Course Syllabus - Fall B 2020
Information Assurance and Security (CSE 543)
Course Description This course provides an overview of modern information assurance (IA) and security, with a focus on computer and network security. This course will give students basic and comprehensive understanding of security from both theoretical and practical perspectives, and it will cover key security problems and their possible solutions.
Specific topics covered include:
● Security and privacy principles
● Physical security
● Personnel security
● Contingency and disaster recovery planning
● Information assurance policies
● Authentication and access control
● Administrative security controls
● Risk analysis and management
● Computer virus and malware
● Network attacking attempts
● Phishing
● Social engineering
● Software security
● Definitions of software security
● Traditional software vulnerabilities
● Modern software vulnerabilities
● Vulnerability discovery
● Vulnerability mitigation
● Secure software development
● Laws and regulations about Information Assurance
● Ethical hacking
Learning Outcomes
Learners completing this course will be able to:
● Recognize common security threats and attacking attempts.
● Identify typical vulnerabilities in programs.
● Develop secure programs.
● Analyze legal and ethical concerns of computer security activities.
● Launch attacks in ethical hacking environments.
Estimated Workload/ Time Commitment Per Week
Average of 20 hours per week
Required Prior Knowledge and Skills
This course will be challenging, and students are expected to learn the necessary technologies on their own time. If you are not already proficient in the following areas, consider expanding your skills in these areas and taking this course at a later time.
Proficient Mathematical Skills and Theoretical Understanding:
● Algebra ● Linear Algebra
● Algorithms
● Data Structures
● Computer Organization and Architecture
● Operating Systems
● Computer networking
Strong Application Skills:
● Ability to effectively read C code
● Ability to effectively read Python code
● Confidence executing at least one programming language:
○ Python
○ Java
○ C#
○ C++
○ C
Note: The course project will be completed using the language that the student chooses. However, the course team will not be able to help the student if they choose any language that is not Python, Java, or C#.
Proficient Experience:
● Clear understanding of theoretical and applied industry-relevant operating systems and computer networks (e.g., Ethernet, ARP, Routing, IP Addresses, Fragmentation, ICMP, UDP, TCP, and x86-64 assembly)
● Experience reading technical specifications and documentation
Technology Requirements
Hardware
● Personal computer with 8 GB RAM or higher and an x86-64 CPU. Must be able to install virtual machines on this computer. Computers with ARM processors (or any other architecture) will not work.
Software and Other
● Reliable Internet connection with unrestricted access to key websites that are commonly used in software development activities (e.g., GitHub and StackOverflow)
● Linux (Ubuntu 20.04 is recommended) (Ubuntu 20.04 LTS)
● A virtual machine application, such as VMware, is recommended for non-Linux. users You can get VMware for free as an ASU student (strongly recommended) and install Ubuntu 20.04 in a VM.
● Most reference code will be provided as a Python script. Therefore, Python is strongly recommended. Note: For some coursework, the course team will not be able to help you if you choose any language that is not Python, Java, or C#; therefore, to create the best learning experience, Python is strongly recommended. This is noted on the overview docs where it applies.
● Browser (e.g., Chrome, FireFox, or Microsoft Edge), an HTTP request sender (curl), and Burp Suite
● Ability to access AWS resources
● You are strongly encouraged to use Python 3 and the scapy package
Textbook and Readings
At the graduate level, inquiry, research, and critical reading are part of the learning experience; however, this course does not have a required textbook. All content is available within the course.
Course Content
Instruction
Video Lectures
Demonstration Videos
Live Events (e.g. Live Sessions hosted by the instructor of record and Virtual Office Hours hosted by the course team members)
Assessments
Assignments (graded, auto-graded) Individual Project (graded, auto-graded) Practice Quizzes (ungraded, auto-feedback) Graded Quizzes (graded, auto-graded) Practice Exam 1 (ungraded, auto-feedback) Exam 1 (proctored, graded, auto-graded)
Practice Exam 2 (ungraded, auto-feedback)
Exam 2 (proctored, graded, auto-graded)
Details of the main instructional and assessment elements this course:
Lecture videos: The concepts you need to know will be presented through a collection of video lectures. You may stream these videos for playback within the browser by clicking on their titles or download the videos. You may also download the lecture slides that are used in the videos. The lecture slides, where available, are provided with the video. Demonstration videos and interview videos do not have accompanying slides.
