CSE 3482, Winter 2016

aaa EECS 3482 Introduction to Computer Security Winter, 2016
Lecture Schedule: Mon 10:30 - 13:30, BRG 217 Instructor: Natalija Vlajic (vlajic @ cse.yorku.ca) Office Hours: Tue and Thu 13:00 - 14:00 (LAS 2047) TA: Pooria Madani (madani @ cse.yorku.ca)

Course News

Apr 26: Lab 5 grades, final exam grades, and preliminary final grades, are now available through ePost. Final exam solutions can be found here.
Apr 4: Final exam will be held on Saturday, Apr 16 (location: LSB 103). The exam will be closed book and closed notes. The use of a simple calculator is allowed. 35% of the exam will be related to the material discussed in class before the midterm, and 65% to the material discussed after the midterm. A sample Final exam from W 2015 can be accessed here. (Q8 does not apply!)
Mar 28: Lab 4 grades are now available through ePost.
Mar 22: Lab 3 grades are now available through ePost.
Feb 29: Makeup of Lab 3 for Group 1 is scheduled for Wednesday, March 9, 14:30 - 16:30 - right after the regular (Lab 4) session.
Feb 29: Midterm grades are now available through ePost. Midterm solutions can be accessed from here.
Feb 22: Lab 1 and Lab 2 grades are now available through ePost.
Feb 8: Midterm exam will be held on Monday, February 22, at the beginning of lecture (10:30 am). MIDTERM LOCATION: PSE 321. Please note the location of the midterm is different from the standard lecture location!!! The exam will be closed book and closed notes, and will cover all the material discussed in class up to and including the lecture of February 8. A sample midterm from W 2015 can be accessed here.
Jan 18: EECS 3482 Laboratories are starting this week. Time: Wednesday, 12:30. Location: LAS 1002.
Jan 18: Jan 11 lecture notes updated (see slides 27 - 33).
Jan 11: Classes begin. Location: BRG 217.
Jan 4: Class cancelled due to instructor's illness.

Course Information:

Textbook and Recommended Reading Material
Course Description
Prerequisite
Grading Scheme

Course Material:

Course Schedule & Notes

Course Policies:

Late Assignments and Missed Midterm
Academic Honesty

Course Schedule & Notes:

Week	Date	Topic	Required Reading	Lab Dates	Student Presentations
1	M, Jan 4	*class cancelled*
2	M, Jan 11	Introduction: Security CIA			Credit Card Fraud (2015)
3	M, Jan 18	Introduction: Security Threats	Stallings, Ch 1. & Ch. 6	LAB 1 Group 1
4	M, Jan 25	Introduction: Software Attacks Steganography (part 1)	...	LAB 1 Group 2	Team 1: Cloud Security (F.D.Khan, M.J.Khan, H. Ahmed) Team 2: Silk Road (C.Tushar, I.Sheharyar, H.Talha)
5	M, Feb 1	LAB2: What you need to know Steganography (part 2) Cryptography (part 1)	Stallings Ch. 2 Stallings Sections 20.2, 20.3, 21.3, 21.4	LAB 2 Group 1	Team 3: Social Media Hacks (G.Sherman, A.A.Gailani, G.Zhang) Team 4: Metasploit (Y.Ismail, P.W.Zhou, T.Mohiuddin)
6	M, Feb 8	Cryptography (part 2)	...	LAB 2 Group 2	Team 5: XcodeGhost (Y.Ji, S.Yi, S.H.Back) Team 6: Caller ID Spoofing (M.Adda, K.Saleem, J.Ramos)
Reading Week
7	M, Feb 22	*Midterm* Security Management (part 1)	Stallings Ch. 15	LAB 3 Group 1	Team 7: The Carbanak Hack (R.Samanta, A.Scheuhammer, A.Cochet) Team 8: DDoS Attacks and Botnets (Y.Liu, H.Patel, M.Soon)
8	M, Feb 29	Security Management (part 2) Access Control (part 1)	Stallings Ch. 3 & 4	LAB 3 Group 2	Team 9: MrBlack Malware (B.A.Ching, Y.Zhou, A.Neelands) Team 10: Bitcoin (A.S.Ahmed, A.Bahri, K.Thiruchelvam)
9	M, Mar 7	Access Control (part 2) Password Cracking	...	LAB 4 Group 1	Team 11: Deep & Dark Web (M.Zhang, C.Yan, M.Williams) Team 12: Attacks on eBay (D.Zhou, J.Sidhu, R.Sakhuja)
10	M, Mar 14	Hashing Security Risk Management (part 1)	Stallings Sections 14.3 & 14.4	LAB 4 Group 2	Team 13: Adobe's Security Blunder (C.Celante, L.Oliveira, J.Salamone) Team 14: LastPass Hack (R.Abarrota, S.Merante, M.Bandali)
11	M, Mar 21	*Guest Lecture* Ed Ng, Vice President IT Audit, TD Bank Security Risk Management (part 2) DDoS Attacks (Lab 5 Material)	Stallings Ch. 7	LAB 5 Group 1	Team 15: Risk Based Authentication (R.Lauro, P.Yan, B.Bassiouny) Team 16: (in)Securities of Java (J.Sor, D.Palombo, R.Khudher)
12	M, Mar 28	Security Risk Management (part 3) Law and Ethics		LAB 5 Group 2	Team 17: Evolution of Ransomware (O.Masood, X.Charles, S.V.Chopra) Team 18: Security of Critical Systems (R.Halim, K.Mcintosh, P.Mishra) Team 19: Mobile Malware (M.E.Kabir, R.Sheikh, A.Rasool) Team 20: Phishing Statistics & Defences (A.Bhayana, R.Davidov)
Final Exam: Saturday, April 16, 9:00 - 12:00

