CS 450/650 Fundamentals of Integrated Computer Security
Department of Computer Science & Engineering
UNR, Spring 2011
Course Information -
ABET Criteria -
| Class hours
|| Monday & Wednesday, 11:00 am - 12:15pm @ PE 208
|| Dr. Mehmet H. Gunes
|| mgunes (at) cse (dot) unr (dot) edu
| Web page
|| SEM 204 (Scrugham Engineering-Mines)
| Office hours
|| Monday & Wednesday, 2:30 - 4:00 pm or by appointment
Network security, database and system security, access control, policy and ethics development, attacks,
and counter attack measures, security tools and malicious code, current trends and research.
The objective of this course is to cover principles of computer and network security
along with some relevant background in basic cryptography.
We will discuss various attack techniques and how to defend against them.
After completing this course, students will be able to analyze, design, and build secure systems of moderate complexity.
- Principles of Operating Systems (CS 446).
- An understanding of algorithmic complexity, operating systems, and networking protocols.
- C/C++ or Java programming experience in UNIX-like environment.
This is a tentative list of topics, subject to modification and reorganization.
- Introduction to computer security
- basic concepts
- threat models
- common security goals
- Cryptography and cryptographic protocols
- message authentication codes
- hash functions
- one-way functions
- public-key cryptography
- secure channels
- zero knowledge in practice
- Software security
- secure software engineering
- defensive programming
- buffer overruns and other implementation flaws
- language-based security
- sandboxing techniques
- Operating system security
- memory protection
- access control
- authorization and authenticating
- enforcement of security
- security evaluation
- trusted devices
- digital rights management
- Network and Web security
- intrusion detection systems
- DoS attacks and defense
- XSS attacks and defenses
- social engineering attacks
- Malicious code analysis and defense
- Advanced topics and case studies (to be chosen according to instructor and student interest)
- digital rights management and copy protection
- trusted devices
- denial of service and availability
- network based attacks
- security and the law
- electronic voting
- quantum cryptography
- penetration analysis
- Except this web page, all course materials will be posted at the WebCT.
Blog page at http://UNRcs450.blogspot.com will be actively utilized, as well.
Students are encouraged to post articles, demos, web pages, and news events that are relevant to course.
- The organization of the course will evolve as the semester progresses.
I'm quite confident that it will be challenging but a fun course.
- Presentation slides will be available on the class web page.
I will try to put them up before each class meeting but no guarantees on that.
- Class participation in terms of asking questions is highly encouraged.
Please do not be afraid to ask questions no matter how simple you might think the answer could be.
This type of interaction helps improve the effectiveness of the class and breaks the monotony.
- Unless instructed otherwise, use of electronic devices including laptops are not allowed during lectures.
- Students are encouraged to bring articles, demos, web pages, news events, etc.
that are relevant to course topics to the attention of the instructor.
The success of the course depends on everyone in the class engaging the material and
bringing energy, enthusiasm, and intellect to class activities.
- Each student will prepare a 20 minute presentation on a security topic of their choice.
Students may choose any relevant topic with approval of the instructor.
You will be graded by your peers using the presentation evaluation form.
However, final grade will be decided by instructor.
- There will be five homework assignments. The lowest graded one will not affect your overall grade.
You may collaborate when solving the assignments, however when writing up the solutions you must do so on your own.
Late assignments will be penalized by 25% per day, except holidays.
Assignments will be accepted only through WebCT.
- Graduate students will grade homework assignments during the semester.
This grading will become the 4th homework grade for graduate students.
- There will be a project assignment involving research of a contemporary security issue.
The assignment will focus on building reliable systems and understanding possible attacks.
Late lab assignments will be penalized by 10% per day, except holidays.
- There will be four in-class quizzes. The lowest graded one will not affect your overall grade.
Exact date for these quizzes will not be exposed beforehand.
These quizzes will be open book/notes and extremely time-constrained, i.e., 15-20 mins.
Questions in these quizzes will be designed to give you an opportunity to test and
affirm your knowledge of the course content.
- There will be one midterm exam and one final exam.
You should plan on taking the exams on the scheduled times.
No late/early exams unless in case of an emergency situation such as health emergency
or similar un-avoid-able situations and you need to provide convincing documentation for it.
The exams will be closed books and closed notes. No calculators (unless otherwise stated)
and no other electronic devices such as laptops, cell phones, beepers, etc. should be used during the exam.
- There will be extra questions in assignments and exams for CS 650 students.
- You are welcome to discuss the problems or solution strategies with your class mates
but the resulting work should be your own.
Copying from each other or from other sources is considered as cheating.
Any form of cheating such as plagiarism or ghostwriting will incur a severe penalty,
including failure in the course.
Please refer to the UNR policy on Academic Standards.
- From time to time, we may discuss vulnerabilities in computer systems.
This is not intended as an invitation to go exploit those vulnerabilities!
