineering
UNR, Spring 2010
Course Information -
ABET Criteria -
| Class hours
|| Monday & Wednesday, 11:00 am - 12:15pm @ PE 208
|| Dr. Mehmet H. Gunes
|| mgunes (at) cse (dot) unr (dot) edu
| Web page
|| SEM 230 (Scrugham Engineering-Mines)
| Office hours
|| Monday & Wednesday, 2:30 - 4:00 pm or by appointment
Network security, database and system security, access control, policy and ethics development, attacks,
and counter attack measures, security tools and malicious code, current trends and research.
The objective of this course is to cover principles of computer and network security
along with some relevant background in basic cryptography.
We will discuss various attack techniques and how to defend against them.
After completing this course, students will be able to analyze, design, and build secure systems of moderate complexity.
- Principles of Operating Systems (CS 446).
- An understanding of algorithmic complexity, operating systems, and networking protocols.
- C/C++ or Java programming experience in UNIX-like environment.
This is a tentative list of topics, subject to modification and reorganization.
- Introduction to computer security
- basic concepts
- threat models
- common security goals
- Cryptography and cryptographic protocols
- message authentication codes
- hash functions
- one-way functions
- public-key cryptography
- secure channels
- zero knowledge in practice
- Software security
- secure software engineering
- defensive programming
- buffer overruns and other implementation flaws
- language-based security
- sandboxing techniques
- Operating system security
- memory protection
- access control
- enforcement of security
- security evaluation
- trusted devices
- digital rights management
- Network and Web security
- intrusion detection systems
- DoS attacks and defense
- XSS attacks and defenses
- social engineering attacks
- Malicious code analysis and defense
- Advanced topics and case studies (to be chosen according to instructor and student interest)
- mobile code
- digital rights management and copy protection
- trusted devices
- denial of service and availability
- network based attacks
- security and the law
- electronic voting
- quantum cryptography
- penetration analysis
- Except this web page, all course materials will be posted at the WebCT.
- The organization of the course will evolve as the semester progresses.
I'm quite confident that it will be challenging but a fun course.
- Class participation in terms of asking questions is highly encouraged.
Please do not be afraid to ask questions no matter how simple you might think the answer could be.
This type of interaction helps improve the effectiveness of the class and breaks the monotony.
- Unless instructed otherwise, use of electronic devices including laptops are not allowed during lectures.
- Students are encouraged to bring articles, demos, web pages, news events, etc.
that are relevant to course topics to the attention of the instructor.
The success of the course depends on everyone in the class engaging the material and
bringing energy, enthusiasm, and intellect to class activities.
- Presentation slides will be available on the class web page.
I will try to put them up before each class meeting but no guarantees on that.
- Each student will write one blog entry at
http://UNRcs450.blogspot.com a lecture he/she is assigned to.
The blog should be at least a paragraph of 100 words and cover important points of the lecture.
Everyone is welcome to add comments and add new entries.
- Each student will prepare a 20 minute presentation on a security topic of their choice.
Students may choose any relevant topic with approval of the instructor.
You will be graded by your peers using the presentation evaluation form.
However, final grade will be decided by instructor.
- There will be four homework assignments. The lowest graded one will not effect your overall grade.
You may collaborate when solving the assignments, however when writing up the solutions you must do so on your own.
Late assignments will be penalized by 25% per day, except holidays.
Assignments will be accepted only through WebCT.
- Graduate students will grade homework assignments during the semester.
It is estimated that the load will be half of an assignment.
This grading will become the 4th homework grade for graduate students.
- There will be two lab assignments involving quite a bit of programming.
These lab assignments can be considered "mini-projects" that focus on building reliable code and understanding attacks.
They will require turning in code that compiles and runs properly and a report
documenting the program (specifications, implementation, user manual, etc.).
Late lab assignments will be penalized by 10% per day, except holidays.
Note that knowledge of C/C++ or Java in UNIX environment is required for these assignments.
- There will be four in-class quizzes. The lowest graded one will not effect your overall grade.
Exact date for these quizzes will not be exposed beforehand.
These quizzes will be open book/notes and extremely time-constrained, i.e., 15-20 mins.
Questions in these quizzes will be designed to give you an opportunity to test and
affirm your knowledge of the course content.
- There will be one midterm exam and one final exam.
You should plan on taking the exams on the scheduled times.
No late/early exams unless in case of an emergency situation such as health emergency
or similar un-avoid-able situations and you need to provide convincing documentation for it.
The exams will be closed books and closed notes. No calculators (unless otherwise stated)
and no other electronic devices such as laptops, cell phones, beepers, etc. should be used during the exam.
- There will be extra questions in assignments and exams for CS 650 students.
- All assignments and exams must be prepared strictly individually.
You are welcome to discuss the problems or solution strategies with your class mates
but the resulting work should be your own.
Copying from each other or from other sources is considered as cheating.
Any form of cheating such as plagiarism or ghostwriting will incur a severe penalty,
including failure in the course.
Please refer to the UNR policy on Academic Standards.
- From time to time, we may discuss vulnerabilities in computer systems.
This is not intended as an invitation to go exploit those vulnerabilities!
It is important that we be able to discuss real-world experience candidly; everyone is expected to behave responsibly.
Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse.
- If you have a disability for which you will need to request accommodations,
please contact the instructor or someone at the
Disability Resource Center
(Thompson Student Services - 101) as soon as possible.
Both grading policy and scale are subject to change.
Failure in either the assignments or the tests will result in failure in the course.
