CIS 458: System Security (Fall 2016)

Course Information

Lecture time: TR 1:00 - 1:50 PM
Lecture location: Mackinac Hall B-1-124
Lab time: T 12:00 - 12:50 PM
Lab location: Mackinac Hall A-1-171
Textbook: Computer Security Principles and Practice, Third Edition, by William Stallings and Lawrie Brown
Syllabus: 458f16syllabus.pdf

Instructor

Andrew Kalafut
Email: kalafuta at gvsu dot edu
Office: Mackinac Hall C-2-309
Office Hours: MWF 11:00 - 11:50 AM, T 10:00 - 10:50 AM, R 2:00 - 2:50 PM

Exams

Midterm

Date: Tuesday, October 13, 2016

Please see the midterm guide for a list of topics.

Final

Date: Monday, December 12, 2016 12:00 - 1:50 PM

Please see the final exam guide for a list of topics.


Homework

AssignmentDue Date

Presentation

Each student will be reqiured to give a presentation in the last regular week of class. These presentations should be done in groups of 2-3 students. Each group will have approximately 15 minutes to present on a security topic of their choice (the exact amount of time will be specified once groups are established). As specified in the syllabus, this presentation is worth 10% of your course grade.

Your presentation may be on any topic related to the class, but must not be a duplication of material covered in lecture or lab. Examples of good topics are specific types of attacks not discussed in lecture, specific recent attacks that have taken place, and sepcific security technologies not covered in lab. Topics and groups must be emailed to the instructor, with a subject line including "CIS458", by Nov 10.

Each student must contribute to the development of your presentation and speak during the presentation. 20% of the presentation grade will be based on your visuals aids. This does not mean you need a powerpoint slide show, but you may use one if you would like. If your presentation consists of you reading the text off of your visual aid, you will lose some points in this category. 30% of your grade will be based on presentation skills. This will be evenly divided between organization, timing (do not go over your group's time) and communication skills. 50% of the grade will be based on on depth and accuracy of technical content. Your audience is students who have taken this class. Therefore, do not spend more than a minute or two on material already covered in class. However, also do not assume security knowledge beyond what has been covered in class. Each group member will be graded individually on visuals and presentation skills, and as a group on technical content.


Lab Schedule

DateToipcAssignmentDue Date
9/1/2016Security overview (ch 1)No Lab AssignmentN/A
9/8/2016Cryptography ToolsEncryption with OpenSSL9/15/2016
9/15/2016Programming CryptographyEncryption with the Java Cryptography API9/22/2016
9/22/2016PasswordsPassword Cracking Lab9/29/2016
9/29/2016Access ControlLinux Capability Assignment10/6/2016
10/6/2016Database/Web SecuritySQL Injection Lab10/20/2016
10/20/2016Intrusion DetectionTripwire Lab11/3/2016
11/3/2016Firewallsiptables firewall lab11/10/2016
11/10/2016Honeypotshoneypots lab11/17/2016
11/17/2016Buffer overflowBuffer Overflow Attack12/1/2016
12/6/2016PresentationsN/AN/A

Lecture Schedule

Note: This schedule is approximate and subject to change depending on speed of coverage or other circumstances.

DateTopicReading
Tue, Aug 30 Course Intro N/A
Thu, Sep 1 Cryptography basics 2.1, 2.5
Tue, Sep 6 Labor day break N/A
Thu, Sep 8 Stream ciphers and block cipher modes 20.4 - 20.5
Tue, Sep 13 Asymmetric Cryptograpy Algorithms 2.3, 21.3 - 21.4
Thu, Sep 15 Digital Signatures and Message Authentication 2.2, 2.4, 21.1 - 21.2
Tue, Sep 20 Password based authentication 3.1 - 3.2
Thu, Sep 22 Other authentication methods 3.3 - 3.8
Tue, Sep 27 Discretionary Access Conrol 4.1 - 4.4
Thu, Sep 29 Role Based Access Control 4.5 - 4.8
Tue, Oct 4 Database Security Chapter 5
Thu, Oct 6 Malware Propagation 6.1 - 6.5
Tue, Oct 11 Malware Payload 6.6 - 6.10
Thu, Oct 13 Midterm N/A
Tue, Oct 18 Denial of Service Chapter 7
Thu, Oct 20 Intrusion Detection Chapter 8
Tue, Oct 25 Firewall Types and Configuration 9 - 9.3
Thu, Oct 27 Firewall Location 9.4 - 9.6
Tue, Nov 1 Email Security 22.1 - 22.2
Thu, Nov 3 SSL/TLS 22.3 - 22.4
Tue, Nov 8 Network Authentication Chapter 23
Thu, Nov 10 Wireless Network Security Chapter 24
Tue, Nov 15 Buffer Overflow Chapter 10
Thu, Nov 17 Software Security Chapter 11
Tue, Nov 22 Operating System Security Chapter 12
Thu, Nov 24 Thanksgiving break N/A
Tue, Nov 29 Formal Security Models 13.1 - 13.2
Thu, Dec 1 Trusted Systems and TPM 13.3, 13.5
Tue, Dec 6 Presentations N/A
Thu, Dec 8 Presentations N/A