Add to collection(s) Add to saved
  1. No category
Uploaded by mdx

CYBR 4360 Course Outline Fall 2020

advertisement 
CYBR 4360/8366 – Foundations of Information Assurance
Course Outline
Time:
Location:
At your convenience!
Also at your convenience!
The instructor:
Bill Mahoney
PKI 281-E
554-3975 (But…)
wmahoney@unomaha.edu
The course description:
Contemporary issues in computer security, including sources for computer
security threats and appropriate reactions; basic encryption and decryption;
secure encryption systems; program security, trusted operating systems;
database security, network and distributed systems security, administering
security; legal and ethical issues. (Cross-listed with CYBR 8366, CSCI 8366).
Prerequisite(s)/Corequisite(s): CSCI 3320 or CSCI 8325 OR ISQA 3400 OR By
instructor permission.
Course objective:
Gain a thorough understanding of the foundational principles in the field of
Information Assurance. How?
•
•
•
•
•
Lectures, readings, and self-study
o Study of foundational/landmark papers and reports
Case studies involving current topics and issues
Guest lectures, educational videos, and clips
Class projects and reports
Hands-on laboratory experience
Expected outcomes:
•
A comprehensive overview of the subject area
o What are the primary topics?
§ What do we already know about them?
§ Are we using what we already know?
§ What are the challenges?
1
•
•
§ Past, Current and Future trends
A way to “think” about the concepts and materials
Prepare for more extensive study in the subject
Course topics:
•
•
•
•
Concepts and fundamental ideas, vocabulary and foundational literature
base central to the study and development of secure information systems.
Introduce the notion of “Threat” to an information system
o Explore technical and procedural approaches to mitigating the threat
o Give some consideration to the measurement of the success of the
mitigation approaches.
Introduce the technical concepts of secure system design and development
Introduce mechanisms for building security services
My expectations from students:
•
•
•
•
Students are expected to know how computers are organized, how they
compute and how they communicate
Be highly curious and have an uncommon passion for learning
Eager to read and ability to synthesize an understanding of class topics
from multiple sources
Typical students in the class are seniors or graduate students
The textbook:
All course books and readings are either available as e-books through the
library or available in Canvas. You don’t have to buy them. To access e-books,
you will need to connect to Nebraska VPN or use an on-campus lab computer.
Information about connecting to Nebraska VPN can be found here:
https://www.unomaha.edu/information-technology-services/informationsecurity/vpn/connecting-nebraska-vpn.php
Security in Computing by Charles Pfleeger 3rd Edition and 5th edition ebooks, Prentice Hall. These are available online based on our library
subscription. Here’s the links for the 3rd and 5th editions:
https://www.safaribooksonline.com/library/view/security-in-computing/0130355488/
https://learning.oreilly.com/library/view/security-in-computing/9780134085074/
This book will provide the primary organization of the class. However, you
should expect significant departures on many occasions.
2
Lab textbook: Penetration testing: a hands-on introduction to hacking
by Georgia Weidman and Peter Van Eeckhoutte for labs. An e-book is
available here:
https://www.safaribooksonline.com/library/view/penetration-testing/9781457185342/
Other Reference Texts:
Secrets and Lies by Bruce Schneier. E-book:
https://www.safaribooksonline.com/library/view/secrets-and-lies/9781119092438/
Security Engineering by Ross Anderson, 3rd edition, available online:
https://www.cl.cam.ac.uk/~rja14/book.html
The Multics System: An Examination of Its Structure by Elliot
Organick, along with a ton of other things we will look at, is at:
https://unomaha.box.com/v/4360readinglist
Additional Readings:
Links to foundational report, papers, book chapters, and essays will be made
available in Canvas Modules as we progress through the class.
Instruction Method:
The course will be presented primarily in lecture form (videos for online
section) with or without using PowerPoint slides. Students will be expected to
participate in discussions of the various topics as they are covered in class. In
addition to the study of the reading materials, students must do assignments
and projects as assigned. I will place a very high reliance on your abilities on
finding things on the Internet, including scholarly articles in IEEE and ACM
databases.
The IEEE and ACM links, if accessed using UNO VPN
or from a campus computer should allow free download of articles.
http://ieeexplore.ieee.org/Xplore/home.jsp
http://dl.acm.org
3
https://scholar.google.com
Information Assurance Vocabulary:
The foundational ideas in this field are often expressed using vocabulary that
is specific to the subject matter. Often extensive metaphors are used to
explain the subject matter. It is critical for you to have a good mastery of the
English language.
Current literature is full of vague usage and interpretations of the subject
matter discussed in this class. I expect that you are able to understand,
define and articulate the notions of the subject matter clearly and thoroughly.
Discussions:
Every week, each student is expected to contribute to a news discussion and
exam question discussion on Canvas, by the indicated due dates. Both of
these discussions will be graded.
News Discussion
These are case studies based on current information security news and issues
chosen by students and will be discussed on Canvas. Your contribution/post
to the news discussion must include these sections:
•
•
•
•
•
Headline: The news article headline
Date: The date the news article was published (recent preferred)
Link: The URL or reference to the source of the article.