Discussion Forums: Discussion forums are present each week in the course, and there are designated forums for each project, assignment, and exams, so targeted questions of interest can be asked and categorized in specific spaces. Although the course team is engaged in these discussions, the forums are spaces to clarify, support, and enrich student-to-student communication and learning. If you have specific questions that you would like the instructor to consider addressing in the weekly Live Events, please indicate your request in your post.
Practice Quizzes: To help you prepare for other assessments in the course, you will be able to take practice quizzes prior to taking graded quizzes. Note that practice quizzes are not present in all weeks by design; they are only present in weeks that have graded quizzes. Designed to support your learning and prepare you for the graded quiz experience, practice quizzes are ungraded quizzes to test your knowledge of the concepts presented in all the lecture videos for that week. You may take your time, review your notes, and learn at your own pace because practice quizzes are untimed. You may retake these as often as you would like at any point in the course. You are encouraged to read the feedback, review your answer choices, and compare them to the correct answers. With the feedback as your guide, you are encouraged to use these as opportunities to study for other assessments and tasks in the course. You may engage with your peers in the discussion forums to address questions, share resources and strategies, and provide feedback to help one another learn. If you have specific questions that you would like the instructor to consider addressing in the weekly Live Events, please indicate your request in your post.
Graded Quizzes: Timed graded quizzes are included at the end of several weeks when there is not an assignment or project present. They are designed to assess you on a given week’s content. Review the course outline closely. Graded quizzes typically include 10 multiple choice questions. You will have 45 minutes to complete each quiz. Once you open the quiz, your testing session begins, and you must complete it in a single session. You will be allowed one (1) attempt to take and complete each quiz. There is a 12% grade penalty for each day late past the deadline. For academic integrity purposes, the exact answers will not be shared, which includes which questions students got correct and incorrect.
Practice Exams: Our goal is to prepare you for the timed, proctored final exam experience. To do this, we have designed the practice exam questions so they follow the same question style used in Exam 1 and Exam 2. You may engage with your peers in the discussion forums to address questions, share resources and strategies, and provide feedback to help one another learn. If you have specific questions that you would like to be considered to be addressed in the weekly Live Events, please indicate your request in your post.
Practice Exam Details
● Single-answer, multiple choice questions
● Unlimited time
● Unlimited number of attempts
● Full feedback
Proctored Exams: You will have two (2) timed, proctored exams. No late exams will be permitted and will result in an automatic score of 0 points. For academic integrity purposes, the exact answers will not be shared, which includes which questions students got correct and incorrect.
Exam 1 Details
● Content covered: Weeks 1, 2, 3, and 4
● Question type(s): single answer, multiple-choice questions
● Availability: 12:01AM AZ Time on Monday, November 9, 2020 - Sunday, November 15, 2020 at 11:59 PM AZ Time
● Time: 2 hours = 120 minutes
● Attempts: You will be allowed one (1) attempt to take and complete the exam. Once you open the exam, your testing session begins and you must complete it in a single session.
● Proctoring: You need to set up your proctoring at least 72 hours prior to the exam. Due to high-volume testing windows, you are strongly encouraged to schedule by Sunday, October 18, 2020. ProctorU is an online proctoring service that allows students to take exams online while ensuring the integrity of the exam for the institution. Additional information and instructions are provided in the Welcome and Start Here section of the course. The exam proctor will input the exam password.
Exam 2 Details
● Content covered: Weeks 5, 6, and 7
● Question type(s): single answer, multiple-choice questions
● Availability: 12:01AM AZ Time on Monday, November 30, 2020 - Sunday, December 6, 2020 at 11:59 PM AZ Time
● Time: 2 hours = 120 minutes
● Attempts: You will be allowed one (1) attempt to take and complete the exam. Once you open the exam, your testing session begins and you must complete it in a single session.
● Proctoring: You need to set up your proctoring at least 72 hours prior to the exam. Even though this exam is much later in the semester, due to high-volume testing windows, you are strongly encouraged to schedule by Sunday, October 18, 2020. There is no penalty if you have to schedule later. ProctorU is an online proctoring service that allows students to take exams online while ensuring the integrity of the exam for the institution. Additional information and instructions are provided in the Welcome and Start Here section of the course. The exam proctor will input the exam password.