Textbooks:

"Computer Security: Principles and Practice", W. Stallings, L. Brown, Pearson Education, 2014, 3rd Edition.

Recommended Reading Material:

"Management of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2014, 4th Edition.
"Elements of Information Security", R. E. Smith, Jones & Bartlett Learning, 2013.
"Cryptography and Network Security", B. A. Forouzan, McGraw Hill, 2008.
"Information Security: The Complete Reference", M. Rhodes-Ousley, Mc Graw Hill, 2013, 2nd Edition.
"Principles of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2012, 4th Edition.
"Hacker Techniques, Tools, and Incident Handling", S. P. Oriyano, Jones & Bartlett Learning, 2014, 2nd Edition.
"Security Risk Management", E. Wheeler, Elsevier, 2011.
"Guide to Network Defense and Countermeasures", R. Weaver, Nelson Education / CENGAGE Learning, 2014, 3rd Edition.
"Security+ Guide to Network Security Fundamentals", M. Ciampa, Nelson Education / CENGAGE Learning, 2012, 4th Edition.
"CISSP: Certified Information Systems Security Professional: Study Guide", J. M. Stewart, M. Chapple, C. Gibson, Wiley, 2012, 6th Edition.
"Corporate Computer Security", R. J. Boyle, R. R. Panko, Prantice Hall, 2015, 4th Edition.
"Build Your Own Security Lab: A field guide for network testing", M. Gregg, Wiley, 2008.
"Applied Information Security: A Hands-On Guide to Information Security Software", R. Boyle, Prentice Hall, 2014, 2nd Edition.
"Laboratory Manual to Accompany Hacker Techniques, Tools and Incident Handling", Jones & Bartlett Learning, 2013.

Course Description:

This course introduces students to the basic concepts, goals and terminology of computer security. It provides a general overview of the computer security body of knowledge with an emphasis on the risk-based mindset that a computer security professional needs to have. Students will be exposed to both the theoretical and the practical aspects of computer security (the lab sessions will include security case studies as well as exercises using modern security tools).

Prerequisite:

Any 12 university credits at the 2000-level in any discipline.

Grading Scheme:

5 Labs - 15% (3% each)
Mini Project on Current Topics in Computer Security - 5%
Midterm - 40%
Final - 40%

Late Assignments and Missed Midterm:

Late assignments will not be accepted, unless a prior arrangement is made with the instructor.
Makeups of missed midterm exams are only possible in extremely exceptional situations (such as verifiable medical emergencies) or by arrangement well prior to the exam, provided there is an extremely compelling reason.

Academic Honesty:

"The Department takes the matter of academic honesty very seriously. Academic honesty is essentially giving credit where credit is due. And not misrepresenting what you have done and what work you have produced. When a piece of work is submitted by a student it is expected that all unquoted and uncited ideas and text are original to the student. Uncited and unquoted text, diagrams, etc., which are not original to the student, and which the student presents as their own work is considered academically dishonest." For more see: Department of Computer Science Academic Honesty Guidelines.

Mini Project on Current Topics in Computer Security

The goal of Mini Project is to provide students with an opportunity to conduct independent Internet-based research on a security-related topic of their interest, as well as to practice their team-work and presentation skills.
In particular, during the course of the term, teams comprising 3 students each will conduct a study on a current topic in computer/information/cyber security. The findings of this study will subsequently be presented to the class in the form of a 5-min presentation.
Further details concerning the project's scope, timeline, as well as the final presentation tips and requirements are provided in the following document: Mini Project - Tips, Requirements and Timeline.

Mini Project: Important dates
- by January 18:   Teams of 3 students formed. Presentation dates determined. Presentation topic selected.
- at least one week before Team X presentation:   Team X informs the instructor about their selected topic.
- Thursday before Team X presentation:   Team X emails a preliminary copy of their presentation to the instructor.