Introduction to Computer Security

Location:FAB 48 (MW 6:40pm-8:30pm)
Instructor: Wu-chang Feng (wuchang at pdx.edu)
TA: Vincent Liang (haosheng at pdx.edu)
  • Office Hours: MW 5-6pm in Fishbowl (FAB 120)
Recommended 'book':
Resources
Course Description This class provides an overview of computer security intended for a broad audience. Topics covered include basic security principles, access control, cryptography, authentication, network security, host security, application security, and privacy and anonymity with a focus on how they are embodied in actual systems.

Schedule

Week Topic Labs Due on Monday before class
1 Introduction
Careers and Roles in Cybersecurity (CyberPDX)
Principles and Approaches
Access Control and Authorization
Linux
  • Basics (files, commands)
 Labs #1 (Setup)
2
  • Basics (command I/O, shell navigation, advanced files)
  • Basics (regex, file utilities, network commands, processes)
 Labs #2 (Linux) Labs #1
3
  • Access Control (permissions, setuid, sudo)
Applied cryptography
  • Encoding, Hash functions, Message Authentication Codes
  • Symmetric, Asymmetric (Public-Key) encryption
4
  • Digital signatures, Certificates, Key exchange protocols, Perfect Forward Secrecy, Future Secrecy, Signal protocol
Authentication
  • Password security, Multi-factor authentication
 Labs #3 (Cryptography) Labs #2
5
  • FIDO/Passkeys (Passwordless authentication), Zero-trust and continuous authentication
  • Social engineering (Spam, Phishing, Business Email Compromise, Scams, Fraud)
Network security I
  • Data-link layer (802.11, WPA2)
 Labs #4 (Authentication) Labs #3
6
  • Data-link layer (ARP), Network layer (IP, CIDR, Sniffing, Spoofing, Hijacking)
  • Network layer (DDoS, IPSec/VPNs, firewalls and filtering, network segmentation, network intelligence, ICMP)
 Labs #5 (Network security) Labs #4
7 Network security II
  • Transport layer (TCP, TLS, certificate authorities and transparency, certificate revocation), Application layer: DNS security (DNS, DNSSEC)
  • Application layer: DNS security (DoH, DoT, Oblivious DNS), E-mail security (SMTP/IMAP/POP over TLS, DKIM, SPF, DMARC)
Host security
  • Host attacks (Initial access, Privilege escalation)
8
  • Host attacks (Internal recon, Lateral movement, Persistence, Impact)
  • Host defenses (IDS/IPS/EDR, signature detection, anomaly detection, blocklisting and allowlisting, Software signing, Virtualization and isolation techniques, File system backup and encryption)
Application security
  • DevSecOps
 Labs #6 (Host security) Labs #5
9
  • Programming language and CPU security, Memory corruption, Return-oriented Programming, Canaries, ASLR, Control-Flow Integrity
 Labs #7 (Application security, Privacy) Labs #6
10
  • Supply-chain security
Privacy and anonymity security
  • Privacy (OSINT, Right to forget, Browser profiles, Cookies and super-cookies)
  • Anonymity (Tor, Onion services, Dark Web)
 Final project
Finals week Final project screencast Labs #7 Final screencast (Friday, 6/13 11:59pm)

Assignments

Labs and notebook
Lab assignments will be given each class covering the course material. You will perform each one, while maintaining a lab notebook in a Google Doc that documents your progress via screenshots with your OdinID in them. The notebook should also include answers to any questions in the labs.  Notebooks should be exported as a PDF file and include a table of contents generated by Google Docs. Submission will be done via adding, committing and pushing the file to your private git repository. Use the following naming convention to submit your notebooks.
  • notebooks/Labs<labs_number>.pdf e.g. notebooks/Labs1.pdf
The notebook will be graded based upon the following rubric:
  • Neatness and organization
  • Completeness
  • Inclusion of OdinID or project identifier in screenshots

Late work

Always turn in what you have done on-time. All late work submitted will have a 20% deduction. If you submit any late work, it will be graded at the end of the last week of class. Late work must be placed in the late directory in your GitLab repository and named according to the lab number. Use the following naming convention for late work: late/LabsX.pdf. For example, a late addendum to Labs1.pdf should be submitted as late/Labs1.pdf. Late work will not be graded beyond the last week of class.

Course objectives

  • Explain the concepts of confidentiality, availability and integrity.
  • Explain standard access control mechanisms (mandatory, discretionary, originator controlled) and how they can be used in conjunction with security models.
  • Describe use of cryptographic algorithms in various secure protocols including digital signatures, hash functions, symmetric key, and public key cryptography.
  • Explain various forms of authentication and identify social engineering attacks.
  • Explain security issues in networks, hosts, and applications and how they can be addressed
  • Identify privacy issues in computing systems and how they can be addressed

Policies

Grading
Attendance and participation 5%
Lab notebooks 75%
Final project 20%
Attendance and participation
Attendance is required and will be taken each class. Two absences are allowed with no deduction regardless of the reason. You do not need to notify the instructor. Participation in the Slack channel is encouraged. You are expected to follow this code of conduct when communicating.
Academic misconduct
  • Includes allowing another student to copy your work unless specifically allowed by the instructor.
  • Results in a grade of 0 for the assignment or exam.
  • Results in the initiation of disciplinary action at the university level.