Introduction to Computer Security

Instructor: Wu-chang Feng
Class: (Zoom link)
Attendance:Form link
Contact and discussion: Office hours: here
TA: TBD
TA Office hours: TBD
Resources

Schedule

Week Topic Slides Labs Due on Monday
1 Introduction
Careers and Roles in Cybersecurity (CyberPDX)
Principles and Approaches
Access Control and Authorization
2 Linux and Linux security
  • Linux files, processes, and commands
  • Linux users, groups, and permissions
3 Applied cryptography
  • Encoding, Hash functions, Message Authentication Codes
  • Symmetric, Asymmetric (Public-Key) encryption
  • Digital signatures, Certificates, Key exchange protocols, Perfect Forward Secrecy
4 Authentication
  • Password security, Multi-factor authentication, Passwordless authentication
  • Zero-trust networks and continuous authentication
5 Network security I
  • Data-link layer (802.11, WPA2, ARP)
  • Network layer (IP, CIDR, NAT, firewalls and filtering, network segmentation, VPNs, whois, network intelligence)
6 Network security II
  • Transport layer (TCP, TLS, certificate authorities and transparency, certificate revocation)
  • Application layer: DNS security (DNS, DNSSEC, DoH, DoT, Oblivious DNS)
  • Application layer: E-mail security (SMTP/IMAP/POP over TLS, DKIM, SPF, DMARC)
7 Host security
  • Privilege escalation, TOCTOU, race conditions,Malicious code (worms, viruses, rootkits)
  • IDS/IPS/EDR, signature detection, anomaly detection, blocklisting and allowlisting, host forensics
  • Software signing, Virtualization and isolation techniques, File system backup and encryption
8 Software security
  • Programming language and CPU security, Memory corruption, Canaries, ASLR, Return-oriented Programming
  • Supply-chain and developer security, Shift-Left, SAST/DAST, Security as Code
9 User security
  • User attacks (OSINT, Spam, Phishing, Business Email Compromise, Scams, Fraud)
  • Privacy (Do-not-track, Right to forget, Browser profiles, Cookies and super-cookies)
  • Anonymity (Tor, Onion services, Dark Web, SecureDrop, Signal and end-to-end encryption)
10 Frameworks, policy, and law
  • Mitre Att&ck Framework, CIS controls
  • Vulnerabilities Equity Process, Defend forward, Hacktivism, Lawful intercept
  • Compliance (GDPR, PCI-DSS, HIPPA, COPPA)
  • Surveillance issues (Lawful intercept, EARN-IT, Pegasus malware)

Assignments

As part of the lab work, you will maintain lab notebooks (a Google Doc, Microsoft Office, or LibreOffice file) that will contain your write-ups of each lab. The write-up should include answers to questions asked and screenshots of the completed work (via gnome-screenshot, gimp, Print Screen, etc.). The notebook will be graded based upon thoroughness and clarity of the write-ups. While you are encouraged to work together on labs, each student should submit an individual notebook each week. Notebooks must be submitted in a Gitlab repository shared out to the instructor and TA.

Course objectives

  • Explain the concepts of confidentiality, availability and integrity.
  • Explain standard models of confidentiality and integrity (such as Bell LaPadula and Biba)
  • Explain standard access control mechanisms (mandatory, discretionary, originator controlled) and how they can be used in conjunction with security models.
  • Describe use of cryptographic algorithms in various secure protocols including digital signatures, hash functions, symmetric key, and public key cryptography.
  • Explain various forms of authentication and multi-factor authentication
  • Explain security issues in network, host, information, software, and application security and how they are addressed
  • Explain security issues involving people and how social engineering attacks can be addressed.

Policies

Grading
Attendance 5%
Lab notebook 75%
Final exam 20%
Academic misconduct
  • Includes allowing another student to copy your work unless specifically allowed by the instructor.
  • Results in a grade of 0 for the assignment or exam.
  • Results in the initiation of disciplinary action at the university level.