Course Syllabus
Instructor:
Prof. Zhou Li (Engineering Hall 3227)
Course Info:
Mon, Wed, Fri 9:00AM - 9:50AM, DBH 1429
Office hour: Mon 3pm-5pm (by appointment if needed)
Prerequisite:
Basic knowledge of OS, network and applications.
Knowledge of programming language, especially C.
The student needs to have a machine that can run virtual machine (Ubuntu 16.04 VM, see details).
Course Description:
This course will teach the principles and practices of system security as applied to software-, network-, and hardware-layer. It covers the foundations and techniques of analyzing the security of systems and building secured systems. In addition to the content described by the textbook, the course will also let students have hands-on experiences by playing attacks and defense in an emulated environment.
Main questions to be discussed in this lecture:
- What does real-world cyber-attack look like?
- What techniques are available to make system secured?
- What security and privacy principles should we follow?
What are we going to do during this lecture:
- We will follow chapters in the required textbook.
- We will also demonstrate the real attacks and defenses in the recommended lab textbook.
Textbook:
 |
Textbook A Security in Computing, 5th edition (required)
|
 |
Textbook B COMPUTER SECURITY, A Hands-on Approach (recommended)
|
Course Policies:
- Attendance at lecture and discussion sections is required. It is the student's responsibility to make prior arrangements with the instructor for any absence known in advance.
- Assignments are listed on the "Assignments" page. They are assigned on a weekly or bi-weekly basis and the due dates are indicated during lectures. You are encouraged to discuss with other students, and refer to course materials, but need to write down your own answers/code.
- Late policies: Home work turned in after the due date/time will not be graded and will receive no credit. Make-up assignments can only be arranged for absence due to medical (or similar) reasons. Proper documentation is required. Caveat: You will have one chance (only one!) to submit assignment late without asking for permission (no later than 24 hours).
- Academic Honesty: The complete policy statement on academic honesty is published in the UCI Schedule of Classes. Under no circumstances are students allowed to work together on any of the examinations. Cheating is a dishonest representation of the course work, including but not limited to cheating on an exam, fraudulently presenting lab exercises or assignments by someone else as one's own, or getting someone else to take the course. It is a serious academic offense that will not be tolerated. Cheaters can expect to receive a failing grade and will be punished under University regulations.
Grading Policies:
| Assignment and quiz | 45% |
| Midterm exam | 15% |
| Final exam | 40% |
Tentative Class Schedule:
- Week 1: Class Introduction & basic security principles, crypto (chapter 1 & 2)
- Week 2: Crypto and software vulnerabilities (chapter 1, 12 and 3)
- Week 3: Software vulnerabilities (chapter 3)
- Week 4: Operating Systems (chapter 5)
- Week 5: Mid-term and Operating Systems (chapter 5)
- Week 6: Network security (chapter 6)
- Week 7: Web (chapter 4)
- Week 8: Database and Cloud computing (chapter 7 and 8)
- Week 9: Privacy (chapter 9)
- Week 10: Management and incidents, emerging topics (chapter 10 and 13)
- Week 11: Final exam
| Week | Date | Topic | Readings & Comment |
| 1 | 04/01/2019 | Intro | Textbook A chapter 1 [slides] |
| 1 | 04/03/2019 | Authentication | Textbook A chapter 2.1 [slides] |
| 1 | 04/05/2019 | Access Control | Textbook A chapter 2.2, SELinux [1, 2] [slides] |
| 2 | 04/08/2019 | No class | Instructor travel |
| 2 | 04/10/2019 | Cryptographic basics | Textbook A chapter 2.3 before DES and chapter 12.1, 12.2 (RC2-RC6) [slides] |
| 2 | 04/12/2019 | Cryptographic basics | Textbook A chapter 2.3 DES to trust and chapter 12.2-12.4 [slides] |
| 3 | 04/15/2019 | Cryptographic basics | Textbook A chapter 2.3 and chapter 12.5 [slides] |
| 3 | 04/17/2019 | Class canceled | Instructor sick leave |
| 3 | 04/19/2019 | PKI | Textbook B chapter 18 (PKI) or [1] [slides] |
| 4 | 04/22/2019 | Software vulnerabilities | Textbook A chapter 3.1 [slides] |
| 4 | 04/24/2019 | Software vulnerabilities | Textbook A chapter 3.2 [slides] |
| 4 | 04/26/2019 | Lab instructions | Textbook B chapter 4 [pdf link] [slides] |
| 5 | 04/29/2019 | No class | Instructor travel |
| 5 | 05/01/2019 | OS Security | Textbook A chapter 5.1 and 5.2 [slides] |
| 5 | 05/02/2019 | Make-up session | New time 4-4:50 PM and new classroom DBH 1420 Textbook A chapter 5.2 and 5.3 [slides] [video link] |
| 5 | 05/03/2019 | Mid-term! | |
| 6 | 05/06/2019 | Network security | Textbook A Chapter 6.1-6.3 [slides] |
| 6 | 05/08/2019 | Network security | Textbook A Chapter 6.4-6.5 [slides] |
| 6 | 05/10/2019 | Network security | Textbook B Chapter 6.6-6.7, Textbook B Chapter 19 (or TLS wiki) [slides] |
| 7 | 05/13/2019 | Network security | Textbook B Chapter 6.7-6.8, Textbook B Chapter 19 (or TLS wiki) [slides] |
| 7 | 05/15/2019 | Lab instructions | Textbook B Chapter 13 [link] [slides] |
| 7 | 05/17/2019 | Web security | Textbook A Chapter 4.1-4.2 [slides] |
| 8 | 05/20/2019 | No class | Instructor travel |
| 8 | 05/22/2019 | Web security | Textbook A Chapter 4.3-4.4 Textbook B Chapter 10 (XSS, other link) [slides] |
| 8 | 05/24/2019 | Web security | Textbook Chapter 9 (XSRF, other link) [slides] |
| 9 | 05/27/2019 | No class | Memorial day |
| 9 | 05/29/2019 | Database security | Textbook A Chapter 7.1-7.3 [slides] |
| 9 | 05/31/2019 | Database security | Textbook A Chapter 7.4-7.6 [slides] |
| 10 | 06/03/2019 | Database security | SQL injection [link] [slides] |
| 10 | 06/05/2019 | Emerging topics | Cloud Security (Textbook A Chapter 8.4-8.6) Mobile security [slides] |
| 10 | 06/07/2019 | Emerging topics and course summary | IoT security (Textbook A Chapter 13.1) [slides] |
| 11 | 06/12/2019 | Final! |
Make-up sessions
Course Summary:
| Date | Details | Due |
|---|---|---|