CSC 439 Computer Security

Karen Heart, MS, Instructor
kheart@depaul.edu
(312)362-1469

Syllabus

Summary of the course

This course covers core principles of computer security. Topics include : user authentication; access control (discretionary, mandatory, role-based); security auditing; database security; software security, common vulnerabilities, and secure coding practices; malicious software; and operating system security.

Textbooks and printed resources

Computer Security: Principles and Practice (3rd edition), W. Stallings and L.Brown. Pearson, 2015, ISBN 978-0-13-377392-7

Prerequisites

CSC 407

Office Hours

During classes, I will be online for office hours; please check Bluestar for times.

Assignments and Grading

Overview

There will be two (2) homework assignments, weekly presentation assignments, a Midterm Exam, and a Final Exam.

Sec. 1. Homework Assignments

The homework exercises are designed to reinforce learning the concepts covered in class. The exercises involve coding and scripting.
You should complete these exercises individually in order to maximize your benefit; however, you may discuss the problems with your classmates.
Each homework is worth ten (10) points. Moreover, I will devise some of the questions for the exams from these assignments.
The official platform for this course is single CPU LXLE, which is based on Ubuntu. You may use any compatible version of Ubuntu/Debian. Regardless of the version that you select however, you must restrict your system to a single CPU; the presence of multiple CPU's will mask your code errors, which will be detected in the grading process! Moreover, the programming languages that you may use for assignments are limited to the following:
1. Python 3
2. OpenJDK Java
3. C++
4. C#
Your exercise submissions will be graded only on this platform. You are responsible for securing a working LXLE (or compatible Ubuntu/Debian) environment in order to test your work; however, I will supply specific instructions for downloading and installing LXLE as a Virtual Machine (VM) using the Virtualbox hypervisor.

Sec. 2. Weekly Presentation Assignments

Students will present weekly on selected cybersecurity topics.
Students must sign up for a presentation date by enrolling in one of the presentation groups on D2L.
Students must submit the topic for my approval in advance. The student must submit this information on a designated Discussion page on D2L or by email.
For details, see the Presentation Requirements document posted on D2L, under "Start Here" in Content.
The Presentation assignment is worth twenty (20) points towards your final grade.

Sec. 3. Midterm Exam

The Midterm Exam will test your knowledge of the material covered by the lectures, readings, and homework assignments up to the date of the exam.
The exam is worth thirty (30) points.

Sec. 4. Final Exam

The Final Exam is comprehensive and, therefore, will test your knowledge of all of the material covered by the lectures, readings, and homework assignments.
The exam is worth thirty (30) points.

Sec. 5. How Your Grade for the Course Is Calculated

Your final grade for the course is simply the addition of points from the homework assignments, weekly participation assignments, and the exams.

I will not curve the course grades; therefore, you must earn at least seventy (70) points in order to pass the course.

Alternative grade procedure for exams: If you have a documented disability, such as a history of extreme test taking anxiety, please see me for accommodation.

Approach

Lecture material will be prerecorded and uploaded to D2L for you to view. Topics will be further discussed during online sessions, including the review of presentations.

Policy on Working Together

Each student is expected to turn in original work for the assignments. Copying code or other documents from another person is considered a serious violation of the university's academic integrity policy (see below).

Topics

Week	Topics	Reading Assignment
1	Overview of CIA; access control lists; access control beyond ACL's	Ch. 1, Ch. 4
2	Cryptography; passwords; key encryption; TLS/SSL and HTTPS; IPSec; physical deployment of encryption; firewalls; Kerberos; Heartbleed bug; shell attacks	Ch. 3
3	Network mapping; DOS attacks; SQL Injection; XSS attacks; CSRF attacks; buffer overflow attacks; invalid pointers; malware; metasploit; threat modeling (Part I)
4	Threat modeling (Parts II and III)
5	Digital forensics
6	Midterm exam, available online
7	Forensic investigations
8	Controls
9	System protections
10	Legal and ethical issues
Final Exam	Exam available online

Attendance

Completion of the Presentation exercise will constitute your participation in the course.

Academic Integrity and Plagiarism

This course will be subject to the university's academic integrity policy. More information can be found at http://academicintegrity.depaul.edu/. NOTE: All students are expected to abide by the University’s Academic Integrity Policy which prohibits cheating and other misconduct in student coursework. Publicly sharing or posting online any prior or current materials from this course (including exam questions or answers), is considered to be providing unauthorized assistance prohibited by the policy. Both students who share/post and students who access or use such materials are considered to be cheating under the Policy and will be subject to sanctions for violations of Academic Integrity. If you have any questions be sure to consult with your professor.

Academic Policies

All students are required to manage their class schedules each term in accordance with the deadlines for enrolling and withdrawing as indicated in the University Academic Calendar. Information on enrollment, withdrawal, grading and incompletes can be found at: http://cdm.depaul.edu/enrollment.

Students with Disabilities

Students who feel they may need an accommodation based on the impact of a disability should contact the instructor privately to discuss their specific needs. All discussions will remain confidential. To ensure that you receive the most appropriate accommodation based on your needs, contact the instructor as early as possible in the quarter (preferably within the first week of class), and make sure that you have contacted the Center for Students with Disabilities (CSD) at: csd@depaul.edu.
Lewis Center 1420, 25 East Jackson Blvd.
Phone number: (312)362-8002
Fax: (312)362-6544
TTY: (773)325.7296

Online Course Evaluations

Evaluations are a way for students to provide valuable feedback regarding their instructor and the course. Detailed feedback will enable the instructor to continuously tailor teaching methods and course content to meet the learning goals of the course and the academic needs of the students. They are a requirement of the course and are key to continue to provide you with the highest quality of teaching. The evaluations are anonymous; the instructor and administration do not track who entered what responses. A program is used to check if the student completed the evaluations, but the evaluation is completely separate from the student’s identity. Since 100% participation is our goal, students are sent periodic reminders over three weeks. Students do not receive reminders once they complete the evaluation. Students complete the evaluation online in CampusConnect.

Changes to Syllabus

This syllabus is subject to change as necessary during the quarter. If a change occurs, it will be thoroughly addressed during class, posted under Announcements in D2L and sent via email.

School Policies

Policies of the school are explained on the webpage for this course on my.cdm.depaul.edu.