Exam 1 and 2 Allowances: Both exams are closed resource exams. No materials, resources, technologies, or communication is permitted during the exams.
● Hardcopy and/or digital books and/or reference materials (all): None
● Calculators (all): None (calculations may be achieved by hand)
● Notes in any format of any kind (all): None
● Web (all): None
● Software (all): None and all virtual machines must be closed prior to starting proctoring
● Other technologies, devices, and means of communication (all): None
● Scratch paper, whiteboard, and writing utensils: unlimited amount of blank scratch paper, writing utensils (e.g., pens, pencils, markers, and/or highlighters; please have extra ones should you run out of ink, the pencil breaks, etc.), and eraser(s). If using a whiteboard, students may have erasable whiteboard markers and what is needed to erase writing on the whiteboard.
● Other: Students are to independently take the exam in a single session without leaving the testing space (e.g., no bathroom breaks) to ensure proctoring of the entire session.
Assignments and Projects: This course includes six (6) individual assignments and one (1) project. All are provided to students in the first week of the course, so you can review what is expected and design your own learning schedules to complete these on time. They will be re-introduced in the week each is due. A submission area is provided at the end of each week they are due. Review the Technology Requirements for this course to ensure you have what is needed to complete the assignments and project. Assignments and the project may be submitted an unlimited number of times. There is an automatic 6% grade penalty for each day late.
List of Assignments and Project
● Week 3 Assignment: Caesar Cipher
● Week 3 Assignment: Esper Cipher
● Week 4 Assignment: UDP Spoofing
● Week 4 Assignment: TCP Spoofing
● Week 5 Assignment: Pwn Them All
● Week 6 Project: Fuzz Them All
● Week 6 Assignment: Finding Crashes
Course Grade Breakdown
|
Course Work |
Quantity |
Percentage of
Grade |
|
Individual,
Timed Quizzes 3 |
3 |
8% |
|
Individual
Assignments 6 50% |
6 |
50% |
|
Individual
Project* |
30% |
30% |
|
Individual,
Timed, Proctored Exam 1 |
1 |
6% |
|
Individual,
Timed, Proctored Exam 2 |
1 |
6% |
*This is an MCS Portfolio eligible course.
Grade Scale
NOTE: You must earn a cumulative grade of 70% to earn a "C" in this course
|
A+ |
97% - 100% |
|
A - |
90% - 96% |
|
B+ |
87% - 89% |
|
B |
80% - 86% |
|
C+ |
77% - 79% |
|
C |
70% - 76% |
|
D |
60% - 69% |
|
E |
<60% |
|
Week # and
Name |
Begin Date
12:01 AM AZ Time |
End Date
11:59 PM AZ Time |
|
Week 1:
Foundations of Information Assurance and Security |
Monday,
October 12, 2020 |
Sunday,
October 18, 2020 |
|
Week 2:
Physical Security, Personnel Security, Authentication, and Access Control |
Monday,
October 19, 2020 |
Sunday,
October 25, 2020 |
|
Week 3:
Cryptography |
Monday,
October 26, 2020 |
Sunday,
November 1, 2020 |
|
Week 4: IA in
Information Systems |
Monday,
November 2, 2020 |
Sunday,
November 8, 2020 |
|
Exam 1 |
Monday,
November 9, 2020 |
Sunday,
November 15, 2020 |
|
Week 5: Web
Security |
Monday,
November 9, 2020 |
Sunday,
November 15, 2020 |
|
Week 6:
Software Security |
Monday,
November 16, 2020 |
Sunday,
November 22, 2020 |
|
Week 7:
Privacy and Ethical Issues |
Monday,
November 23, 2020 |
Sunday,
November 29, 2020 |
|
Exam 2 |
Monday,
November 30, 2020 |
Sunday,
December 6, 2020 |
Week 5: Web Security
Lesson 1: Web Security Overview
Lesson 2: HTML
Lesson 3: Common Vulnerabilities in Web Applications
Lesson 4: Phishing
Lesson 5: Vulnerability Discovery
Assignments
❏ Pwn Them All (Due by Sunday, November 15, 2020 at 11:59 PM AZ Time) 6% grade penalty for each day past the deadline.
