Class Notes

Notes:

The order of topics covered or dates specified are subject to change. Any changes will be discussed in class.

Class notes will be placed here.

• Chapter 1: Introduction
  • Intro
  • Threats
  • Types of Threats
  • End of Chapter 1
• Lab 1
• PwnKit Lab
• Chapter 2: Authentication, Access Control and Cryptography
  • Intro
  • Authentication/Passwords
  • Other Authentication
  • Access Control, Background
  • Access Control, Implementation
  • Introduction to Cryptography
  • Cryptography II
  • DES
  • Public/Private Keys
• Chapter 3: Programs and Programming
  • Intro
  • Wombat
  • Hardware Background
  • Overflow Overview
  • Finish Overflow
  • Incomplete Mediation
  • More Programmer Errors
  • Introduction to Malware
  • Harm from Malware
  • Transmission of Malware
  • Activation of Malware
  • Countermeasures
  • More Countermeasures
  • Countermeasures that Don't work
• Chapter 4: The Web - User Side
  • Introduction
  • Browser Attacks
  • Web Attacks Targeting Users
  • A Quick Tutorial on SQL/PHP/Web Pages
  • SQL Injection Attack
  • Cross Site Scripting
  • Other User Attacks
  • Email
• Chapter 5: Operating Systems
  • Introduction and Background
  • OS Design to Protect Objects
  • Some OS Tools to implement security
  • Rootkits

Course Outline:

1. Crosscutting Concepts in Cybersecurity
   1. Confidentiality, integrity, availability
   2. Risk
   3. Adversarial thinking
   4. Systems thinking
2. Software Security
   1. Fundamental design principles for secure software
   2. Security requirements and their role in system design
   3. Implementation issues
   4. Software testing
   5. Ethics related to development, testing and vulnerability disclosure
3. Component Security
   1. Vulnerabilities of system components
   2. Component life cycle
4. Connection Security
   1. Introduction to data communications
   2. Network architectures and models
   3. Connection and transmission attacks
5. System access and authentication
   1. Basic cryptographic concepts
   2. Authentication methods
   3. Identity
   4. Attacks and mitigation measures
6. Human Security
   1. Social engineering
      1. Types of social engineering attacks
      2. Psychology of social engineering attacks
   2. Awareness and understanding of security issues
      1. System misuse and user misbehavior
      2. Proper behavior under uncertainty
      3. Enforcement and rules of behavior
   3. Privacy
      1. Social and behavioral privacy
      2. Social media privacy and security
7. Organizational Security
   1. Risk and risk management
   2. Secure governance and policy
   3. Systems administration
8. Societal Security
   1. Cybercrime
   2. Cyber ethics
   3. The role of policy