CSE 3482, Winter 2015

EECS 3482 Introduction to Computer Security Winter, 2015	`
Lecture Schedule: Mon and Wed 17:30 - 19:00, ACW 306 Instructor: Natalija Vlajic (vlajic @ cse.yorku.ca) Office Hours: Mon and Wed 14:00 - 15:00 (LAS 2047) TA: Yang Yang (yangcs @ cse.yorku.ca)

Course News

May 4: Preliminary final grades are now available through ePost.
May 4: Final exam solutions are available here.
Apr 21: Lab 3, 4 and 5 grades are now available through ePost.
Apr 9: Final exam will be held on Sunday, April 26, 10:00. The exam will be closed book and closed notes. The use of a simple calculator is allowed. 60% of the exam will be related to the material discussed in class after Feb 11 (i.e., after Midterm), and 40% to the material discussed before Feb 11. A sample Final exam from W 2014 can be accessed here.
Apr 9: Research Project & Presentation grades are now available through ePost (for students with an EECS account). A detailed breakdown of the grades will be provided/emailed on request.
Mar 25: IMPORTANT! Mini Project Teams 14 - 18 presentation times have changed. See the student presentation schedule below.
Mar 25: Makeup of Lab 3 will be held on Wednesday, April 15, at the usual time and place (LAS 1002, 12:30).
Feb 26: Lab 2 grades are now available through ePost.
Feb 24: Midterm solutions are available here.
Feb 24: Midterm and Lab 1 grades are now available through ePost.
Feb 9: Midterm exam will be held on Wednesday, February 11, in class. The exam will be closed book and closed notes, and will cover all the material discussed in class up to and including the lecture of February 9. A sample midterm from W 2014 can be accessed here.
Jan 20: EECS 3482 Laboratories are starting this week. Time: Wednesday, 12:30. Location: LAS 1002.
Jan 15: Jan 12 notes have been updated (see slides 29 - 36).
Jan 13: Mini Project Teams have been formed. Find your name and respective team in Student Presentations column of Course Schedule & Notes table. Contact the course instructor ASAP if your name is missing from this list and/or the provided information is incorrect.
Jan 5: IMPORTANT! Mini Project Teams and respective presentation dates must be determined by January 12. For more see: Mini Project - Tips, Requirements and Timeline.
Jan 5: Classes begin. Location: ACW 306.

Course Information:

Textbook and Recommended Reading Material
Course Description
Prerequisite
Grading Scheme

Course Material:

Course Schedule & Notes

Course Policies:

Late Assignments and Missed Midterm
Academic Honesty

Course Schedule & Notes:

Week	Date	Topic	Required Reading	Lab Dates	Student Presentations
1	M, Jan 5	Introduction			Sony Hack
	W, Jan 7	Introduction: Security CIA	Chapter 1
2	M, Jan 12	Introduction: Security Threats	Chapter 6
	W, Jan 14	Introduction: Security Threats (cont.)	...
3	M, Jan 19	Steganography - part 1			Team 1 [Chu, Rolfe, Danno] Shellshock (Bash Bug)
	W, Jan 21	Steganography - part 2		LAB 1 Group 1	Team 2 [Borges, Yoshiwara, Santos] Facebook, Twitter & Privacy
4	M, Jan 26	class cancelled
	W, Jan 28	Cryptography - part 1	Chapter 2	LAB 1 Group 2	Team 3 [Noori, Patabendi, Malik] Cyber Attack on Ebay
5	M, Feb 2	Cryptography - part 2 ... Lab 2 - what you need to know	Sections 20.2, 20.3, 21.3, 21.4		Team 4 [Lebon, Ratovonirina, Arshad] Heartbleed
	W, Feb 4	Cryptography - part 3	...	LAB 2 Group 1	Team 5 [Turky, Kapur, Nyima] Why to Start a Career in Cybersecurity
6	M, Feb 9	Cryptography - part 4	...		Team 6 [Emilrajan, Tacouri, Khodak] Lizard Squad Attack on Tor
	W, Feb 11	Midterm Exam		LAB 2 Group 2
Reading Week
7	M, Feb 23	Security Management & Policy - part 1	Chapter 15		Team 7 [Bassakyros, Nada, Sattu] Google No CAPTCHA reCAPTCHA
	W, Feb 25	Security Management & Policy - part 2	...	LAB 3 Group 1	Team 8 [Peng, Kang, Cheng] Security for Mobile Applications
8	M, Mar 2	Access Control - part 1	Chapter 3 & 4		Team 9 [Kresling, Abdelrazeq, Frimpong] Malware Causing Physical Damage: Case of German Steel Plant
Labor Disruption - classes cancelled
	W, Mar 11	Access Control - part 2 ... ...Password Cracking - part 1	...	LAB 3 Group 2	Team 10 [Soukup, Tran, Le] Cyberstalking
9	M, Mar 16	Password Cracking - part 2 ... Security Risk Management - part 1	Chapter 14		Team 11 [Aslamad, Hussaini, Ameri] Car Hacking
	W, Mar 18	Guest Lecture: ******* Pius Ndebele IT Audit Manager Royal Bank of Canada (RBC)		LAB 4 Group 1
10	M, Mar 23	***Security Risk Management - part 2	...		Team 12 [Abdullah, Patel, Pathmasiri] TorrentLocker
	W, Mar 25	Guest Lecture: ***** Dina Kamal** Partner at Deloitte Canada Enterprise Risk Services		LAB 4 Group 2
11	M, Mar 30	DDoS Attacks / Puppetnets	Chapter 7		Team 13 [Xie, Zhou, Zhang] Internet Censorship in China
	W, Apr 1	Security Risk Management - part 3	...	LAB 5 Group 1	Team 14 [Anh, Bhole, Bhivandkar] UI State Interface Attack
12	M, Apr 6	Legal and Ethical Aspects	Chapter 19		Team 15 [Cetinalp, Patel, Apelo] Bitcoin Security Team 16 [Tang, Shah, Yarchak] DarkHotel
	W, Apr 8	Intellectual Property	Section 19.2	LAB 5 Group 2	Team 17 [Buhari, Etedali, Sekyere] Medical Device Security Team 18 [Long, Liu, Zhang] Dyre Banking Trojan Team 19 [Dutta, Wu] SpoofedMe: Social Login Attack
Final Exam: Sun, Apr 26, 10:00

