Instructor: Dr. Melissa Danforth (she/her)
Office Hours: MTuWThF 12:00-1:00pm via Discord and Zoom (link posted on Moodle)
Email: melissa@cs.csub.edu or mdanforth@csub.edu
Other: You can direct message me on Discord to contact me at any time I am at
the campus computer. There is also a class channel to talk with other students.
Moodle website:
https://moodle3.cs.csub.edu/course/view.php?id=63
Course meets MW 4:00-5:15pm (lecture) and Tu 4:00-6:30pm (lab) on Zoom
(Zoom information will be posted on Moodle).
General Class Structure:
- First Monday (August 23rd): Attendance is required for class overview.
- Mondays and Wednesdays (lecture days): Attendance is optional, but strongly
encouraged. Lecture will be on textbook material and additional materials
relevant to the week's topics. Lectures will be recorded. Some Mondays
will not have a Zoom meeting due to a campus meeting I occasionally have
on Mondays that overlaps this course. Those days will be noted on Moodle
and a prerecorded lecture will be available.
- Tuesdays (lab days): Attendance is optional, but strongly encouraged.
Demos of the labs will be given over Zoom and I will be available in Zoom
/ Discord to help with labs. Think of lab days as dedicated office hour /
study group time to get the assignments completed for the course. Only
the demo will be recorded, but not any subsequent discussions.
Contact me if you have any issues with attending sessions, such as Internet
issues, power outages, technical difficulties, work conflicts, or other
university excused absences.
Webcams will not be required of students. I have configured Zoom to allow
phone call-ins and to mask phone numbers for those who have to call in to
attend.
Recording is set to record the speaker, shared screen, and public chat. This
means the recording will capture anything in the public chat and
anything said over audio, but it will not capture the "gallery view" of the
course. So if you do not wish to have your name appear in the recording, you
can private chat questions to me and I will anonymously relay them to the
course, then answer them.
Videos of the lectures and lab demos will be posted to Moodle after processing
and closed-captioning. Give at least a few days for that to occur (longer if
the automatic closed-captioning requires significant editing).
Working in teams or groups is optional in this course. If you do opt to form
a team for the project or work in groups on the optional group lab assignments,
virtual collaboration options include git, Slack, Discord, Zoom, MS Teams, and
so on. If you opt for a face-to-face team or group meeting, you must adhere to
all current campus COVID-19 policies and procedures regarding face-to-face
meetings.
Fundamentals of network and computer security and information assurance.
Topics covered include basic cryptography, authentication, access control,
formal security policies, assurance and verification, trusted OS design, and
network attacks. Methods to provide better security at both the system and
network level will be presented, particularly with respects to risk analysis,
cost-benefit analysis, and psychological acceptability. Ethics and legal
issues related to security research will also be discussed.
Catalog Prerequisites: CMPS 2020 with a grade of C- or better and either
CMPS 3620 or CMPS 3650
Knowledge of programming languages in C/C++ family
Knowledge of TCP/IP networking and/or digital forensics
4 semester units. 3 units lecture (150 minutes), 1 unit lab (150 minutes).
As a 4000-level elective course, students are expected to engage in independent
learning in this course through reading assignments, case studies, and a
project. Critical thinking, independent evaluation, and troubleshooting are
important traits for the cybersecurity profession.
Since the textbook is freely available online through multiple sources,
including the author's own homepage, lectures after the first week will assume
that you have completed the reading assignments. While the lectures will cover
some of the textbook concepts, particularly the more complicated concepts, the
lectures will primarily focus on exploring examples, applications of the
concepts, and scenarios to provide a deeper understanding of the concepts.
Additional materials may also be brought in from other sources during the
lectures to provide more breadth and/or depth on the concepts.
Most labs will require the use of virtual machines (VMs). The department has
a subscription service to VMware which provides students with a free one-year
license to VMware software for Linux, Windows, and Mac. Accounts will be
emailed to you at the start of the class.
Plan to spend an average of 8-12 hours outside of class each week on this
course. More time may be required in some weeks.
Selected elective for CS
Security Engineering, 2nd edition. Ross Anderson. Wiley, 2008.
ISBN: 978-0-470-06852-6.