Exam 1
Available from Monday, November 9, 2020 at 12:01AM AZ Time - Sunday, November 15, 2020 at 11:59PM AZ Time 100% grade penalty for each day past the deadline.
No late exams accepted.
For academic integrity purposes, the exact answers will not be shared, which includes which questions students got correct and incorrect.
Week 6: Software Security
Lesson 1: Software Security Overview
Lesson 2: Common Vulnerabilities in Software
Lesson 3: Memory Model, X86-64 Assembly Language, and Debugging
Lesson 4: Buffer Overflows
Lesson 5: Vulnerability discovery
Assignments
❏ Fuzz Them All (Due by Sunday, November 22, 2020 at 11:59 PM AZ Time) 6% grade penalty for each day past the deadline.
❏ Finding Crashes (Due by Sunday, November 22, 2020 at 11:59 PM AZ Time) 6% grade penalty for each day past the deadline.
Week 7: Privacy, IA Management, and Ethical Issues
Lesson 1: Privacy and Social Networks
Lesson 2: Ethical Hacking
Assignments
❏ Practice Quiz
❏ Graded Quiz (Due by Sunday, November 29, 2020 at 11:59 PM AZ time) 12% grade penalty for each day past the deadline. For academic integrity purposes, the exact answers will not be shared, which includes which questions students got correct and incorrect.
❏ Optional: Portfolio Inclusion Report for ASU MCS Degree
❏ Course Survey
Exam 2
❏ Practice Exam 2
❏ Exam 2 (Available from Monday, November 30, 2020 at 12:01AM AZ Time - Sunday,
December 6, 2020 at 11:59PM AZ Time) No late exams accepted. 100% grade penalty. For academic integrity purposes, the exact answers will not be shared, which includes which questions students got correct and incorrect.
Policies
All ASU and Coursera policies will be enforced during this course. For policy details, please consult the MCS Graduate Handbook and the MCS Onboarding Course.
Absence Policies
There are no required or mandatory attendance events in this online course. Live Events, both Live Sessions hosted by the faculty and Virtual Office Hours hosted by the course team do not take attendance.
Students are to complete all graded coursework (e.g., assignments, project, and exams). If exceptions for graded coursework deadlines need to be made for excused absences, please reach out to the course team by Sunday, October 18, 2020 using the mcsonline@asu.edu email address (these need to be built into the course). Review the exam availability windows and schedule accordingly. The exam availability windows allow for your own flexibility and you are expected to plan ahead. Personal travel does not qualify as an excused absence and does not guarantee an exception.
Review the resources for what qualifies as an excused absence and review the late penalties in the Assignment Deadlines section of the syllabus and the course: a. Excused absences related to religious observances/practices that are in accord with ACD 304–04, “Accommodation for Religious Practices” b. Excused absences related to university sanctioned events/activities that are in accord with ACD 304–02, “Missed Classes Due to University-Sanctioned Activities” c. Excused absences related to missed class due to military line-of-duty activities that are in accord with ACD 304–11, “Missed Class Due to Military Line-of-Duty Activities,” and SSM 201–18, “Accommodating Active Duty Military”
Policy Regarding Expected Course Behavior
The aim of education is the intellectual, personal, social, and ethical development of the individual. The educational process is ideally conducted in an environment that encourages reasoned discourse, intellectual honesty, openness to constructive change, and respect for the rights of all individuals. Self-discipline and a respect for the rights of others in the university community are necessary for the fulfillment of such goals. An instructor may withdraw a student from a course with a mark of “W” or “E” or employ other interventions when the student’s behavior disrupts the educational process. For more information, review SSM 201–10.
If you identify something as unacceptable classroom behavior on the class platform (e.g., Coursera discussion forum) or communication channels (e.g., Zoom, virtual live session, virtual office hours, Slack, etc.), please notify the course team using the mcsonline@asu.edu email. In the discussion forums, you can also flag the post for our attention. For more specifics on appropriate participation, please review our Netiquette infographic.
