EECS3482, Introduction to Computer Security, Winter 2017

***

EECS 3482, Winter 2017

***
Introduction to Computer Security

     Lecture Schedule:   M W, 17:30 - 19:00, DB 0007

     Instructor:    Natalija Vlajic
       E-mail:     vlajic @ cse.yorku.ca
       Office Hours:    M W, 14:00 - 15:00, LAS 2047

       TA:      Pooria Madani
       E-mail:    madani @ cse.yorku.ca

COURSE NEWS

Apr 16: Final exam grades, and preliminary final grades, are now available through ePost. Final exam solutions can be found here.
Apr 07: Lab 3, Lab 4, Lab 5 grades are now available through ePost.
Mar 29: Office hours for the week of April 3: Wednesday, April 5, 12:00 - 14:00.
Mar 29: Final exam will be held on Friday, April 7, 14:00 (location: ACW 006). The exam will be closed book and closed notes. The use of a simple calculator is allowed. 45% of the exam will be related to the material discussed in class before the midterm, and 55% to the material discussed after the midterm. A sample Final exam from W 2016 can be accessed here.
Mar 20: The presentation date for Teams 19 and 20 have changed from April 5 to April 3!
Mar 10: Midterm grades are now available through ePost. Midterm solutions can be accessed from here.
Mar 5: Lab 1 and Lab 2 grades are now available through ePost. (Lab 1 grade is out of 32, and Lab 2 out of 20.)
Feb 23: Midterm exam will be held on Wednesday, Mar 1, at the beginning of lecture. PLEASE ARRIVE ON TIME! The exam will be closed book and closed notes, and will cover all the material discussed in class up to and including the lecture of February 27. The use of a simple calculator is allowed. A sample midterm from W 2016 can be accessed here.
Jan 23: EECS 3482 Labs are starting this week. Time: Wednesday, 12:30. Location LAS 1004. Please arrive on time!
Jan 09: Mini project information.
Jan 09: Classes start.

Course Information:
Textbook and Recommended Reading Material
Prerequisite
Course Description
Grading Scheme
Course Schedule

Course Policies:
Late Assignments and Missed Midterm
Academic Honesty

Course Schedule (Topics, Notes, Required Reading, Assignments)

Week	Date	Topic / Notes	Lab Schedule	Student Presentations
1	M, Jan 9	Black Market for Stolen Credit Cards
	W, Jan 11	Introduction: Basic Concepts & CIA
2	M, Jan 16	Introduction: Categories of Security Threats
	W, Jan 18	Introduction: Malware-based Attacks
3	M, Jan 23	Introduction: Other Software Attacks		Team 1: Tsymbal, Abuasab, Reyes Bitcoin
	W, Jan 25	Steganography: Part 1	Lab 1 - group A	Team 2: Azari, Kalantari, Amini Fraud in Digital Advertising
4	M, Jan 30	Steganography: Part 2 Cryptography: Part 1		Team 3: Truong, Mierzwa, Bae DDoS Trends
	W, Feb 1	Cryptography: Part 2	Lab 1 - group B	Team 4: Aolaritei, Nowak, Agyapong Deep and Dark Web
5	M, Feb 6	Cryptography: Part 3		Team 5: Ng, Ou, Yao USB Drop & USB Kill Attack
	W, Feb 8	Cryptography: Part 4	Lab 2 - group A	Team 6: Koren, Mujahid, Chowdhury Medical Devices Security
6	M, Feb 13	Security Management: Part 1		Team 7: Maithani, Patel, Modgil Security Trends of 2016
	W, Feb 15	Security Management: Part 2 Access Control: Part 1	Lab 2 - group B	Team 8: Huang, Hou, Wang ATM Skimming
Reading Week
7	M, Feb 27	Access Control: Part 2		Team 9: Martinenco, Averbach, Ahmed Mobile Device Security
	W, Mar 1	Midterm Exam	Lab 3 - group A
8	M, Mar 6	Access Control: Part 3 Password Cracking: Part 1
	W, Mar 8	Password Cracking: Part 2 March 10 - last date to drop course	Lab 3 - group B	Team 10: Xuan, Singh, Asad Social Media Security and Privacy
9	M, Mar 13	Security Risk Management: Part 1		Team 11: Loja, Virk, Chow Security and Privacy of Wearable Devices
	W, Mar 15	Security Risk Management: Part 2	Lab 4 - group A	Team 12: Shahrami, Abou-Nassar, Morsi KillDisk (and Its Use in Hacks in Ukraine)
10	M, Mar 20	Security Risk Management: Part 3		Team 13: Tran, Jiang, Mahmood Automotive Cybersecurity
	W, Mar 22	*Guest Lecture* Pius Ndebele, IT Audit Manager, RBC	Lab 4 - group B	Team 14: Lamb, Trivedi, Bickram DNSChanger Attack
11	M, Mar 27	DDoS Attacks		Team 15: Zheng, Thayer, Chaudhry Cybercrime as a Service
	W, Mar 29	Law and Ethics: Part 1	Lab 5 - group A	Team 16: Cardona, Mule, Sawicki Locky Ransomware
12	M, Apr 3	Law and Ethics: Part 2		Team 17: Matthews, El Masri, Jaramillo IoT Security Team 18: Fan, Li, Huang Cloud Security Team 19: Kim, Lin, Chen Ransomware Evolution Team 20: Farhad, Milovanovic, Manjra Mirai IoT Botnet
	W, Apr 5	no lecture	Lab 5 - group B
Final Exam: Friday, April 7, 14:00 (ACW 006)