Multiple free sources of this textbook exist:
Computer Security: Art and Science, 2nd edition. Matt Bishop. Addison-Wesley,
2019, ISBN-13: 978-0-321-71233-2.
http://nob.cs.ucdavis.edu/book/
(Note: There is an abridged version of the book available that is titled
"Introduction to Computer Security" by Matt Bishop)
Supporting articles and current events relating to the course will be posted
on the Moodle site.
Melissa Danforth
This course covers the following ACM/IEEE CS2013 (Computer Science)
Body of Knowledge student learning outcomes:
- CS-HCI/Human Factors and Security
- CS-IAS/Foundational Concepts in Security
- CS-IAS/Principles of Secure Design
- CS-IAS/Threats and Attacks
- CS-IAS/Network Security
- CS-IAS/Cryptography
- CS-SP/Professional Ethics
The course maps to the following student learning outcomes for Computer Science
(CAC/ABET):
- 1. An ability to analyze a complex computing problem and to apply principles
of computing and other relevant disciplines to identify solutions.
-
Critical thinking and analyzing a situation are foundational skills for
cybersecurity which will be developed throughout this course.
- 3. An ability to communicate effectively in a variety of professional contexts.
-
Students will complete a survey project and present a summary of their
findings to the others in the class.
- 4. An ability to recognize professional responsibilities and make informed
judgements in computing practice based on legal and ethical principles.
-
Cybersecurity is intrinsically tied to ethics and legal principles. A strong
ethical foundation and an understanding of some relevant legal issues will
be developed in this course.
| Week | Chapter(s) | Topics |
|---|
| 1 |
Outside Materials |
Ethics of security research, Responsible disclosure, Legal foundations |
| 2 |
Chapter 5 |
Basics of cryptography, Historic ciphers, Block ciphers |
| 3 |
Chapter 5 |
Block chaining, DES and AES, Hash functions |
| 4 |
Chapter 5 |
Public key encryption, Uses of cryptography |
| 5 |
Chapters 2 and 3 |
Identity, Authentication, Secure authentication |
| 6 |
Chapters 2 - 4 |
Passwords, Access control |
| 7 |
Chapter 8 and Outside Materials |
Mandatory access control, Bell-LaPadula model, Biba model, Lattice model |
| 8 |
Chapters 9 and 10 |
Conflict of interest model, Clark-Wilson model |
| 9 |
Chapter 22 25 |
Secure design, Trusted operating systems |
| 10 |
Chapters 22 25, 26, and Outside Materials |
Saltzer-Schroeder principles, Evaluation of OSes, Formal vs informal evaluation |
| 11 |
Chapter 26 |
Evaluation history and current methods: Red Book, Green Book, British Criteria, Common Criteria |
| 12 |
Chapter 21 |
Network attacks, Types of malware |
| 13 |
Chapter 21 |
Vulnerability classification, Prevention and mitigation |
| 14 |
Chapters 21 and 2 |
Intrusion detection and prevention systems, Social engineering, Advanced persistent threats |
| 15 |
None |
Project presentations |
Specific reading assignments for each week will be posted to the Moodle site.
Students are responsible for their own attendance. The topics covered
in lecture will be listed on Moodle. Recordings of the classes will be
posted to Moodle after processing.
Over the course of the term, there will be classroom discussions on
contentious issues in cybersecurity, such as discussing various approaches
to disclosing vulnerabilities. Opinions will differ, sometimes drastically,
during these discussions, hence why they are matters of debate within the
cybersecurity field. Students are expected to be civil to, and respectful
of, one another during these discussions.
You may discuss the assignments with others in the class. There is also the
class text channel on my Discord server for discussions.
If the assignment is a group assignment, the group can turn in one assignment
for the entire group. If the assignment is an individual assignment,
each student must turn in their own work in their own words; no direct
copying from any source is allowed.
Refer to the Academic Integrity policy in the campus catalog and class
schedule for more details. You can also refer to the Academic Integrity
policy at the Office of Student Rights and Responsibilities at
https://www.csub.edu/osrr/
To request academic accommodations, please contact the Office of Services
for Students with Disabilities (SSD) and email me an accommodations letter from
the SSD Office. Policies from the SSD Office relating to accommodations, such
as scheduling policies for using their testing center, must also be followed.
For more information about the services and policies of the SSD Office, contact
their staff by email and/or visit their website at
https://www.csub.edu/ssd/
If you are experiencing challenges related to basic needs, such as food
insecurity, housing insecurity, or other challenges, there are resources
available to you.