Gist: 2-3 sentences from the news article that highlights the main story.
Relevance and Further Research: Self-authored short and incisive 2-3
sentences that outline your opinions on the story or provides any
additional information, definitions, explanations or references for other
readers.
Here is a sample contribution to the news discussion:
4
Exam Question Discussion
Your contribution to the exam questions discussion will require you to
prepare and share one question and its answer based on recent lectures or
assigned course readings/textbooks/labs/books. Construct items such that
they would be appropriate to be included in class assessments like quizzes
and exams. The items can be short essay type, multiple choice, fill in the
blanks, match the following, etc.
Here is a sample contribution to the exam question discussion:
Discussion Participation
Once you have contributed to the discussion, you will be able to see what
others have added. Here are guidelines to participate in any discussion in the
class:
5
•
•
•
•
Post an original thread with your contribution.
Reply to others in the course and provide them with feedback.
“Like” posts and comments to provide informal positive feedback.
Always feel free to ask and answer questions on the discussion board.
In weeks of holidays and exams the discussions will not be posted on Canvas.
I may also skip a few weeks to balance course load. It is best to keep an eye
on Canvas to check if something is due.
Projects:
All students will complete two independent projects for this course. This
includes a Writing project and a Tool Review project. For the writing project
you will produce an annotated bibliography on a cybersecurity topic of your
choice. For the Tool Review project, you will demonstrate a tool/API/webservice in a short, recorded presentation.
Writing Project
The goal of the writing project is to develop an annotated bibliography on a
cybersecurity related topic of your interest. The final compiled paper needs to
include the following five parts:
1. Visual Presentation: A cover page with paper title and author
information, table of contents, appropriate section headings throughout
the paper and captions (with citations) for any figures and tables. Use the
following formatting throughout the paper: 12 pt size, Times New Roman
font, single spaced, 1-inch margin all around.
2. One-page extended abstract. The extended abstract will introduce the
topic to the reader and provide a preview of the key insights gained from
the sources annotated in the paper.
3. Annotated bibliography section with annotations for at least 7 scholarly
articles and at least 3 practitioner presentations.
•
Each annotated source will include a citation, summary, evaluation
and reflection. Each annotation (summary, evaluation, reflection) for a
source should be about a page in length (try not to go over a page).
o Citation - Create a standard MLA citation for the source.
6
o Summary - Include all the main points with detailed information
that demonstrates critical evaluation of the entire source. This will
be the major portion of your annotation.
o Evaluation – Evaluate the credibility of the findings presented in
the source from one or more of the following perspectives: The
suitability of the research method (experiment, mathematical
analysis, case-study, archive analysis, survey, data analysis, etc.)
used to make the main points; the credibility of the research team
and any bias in their point of view; do the findings align with
information from other sources?
o Reflection – Reflect on the usefulness of this source to enlighten the
reader about new information about your selected topic.
Graduate students will do additional work. They should annotate at least
10 scholarly articles and at least 5 practitioner presentations. The paper
should also reflect additional graduate-level maturity in the analysis and
synthesis of the research reviewed.
When selecting the scholarly articles and practitioner presentations, be
cognizant of the type of source and their credibility. Your bibliography
should be based on diverse views from credible sources.
Types of Sources and their Credibility:
https://owl.purdue.edu/owl/research_and_citation/conducting_research/research_over
view/sources.html
4. One-page conclusion. The conclusion should demonstrate your ability to
synthesize information from the sources you annotated, to develop
suggestions for areas yet to be addressed by research or practice. You can
find more guidance for how to synthesize (not summarize) information
from different sources here:
https://owl.purdue.edu/owl/research_and_citation/conducting_research/research_over
view/synthesizing_sources.html
5. References: Include a list of references. You might consider https://zbib.org
to generate MLA formatted citations. All citations should be cross
referenced from the main text of the paper.
Just googling for open Internet sources will not be enough. For access to good
quality scholarly work, you will need to use the UNO Library. The library has
subscriptions to many databases such as IEEE Explore and ACM digital
7
library of peer-reviewed and published research articles. Here are some links
(a couple are repeats from above):
http://ieeexplore.ieee.org/Xplore/home.jsp
https://www.computer.org/csdl/magazines/sp
http://dl.acm.org
https://scholar.google.com
Practitioner focused Black Hat Briefings (BHB) and DEFCON presentations
are available freely on the Internet. Here’s a couple links for those:
http://www.defcon.org/html/links/dc-archives.html
https://www.blackhat.com/html/archives.html
The final paper will be made available for other classmates to read and
comment.
Tool Review Project
For this project you will identify a “non-trivial” cybersecurity tool/API/webservice to review. You will need to accomplish the following:
•
•
•
Develop a testbed to install and/or demonstrate the tool capabilities for a
live demonstration. I recommend developing a virtual environment where
the tool can be safely installed and tested.
Develop tests to evaluate how well the tool provides its advertised
cybersecurity capabilities.
Record a presentation: Record a 10-minute lightning talk. This will
include a brief demonstration of the tool selected with the developed tests.
In the presentation also briefly describe the background of the tool, what
it does, how it works, where it might be used, uses, shortcomings, and
considerations for its successful use. A live demonstration of the tool is
required in your recorded talk.