Textbook

"Computer Security: Principles and Practice", W. Stallings, L. Brown, Pearson Education, 2014, 3rd Edition.

Recommended Reading Material:

"Management of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2014, 4th Edition.
"Elements of Information Security", R. E. Smith, Jones & Bartlett Learning, 2013.
"Cryptography and Network Security", B. A. Forouzan, McGraw Hill, 2008.
"Information Security: The Complete Reference", M. Rhodes-Ousley, Mc Graw Hill, 2013, 2nd Edition.
"Principles of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2012, 4th Edition.
"Hacker Techniques, Tools, and Incident Handling", S. P. Oriyano, Jones & Bartlett Learning, 2014, 2nd Edition.
"Security Risk Management", E. Wheeler, Elsevier, 2011.
"Guide to Network Defense and Countermeasures", R. Weaver, Nelson Education / CENGAGE Learning, 2014, 3rd Edition.
"Security+ Guide to Network Security Fundamentals", M. Ciampa, Nelson Education / CENGAGE Learning, 2012, 4th Edition.
"CISSP: Certified Information Systems Security Professional: Study Guide", J. M. Stewart, M. Chapple, C. Gibson, Wiley, 2012, 6th Edition.
"Corporate Computer Security", R. J. Boyle, R. R. Panko, Prantice Hall, 2015, 4th Edition.
"Build Your Own Security Lab: A field guide for network testing", M. Gregg, Wiley, 2008.
"Applied Information Security: A Hands-On Guide to Information Security Software", R. Boyle, Prentice Hall, 2014, 2nd Edition.
"Laboratory Manual to Accompany Hacker Techniques, Tools and Incident Handling", Jones & Bartlett Learning, 2013.

Prerequisite

Any 12 university credits at the 2000-level in any discipline.

Course Description

This course introduces students to the basic concepts, goals and terminology of computer security. It provides a general overview of the computer security body of knowledge with an emphasis on the risk-based mindset that a computer security professional needs to have. Students will be exposed to both the theoretical and the practical aspects of computer security (the lab sessions will include security case studies as well as exercises using modern security tools).

Grading Scheme

5 Labs - 15% (3% each)
Mini Project on Current Topics in Computer Security - 5%
Midterm - 40%
Final - 40%

Late Assignments and Missed Midterm

Late assignments will not be accepted, unless a prior arrangement is made with the instructor.
Makeups of missed midterm exams are only possible in extremely exceptional situations (such as verifiable medical emergencies) or by arrangement well prior to the exam, provided there is an extremely compelling reason.

Academic Honesty
"The Department takes the matter of academic honesty very seriously. Academic honesty is essentially giving credit where credit is due. And not misrepresenting what you have done and what work you have produced. When a piece of work is submitted by a student it is expected that all unquoted and uncited ideas and text are original to the student. Uncited and unquoted text, diagrams, etc., which are not original to the student, and which the student presents as their own work is considered academically dishonest."
For more see: Department of Computer Science Academic Honesty Guidelines

Mini Project on Current Topics in Computer Security

The goal of Mini Project is to provide students with an opportunity to conduct independent Internet-based research on a security-related topic of their interest, as well as to practice their team-work and presentation skills.
In particular, during the course of the term, teams comprising 3 students each will conduct a study on a current topic in computer/information/cyber security. The findings of this study will subsequently be presented to the class in the form of a 5-min presentation.
Further details concerning the project's scope, timeline, as well as the final presentation tips and requirements are provided in the following document: Mini Project - Tips, Requirements and Timeline.

Mini Project: Important dates
- by January 16:   Teams of 3 students formed. Presentation dates determined. Presentation topic selected.
- at least one week before Team X presentation:   Team X confirms their topic selection.
- Friday/Sunday before Team X presentation:   Team X emails a preliminary copy of their presentation to the instructor.