2 - Blog Entry
6 - Presentation
12 - Homework (3 of 4) - (CS 650 students: +1)
20 - Lab Assignments (2)
9 - Quizzes (3 of 4)
25 - Midterm Exam
26 - Final Exam
A : 87 - 100
B : 75 - 86
C : 63 - 74
D : 51 - 62
F : 0 - 50 (or caught cheating)
Important Note: You will have one week to appeal for your grades after the graded assignments/tests are returned.
So, please keep this in mind if you think that there is a problem/issue with the grading of your work.
ABET Accreditation Criterion 3 Program Outcomes that are relevant to this course are:
(1) An ability to apply knowledge of computing, mathematics, science, and engineering.
(2) An ability to design and conduct experiments, as well as to analyze and interpret data.
(3) An ability to design, implement, and evaluate a computer-based system, process, component, or program to meet desired needs, within realistic constraints specific to the field.
(8) The broad education necessary to analyze the local and global impact of computing and engineering solutions on individuals, organizations, and society.
(10) A knowledge of contemporary issues.
(11) An ability to use current techniques, skills, and tools necessary for computing and engineering practice.
(12) An ability to apply mathematical foundations, algorithmic principles, and computer science and engineering theory in the modeling and design of computer-based systems in a way that demonstrates comprehension of the tradeoffs involved in design choices.
This is a tentative schedule including the exam dates.
It is subject to readjustment depending on the time we actually spend in class covering the topics.
Permanent reading assignment: it is assumed that you are familiar with the contents of the slides of all past meetings.
|| Assignments & Notes
| Wed, Jan 20
|| Lecture #1: Introduction
| Mon, Jan 25
|| Lecture #2: Elementary Cryptography
| Wed, Jan 27
|| Lecture #3: Entropy
| Mon, Feb 1
|| Lecture #4: Data Encryption Standard
| Wed, Feb 3
|| Lecture #5: DES and Rivest-Shamir-Adelman
|| Homework 1: Cryptography
| Mon, Feb 8
|| Lecture #6: RSA
| Wed, Feb 10
|| Lecture #7: Advanced Encryption Standard and Cryptographic Hash Functions
| Mon, Feb 15
|| President's day (no class)
| Wed, Feb 17
|| Lecture #8: Secure Hash Algorithm
|| Lab 1: Cryptosystem Implementation and Analysis
| Mon, Feb 22
|| Lecture #9: Digital Signatures
Intrusion Prevention Systems by Justin
| Wed, Feb 24
|| Lecture #10: Key Exchange
MiTM attacks and ARP vulnerabilities by Christopher
| Mon, Mar 1
|| Lecture #11: Digital Certificates
| Wed, Mar 3
|| Lecture #12: Program Security
Trusted Computing by Jeffrey
| Homework 2: Cryptographic Systems and Program Security
| Mon, Mar 8
|| Lecture #13: Program Security (cont)
Virus Encryption by Joshua
| Wed, Mar 10
|| Midterm Exam
| Mon, Mar 15
|| Spring break (no class)
| Wed, Mar 17
|| Spring break (no class)
| Mon, Mar 22
|| Lecture #14: Program Flaws
| Wed, Mar 24
|| Lecture #15: Malicious Codes
Virtualization attacks and Redpill by Michael
| Mon, Mar 29
|| Lecture #16: Targeted Malware
History of Digital Rights Management by Alex
| Wed, Mar 31
|| Lecture #17: Operating System Security
Obscurity and Code Availability by Evander
| Homework 3: Password Cracking
| Mon, Apr 5
|| Lecture #18: Access Control
Trojan horse & Backdoor intrustion by Nathan
| Wed, Apr 7
|| Lecture #19: User Authentication
Quantum Cryptography by Jacob
| Mon, Apr 12
|| Lecture #20: Trusted Operating Systems
Password Cracking with Rainbow Tables by Spencer
| Wed, Apr 14
|| Lecture #21: Trusted Operating Systems
Non-Malicious Program errors by Gabriel
| Lab 2: Trusted Computing
| Mon, Apr 19
|| Elliptic Curve Cryptography by Anusha
Privacy and Social Networks by Hakan
Spam by Victor
Denial of Service Attacks by Clayton
| Wed, Apr 21
|| Website Vulnerabilities by Brian
WPA2 by Winway
Security Hardware by Zakary
Honeypots by Javier
| Mon, Apr 26
|| Lecture #22: Network Security
Packet Sniffing by Aarti
| Wed, Apr 28
|| Lecture #23: Network Threats
Hacking WEP by Troy
| Homework 4: O.S. and Network Security
| Mon, May 3
|| Lecture #24: Secure Communications
| Mon, May 10
at 9:45 am
| Final Exam
(Exam covers post-midterm material. However, students are expected to remember important pre-midterm concepts.)
Announcements regarding the course will be posted on this web page
and WebCT. Please check your WebCT e-mail daily.
- Jan 12, 2010 : Check out www.stopthehacker.com:
a very interesting startup on web security from a friend of mine.
- Jan 20, 2010 : Blog page for the course is at
- Jan 21, 2010 : Interested students may apply to
Research Experiences for Undergraduates,
Women’s Institute in Summer Enrichment, or
Summer Experience, Colloquium and Research in Information Technology.
- Feb 8, 2010 : I have uploaded the link for class presentation schedule on WebCT under announcements.
Indicate your preferred date and topic on the spread sheet.
- Mar 3, 2010 : Todays office hours are postponed to March 9th from 12:00 to 2:00pm.
- May 3, 2010 : We will have an overview session on Wednesday, May 5th at 12pm.
The session is mainly to help review material and attendance is optional.
Course Information -
ABET Criteria -
Last updated on May 3, 2010