It is important that we be able to discuss real-world experience candidly; everyone is expected to behave responsibly.
Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse.
- If you have a disability for which you will need to request accommodations, please contact the instructor or someone at the
Disability Resource Center (Thompson Student Services - 101) as soon as possible.
- Academic Success Services: Your student fees cover usage of the
Math Center (784-4433 or www.unr.edu/mathcenter) and
Tutoring Center (784-6801 or www.unr.edu/tutoring).
These centers support your classroom learning; it is your responsibility to take advantage of their services.
Keep in mind that seeking help outside of class is the sign of a responsible and successful student.
Both grading policy and scale are subject to change.
Failure in either the assignments or the tests will result in failure in the course.
6 - Presentation
16 - Homework (4 of 5) - (CS 650 students: +1)
16 - Project
12 - Quizzes (3 of 4)
50 - Exams (2)
A : 87 - 100
B : 75 - 86
C : 63 - 74
D : 51 - 62
F : 0 - 50 (or caught cheating)
Important Note: You will have one week to appeal for your grades after the graded assignments/tests are returned.
So, please keep this in mind if you think that there is a problem/issue with the grading of your work.
ABET Accreditation Criterion 3 Program Outcomes that are relevant to this course are:
(1) An ability to apply knowledge of computing, mathematics, science, and engineering.
(3) An ability to design, implement, and evaluate a computer-based system, process, component, or program to meet desired needs, within realistic constraints specific to the field.
(6) An understanding of professional, ethical, legal, security and social issues and responsibilities.
(7) An ability to communicate effectively with a range of audiences.
(8) The broad education necessary to analyze the local and global impact of computing and engineering solutions on individuals, organizations, and society.
(10) A knowledge of contemporary issues.
(11) An ability to use current techniques, skills, and tools necessary for computing and engineering practice.
This is a tentative schedule including the exam dates.
It is subject to readjustment depending on the time we actually spend in class covering the topics.
Permanent reading assignment: it is assumed that you are familiar with the contents of the slides of all past meetings.
|| Assignments & Notes
| Wed, Jan 19
|| Lecture #1: Introduction
| Mon, Jan 24
|| Lecture #2: Elementary Cryptography
| Wed, Jan 26
|| Lecture #3: Entropy
| Mon, Jan 31
|| Lecture #4: Data Encryption Standard
| Wed, Feb 2
|| Lecture #5: How to give a talk
| Mon, Feb 7
|| Lecture #6: Advanced Encryption Standard
|| Homework 1 due Feb 14 at 11am
| Wed, Feb 9
|| Lecture #7: Advanced Persistent Threats
| Mon, Feb 14
|| Lecture #8: Algorithm Background
| Wed, Feb 16
|| Lecture #9: Rivest-Shamir-Adelman
| Mon, Feb 21
|| President's day (no class)
| Wed, Feb 23
|| Lecture #10: Cryptographic Hash Functions
| Mon, Feb 28
|| Lecture #11: Digital Signatures
|| Project (1st step) due Mar 28 at 11am
| Wed, Mar 2
|| Lecture #12: Key Exchange
|| Homework 2 due Mar 9 at 5pm
| Mon, Mar 7
|| Lecture #13: Digital Certificates
| Wed, Mar 9
|| Midterm Exam
| Mon, Mar 14
|| Spring break (no class)
| Wed, Mar 16
|| Spring break (no class)
| Mon, Mar 21
|| Lecture #14: Program Security
| Wed, Mar 23
|| Lecture #15: Internet anonymity
| Mon, Mar 28
|| Lecture #16: Malicious Codes
| Wed, Mar 30
|| Lecture #17: Targeted Malware
| Homework 3 due Apr 11 at 11am
| Mon, Apr 4
|| Lecture #18: Operating System Security
| Wed, Apr 6
|| Lecture #19: Operating System Security (cont)
|| Project due May 2 at 11am
| Mon, Apr 11
|| Lecture #20: Inferring Private Information Using Social Network Data
by Dr. Kantarcioglu at SEM 347.
| Wed, Apr 13
|| Lecture #21: Trusted Operating Systems
|| Homework 4 due Apr 20 at 11am
| Mon, Apr 18
|| Lecture #22: Trusted Operating Systems
| Wed, Apr 20
|| Lecture #23: Network Threats
| Mon, Apr 25
|| Lecture #24: Secure Communications
|| Homework 5 due May 4 at 11am
| Wed, Apr 27
|| Lecture #25: 802.11 security
TCP Split Handshake Attack
| Mon, May 2
|| Lecture #26: WPA2 vulnerabilities
| Mon, May 9
at 9:45 am
| Final Exam
(Exam covers post-midterm material. However, students are expected to remember important pre-midterm concepts.)
Announcements regarding the course will be posted on this web page
and WebCT. Please check your WebCT e-mail daily.
Course Information -
ABET Criteria -
Last updated on May 3, 2011