The campus Food Pantry, located next to the Student Union, is open and
available to all students, staff, and faculty. Please visit the
Food Pantry website for hours and information at
https://www.csub.edu/sustainability/foodpantry/.
Information about food distributions, CalFresh, and other food resources
can be found at
https://www.csub.edu/basicneeds/food-security.
Information about food assistance at the Antelope Valley campus is at
https://www.csub.edu/basicneeds/resources-students-csub-av-campus
For housing concerns, please contact Jason Watkins, Assistant Director for
Basic Needs, at 654-3360 or Ashley Scott, the Assistant Director of Housing.
You can find more information about housing assistance and contact email
addresses at
https://www.csub.edu/basicneeds/housing-stability
More information on basic needs assistance is on the Basic Needs website:
https://www.csub.edu/basicneeds
This continues to be a trying time mentally, physically, and with work / life
balance issues. If you need additional time for assignments due to your
current situation, please contact me to discuss the options available to you.
Similarly, should something come up unexpectedly in my life that affects a
class meeting, I will let everyone know through the Moodle Announcements board,
which will also send a notification email to the email address you have on
your Moodle profile.
The CSUB Counseling Center has both regular-hours and after-hours counseling
services available. Call 654-3366 to connect with their services. After their
normal operating hours, you can press 2 at any time to connect to the
after-hours service. More information is at
https://www.csub.edu/counselingcenter/
CSUB's Student Health Services is available for basic health care needs,
at little to no cost for CSUB students. You can find more information about
their services at
https://www.csub.edu/healthcenter/
Current information about CSUB's COVID-19 plans, policies, and resources can
be found at
https://www.csub.edu/covid-19
If you need help with technology, such as a loaner laptop and/or hotspot, ITS
has programs to provide technology assistance to students. Go to the following
ITS webpage to learn more about their programs:
https://its.csub.edu/step
The CEE/CS Department has academic software subscriptions available to students
enrolled in CMPS and ECE courses. This currently includes Microsoft, VMware,
and Mathematica. Go to the following page for more information:
https://www.cs.csub.edu/downloads.php
CSUB ITS also many software products available to students through the Virtual
Computer Lab (VCL). You will need to use your myCSUB credentials to access
VCL. To see the full list of software and to access VCL, go to
https://its.csub.edu/VCL
| Labs | 20% |
| Homework | 20% |
| Project and Project Milestones | 20% |
| Midterm | 20% |
| Final | 20% |
Grades are posted on Moodle. Note: Moodle does not penalize your grade for
any ungraded assignments, so it will show your "current" overall percentage
based off the classwork graded to-date.
It is your responsibility to check Moodle for grades and any comments on
assignments. If you believe you submitted your assignment on time but the
comment field says "assignment not received", contact me.
Lab assignments will be posted on the course website. The labs are due
at 11:59pm on the following Monday. Partial credit will be given for
incomplete labs.
You may work on labs in groups of up to 3 students. If you work in a group,
only one student needs to submit the assignment, but make sure to put
everyone's names on the assignment submission. Only the students whose names
are on the assignment will get credit for the lab. If you are in a group but
are not the one submitting the assignment to Moodle, you may put a comment
in Moodle's Note field indicating who did submit the assignment for your
group.
Submit your work to Moodle and I will grade it during my next grading session.
Do NOT email your submission as the campus spam system sometimes silently
blocks emails with attachments.
Homework assignments and due dates will be posted on the course website.
Partial credit will be given for incomplete homework submissions.
Assignments must be turned in via the Moodle website. Do NOT email your
submission as the campus spam system sometimes silently blocks emails with
attachments.
Homeworks may be discussed with others in the class, but every student must
turn in their own assignments in their own words. Copying from other students,
the Internet, previous solutions, the textbook, etc. are all considered
violations of the Academic Integrity Policy.
Submissions must be in a standardized document format (e.g., ODT, DOC, DOCX,
PDF, PNG, JPEG, etc.). Avoid RTF format, as it has caused issues in the past.
Also, make sure to check your file after it has uploaded, to be sure there
were no upload errors.
You may also write your answers in the Moodle Notes section if you can
adequately answer them in Moodle's text box. Note that the Moodle text box
does not always properly handle metacharacters like < or &. If you have
a large number of these characters, it is safer to upload a file rather than
use the Moodle text box.