Textbooks:

"Computer Security: Principles and Practice", W. Stallings, L. Brown, Pearson Education, 2014, 3rd Edition.

Recommended Reading Material:

"Management of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2014, 4th Edition.
"Elements of Information Security", R. E. Smith, Jones & Bartlett Learning, 2013.
"Cryptography and Network Security", B. A. Forouzan, McGraw Hill, 2008.
"Information Security: The Complete Reference", M. Rhodes-Ousley, Mc Graw Hill, 2013, 2nd Edition.
"Principles of Information Security", M. E. Whitman, H. J. Mattord, Nelson Education / CENGAGE Learning, 2012, 4th Edition.
"Hacker Techniques, Tools, and Incident Handling", S. P. Oriyano, Jones & Bartlett Learning, 2014, 2nd Edition.
"Security Risk Management", E. Wheeler, Elsevier, 2011.
"Guide to Network Defense and Countermeasures", R. Weaver, Nelson Education / CENGAGE Learning, 2014, 3rd Edition.
"Security+ Guide to Network Security Fundamentals", M. Ciampa, Nelson Education / CENGAGE Learning, 2012, 4th Edition.
"CISSP: Certified Information Systems Security Professional: Study Guide", J. M. Stewart, M. Chapple, C. Gibson, Wiley, 2012, 6th Edition.
"Corporate Computer Security", R. J. Boyle, R. R. Panko, Prantice Hall, 2015, 4th Edition.
"Build Your Own Security Lab: A field guide for network testing", M. Gregg, Wiley, 2008.
"Applied Information Security: A Hands-On Guide to Information Security Software", R. Boyle, Prentice Hall, 2014, 2nd Edition.
"Laboratory Manual to Accompany Hacker Techniques, Tools and Incident Handling", Jones & Bartlett Learning, 2013.

Course Description:

This course introduces students to the basic concepts, goals and terminology of computer security. It provides a general overview of the computer security body of knowledge with an emphasis on the risk-based mindset that a computer security professional needs to have. Students will be exposed to both the theoretical and the practical aspects of computer security (the lab sessions will include security case studies as well as exercises using modern security tools).

Prerequisite:

Any 12 university credits at the 2000-level in any discipline.

Grading Scheme:

5 Labs - 15% (3% each)
Mini Project on Current Topics in Computer Security - 5%
Midterm - 40%
Final - 40%

Late Assignments and Missed Midterm:

Late assignments will not be accepted, unless a prior arrangement is made with the instructor.
Makeups of missed midterm exams are only possible in extremely exceptional situations (such as verifiable medical emergencies) or by arrangement well prior to the exam, provided there is an extremely compelling reason.

Academic Honesty:

"The Department takes the matter of academic honesty very seriously. Academic honesty is essentially giving credit where credit is due. And not misrepresenting what you have done and what work you have produced. When a piece of work is submitted by a student it is expected that all unquoted and uncited ideas and text are original to the student. Uncited and unquoted text, diagrams, etc., which are not original to the student, and which the student presents as their own work is considered academically dishonest." For more see: Department of Computer Science Academic Honesty Guidelines.

Mini Project on Current Topics in Computer Security

The goal of Mini Project is to provide students with an opportunity to conduct independent Internet-based research on a security-related topic of their interest, as well as to practice their team-work and presentation skills.
In particular, during the course of the term, teams comprising 3 students each will conduct a study on a current topic in computer/information/cyber security. The findings of this study will subsequently be presented to the class in the form of a 5-min presentation.
Further details concerning the project's scope, timeline, as well as the final presentation tips and requirements are provided in the following document: Mini Project - Tips, Requirements and Timeline.

Mini Project: Important dates
- by January 12:   Teams of 3 students formed. Presentation dates determined.
- at least one week before Team X presentation:   Team X informs the instructor about their selected topic.
- at least 2-3 days before Team X presentation:    Team X emails a preliminary copy of their presentation to the instructor.