Our classroom community rules are to:
● Be professional
● Be positive
● Be polite
● Be proactive
Academic Integrity
Students in this class must adhere to ASU’s academic integrity policy, which can be found at https://provost.asu.edu/academic-integrity/policy. Students are responsible for reviewing this policy and understanding each of the areas in which academic dishonesty can occur. In addition, all engineering students are expected to adhere to both the ASU Academic Integrity Honor Code and the Fulton Schools of Engineering Honor Code. All academic integrity violations will be reported to the Fulton Schools of Engineering Academic Integrity Office (AIO). The AIO maintains a record of all violations and has access to academic integrity violations committed in all other ASU colleges/schools.
Specific academic integrity announcements for this class: Security is a field that honors integrity to the maximum extent. As an introductory course to security, this course has a zero-tolerance policy towards academic integrity violations. Any academic integrity violations will lead to a failure of this course (no refunds) with a failing grade (F), and the violation will be reported to the university.
Copyright
All course content and materials, including lectures (Zoom recorded lectures included), are copyrighted materials and students may not share outside the class, upload to online websites not approved by the instructor, sell, or distribute course content or notes taken during the conduct of the course (see ACD 304–06, “Commercial Note Taking Services” and ABOR Policy 5-308 F.14 for more information).
You must refrain from uploading to any course shell, discussion board, or website used by the course instructor or other course forum, material that is not the student's original work, unless the students first comply with all applicable copyright laws; faculty members reserve the right to delete materials on the grounds of suspected copyright infringement.
Policy Against Threatening Behavior (SSM 104-02)
Students, faculty, staff, and other individuals do not have an unqualified right of access to university grounds, property, or services. Interfering with the peaceful conduct of university-related business or activities or remaining on campus grounds after a request to leave may be considered a crime. All incidents and allegations of violent or threatening conduct by an ASU student (whether on- or off-campus) must be reported to the ASU Police Department (ASU PD) and the Office of the Dean of Students.
Disability Accommodations
Suitable accommodations will be made for students having disabilities. Students needing accommodations must register with the ASU Student Accessibility and Inclusive Learning Services and provide documentation of that registration to the instructor. Students should communicate the need for an accommodation in sufficient time for it to be properly arranged. See ACD 304-08 Classroom and Testing Accommodations for Students with Disabilities.
Harassment and Sexual Discrimination
Arizona State University is committed to providing an environment free of discrimination, harassment, or retaliation for the entire university community, including all students, faculty members, staff employees, and guests. ASU expressly prohibits discrimination, harassment, and retaliation by employees, students, contractors, or agents of the university based on any protected status: race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity, and genetic information.
Title IX is a federal law that provides that no person be excluded on the basis of sex from participation in, be denied benefits of, or be subjected to discrimination under any education program or activity. Both Title IX and university policy make clear that sexual violence and harassment based on sex is prohibited. An individual who believes they have been subjected to sexual violence or harassed on the basis of sex can seek support, including counseling and academic support, from the university. If you or someone you know has been harassed on the basis of sex or sexually assaulted, you can find information and resources at https://sexualviolenceprevention.asu.edu/faqs.
Mandated sexual harassment reporter: As a mandated reporter, I am obligated to report any information I become aware of regarding alleged acts of sexual discrimination, including sexual violence and dating violence. ASU Counseling Services, https://eoss.asu.edu/counseling, is available if you wish to discuss any concerns confidentially and privately.
Contact Information
Please contact the course team using the discussion forums present in the course or using mcsonline@asu.edu.
Course Faculty
Dr. Ruoyu “Fish” Wang designed this course.
Dr. Ruoyu "Fish" Wang is an Assistant Professor in the School of Computing, Informatics, and Decision Systems Engineering at Arizona State University. He received his Ph.D. degree from the Department of Computer Science at the University of California, Santa Barbara in 2018 and his Bachelor's degree in Computer Software at Tsinghua University in 2013. Dr. Wang's research focuses on system security, especially on automated binary program analysis and reverse engineering of software. As part of his research, Dr. Wang co-founded the binary analysis platform, angr. Besides research, Dr. Wang plays many CTFs and is a core member of the CTF team Shellphish and pwndevils. Dr. Wang was a core member of the CGC team Shellphish CGC, with whom he won third place in the Final Event of the DARPA Cyber Grand Challenge in 2016.
0 comments:
Post a Comment