Moodle records the last time you edit the Notes field or upload a file as
the submission time for the assignment. You do not need to hit the "Submit"
button for me to see your work.
If you have drawn something out by hand, take a picture or use a scanner and
upload the image to Moodle. Please keep the file sizes reasonable, but also
make sure the image is legible.
If you submit multiple files, please name them in a fashion that indicates
what they contain, e.g. hw1_q2_drawing.jpg, hw2_part1.pdf, hw2_part2.pdf,
and so on.
If you have any difficulties submitting to Moodle, contact me or Steve Garcia
for help. Emailed submissions are not guaranteed to be accepted since my
email volume is so high and the spam detection software can silently drop
emails.
All students will select a topic in security and conduct a survey project
on that topic for this course. A list of potential topics will be posted
to Moodle, but students are also welcome to propose ideas that are not on
the list.
Each project will require the submission of a brief project proposal
(1-2 paragraphs) describing the topic for the project. Topics will be approved
by the instructor, or sent back for revision, to ensure that no one topic
gets selected too many times by people in the class. The proposal will be
part of the Project grade.
Topics will be approved on a first-come, first-served basis, based on the
submission/last-edit time for the proposal on Moodle. You may include a
"backup" second topic description in your proposal, in case too many students
who submitted proposals before you had already selected your first topic.
There will also be project milestones throughout the term to see what sort of
progress has been made on the project. These milestones will be either a
brief written report or a Zoom check-in meeting scheduled outside of the normal
class meeting times. The milestones will be part of the Project grade.
At the end of the term, everyone will give a brief (~10 minutes) presentation
about their project. The lecture and lab time slots in the last week and a
half of class will be used for presentations. A Moodle choice poll will be
set up for everyone to choose a presentation time slot. Students will also be
required to upload their slides to Moodle after their presentation. The
presentation will count for a majority of the Project grade.
The oral communication rubric used to assess the presentation will be posted
on Moodle.
The midterm will be given through Moodle as open-book, open-notes exam.
The midterm exam will be available on Moodle from 12:01am Monday October
11, 2021 to 11:55pm Tuesday October 12, 2021 (start of Week 8). When you
begin the midterm on Moodle, you will have a 2 hour and 30 minute countdown
timer to complete the exam.
NOTE: Make sure you begin the exam at least 2.5 hours BEFORE the end
of this 48-hour window. Moodle WILL stop all attempts promptly at 11:59pm on
Tuesday October 12th, regardless of how much time is left on your countdown
timer.
There will be no class meetings on October 11th and 12th to allow you to
focus on completing the midterm. I will be available by Discord or email
during the class meeting times if you have any questions on the exam.
If you have any connectivity, power, or technology issues that cause you to
lose connection to Moodle during the attempt, email me ASAP so I can reset
your attempt.
It is your responsibility to log in to Moodle and take the midterm during
this time frame. If you miss the midterm and you believe you have a valid
university excused absence, contact me as soon as possible and I will
evaluate the situation. For students where I approve the absence as an
excused absence, the final exam will count for both the midterm and final
weight in the grade calculation. For students without an approved excused
absence, the midterm exam will be recorded as a 0 in the grade calculation.
The final will be given through Moodle as open-book, open-notes exam.
The final exam time slot for this course is Monday December 13, 2021 from
5:00-7:30pm, but I will give you a 48-hour window to complete the final, just
like with the midterm.
Grades are due on Friday December 17th, so the window for this exam will be
from 12:01am on Sunday December 12th to 11:59pm on Monday December 13th to
give me sufficient time to grade the essay questions before grades are due.
NOTE: Just like with the midterm, make sure to start the final exam
at least 2.5 hours before the end of the window. Moodle will promptly stop
all attempts at 11:59pm on Monday December 13th regardless of the time left
on your countdown timer.
If you have more than two final exams scheduled on Monday December 13th and
you cannot take the exam on Sunday December 12th for any reason,
contact me at least ONE WEEK before the final exam to schedule an
alternative window.
Melissa Danforth on 18 August 2021.
Last update on 10 October 2021 to fix typo: Chapter 22 in topic list should
have been Chapter 25.
Approved by CEE/CS Department in Spring 2014
Effective Fall 2016