The recorded presentation will be made available for other classmates to view
and comment on in Canvas. The talk can be recorded by the student using
capabilities available through the UNO VidGrid (https://app.vidgrid.com), or of
course if you prefer some other tool to make videos that is fine.
If you do use VidGrid, you can sign in to VidGrid using the enterprise login
option with unomaha netid credentials.
8
The video repository is here:
https://app.vidgrid.com/content/nULlSBEc5NJB
You can use the STEAL labs environment or get virtualization software that
will allow you to experiment with your selected security tool safely. UNO
students can download Windows and VMWare products from here:
https://unomaha.onthehub.com
Once you sign in with your unomaha credentials, the available products
should be displayed. Other recommended virtualization solutions are
Virtualbox or Docker, which are both open source and free. Linux-based OSes
are also available for free. Here’s some links that might help:
https://sectools.org
https://owasp.org
https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools
https://www.owasp.org/index.php/Source_Code_Analysis_Tools
A number of blogs are available that aggregate links to cybersecurity tools.
These links above are provided just to get you started and should not be
considered an exhaustive list.
Feedback on Topic and Tool selection
Early in the semester, you will be selecting your topic and tool for the project.
You will be communicating these selections to me via a one-page project
proposal document to receive feedback. The project proposal will include two
paragraphs and some references:
•
•
First paragraph (Writing Project): Include discussion to address the
following: What is the title of your project; What search phrases and
keywords will you use to find scholarly articles and practitioner
presentations on the topic; What do you expect to find in your sources;
What is the time period that you will focus on to find relevant sources?;
What will be your criteria to prioritize and select sources to be annotated?
Second Paragraph (Tool Review Project): Include discussion to address the
following: Name of the tool are you planning to evaluate; What are the
tool capabilities? What sort of a testbed will you need to test its
capabilities? What tests are you planning to perform? What additional
9
•
hardware and software will you need for your testbed and what is your
plan to acquire these?
References (Not included in one-page limit): Include a list of references
that you have consulted in selecting your topic and tool. You could
consider using https://zbib.org to generate MLA formatted citations. All
citations should be cross referenced from the main text.
The unfortunate but necessary paragraph on plagiarism:
I encourage students to discuss problems, study together for tests, and so
forth. There is an acceptable limit to this cooperation, however. The limit is
reached when, for example, more than one person turns in the same or
extremely similar work, read answers off of their baseball cap during a test,
etc. Make your work reflect your skills and not someone else’s skills. Anyone
discovered cheating or plagiarizing other people’s work will receive a failing
grade in this class.
Having said that, I mean that we want to share ideas, talk a lot in class or
online, and do on. So, take that paragraph with some flexibility. Want to ask
questions of other students? Stuck on an assignment? Hit the Canvas
discussion board! I will watch it too!
Guidance for Quoting, Paraphrasing and Summarizing:
https://owl.purdue.edu/owl/research_and_citation/using_research/quoting_par
aphrasing_and_summarizing/index.html
UNO Policy:
http://www.unomaha.edu/student-life/student-conduct-and-communitystandards/policies/academic-integrity.php
The grading:
See Canvas for details per-assignment. But here’s the overall grading:
What?
Midterm Exam
Final Exam
Lab Exercises
Writing Project
Tool Review Project
Class Participation Assignments
10
So…
15%
15%
20%
15%
15%
20%
And the grades:
Scale
>= 97 to 100
>= 93 to < 97
>= 90 to < 93
>= 87 to < 90
>= 83 to < 87
>= 80 to < 83
Just keep subtracting 10.
< 60
A+
A
AB+
B
BF
Late work policy:
Late assignments will result in a 5% grade penalty for every 24 hours after
the deadline posted, starting at 11:59 PM on the day of the deadline.
•
•
•
Work submitted later than 48 hours will be graded for the purpose of
feedback but will not earn credit (100% penalty).
The Late Work Policy may not apply to students who arrange (with a
reasonable excuse) to turn in the assignment late, before the actual
deadline. “My arm was eaten off by a grizzly bear” would be a valid
excuse, assuming you can prove it. Well, I guess the lack of one arm is
proof enough for me. Which reminds me of a story.
Questions about the grades should be asked within one week following the
posting of graded material on Canvas.
ABET
This applies because although this is a CYBR class it is also cross listed as
CSCI, and there are a few CSCI students in the class! So here goes.
The Bachelor of Science Information Systems (BIS) and Bachelor of Science
Computer Science (BCS) Programs are accredited by the Accreditation Board
for Engineering and Technology (ABET). This organization requires that we
keep samples of student work. Unless you specify otherwise, I may retain
your exams and assignments for accreditation purposes and return a copy to
you.
Let’s go!
11
Related documents
The benefits of exercise and The dangers of lack of exercise
The benefits of exercise and The dangers of lack of exercise
605 tree obstacle course
605 tree obstacle course
Activity 2
Activity 2
Untitled document
Untitled document
Cylo
Cylo
isitvivid
isitvivid
HL
HL
kill switch
kill switch
AP World History
AP World History
Download
advertisement