Physical Office: Room 217, Davis Marksbury Building (859-218-0299)
Office Hours: Schedule appointment at http://drcheung.youcanbook.me
This course focuses on technologies in protecting infrastructure, networks, programs, and data from unintended or unauthorized access, change, or destruction. It provides a survey of latest developments in cyber-security through study of theoretical foundation and hands-on practical implementation. Topics include basic security technology, cryptography, security management, risk assessment, operations and physical security, software and network security, as well as ethical and legal issues.
This course is suitable as an elective for electrical engineering, computer engineering or computer science seniors and graduate students. Good working knowledge of the following courses or equivalent is required:
- CS 270 System Programming
- EE 380 Computer Organization
- Java Programming Language
In addition, some background in the following topics would be helpful:
- Basic knowledge of computer networking
- Linux Environment and shell scripting language
Student Learning Outcomes:
A student who has successfully completed this course should be able to:
- Analyze different aspects of a cyber-security management strategy
- Evaluate risks and countermeasures for different cyber-systems
- Analyze different methods of attacking and defending cyber-systems
- Apply basic cryptographic primitives in designing secure protocols
- Analyze network security and construct firewalls in defending network attacks
- Explain the legal and ethical issues of cyber-security
- Stallings and Brown. Computer security: principles and practice, fourth edition, Pearson, 2018 (required, third edition acceptable)
- Loukas. Cyber-Phyiscal Attacks: A Growing Invisible Threat, Butterworth-Heinemann, 2015 (required)
- Narayanan et. al. Bitcoin and Cybercurrency Technologies, Princeton University Press, 2016 (optional)
- Selected papers provided by the instructor.
- Access to a windows based laptop
- Access to the DeterLab testbed for security experimentation. The DeterLab testbed is a general-purpose experimental infrastructure that supports research and development of next-generation cyber security technologies. We will setup accounts on the DeterLab network for you. For this purpose, your names and email addresses (firstname.lastname@example.org) will be forwarded to the DeterLab administrator.
- Homework and Laboratory Exercises: They will be assigned roughly every 1.5 week. Except for lab 1, all assignments are for a team of at most two students. While we will discuss homework in class, each team must do his or her homework. Late homework will not be accepted without prior notice.
- Midterm and Final: Online closed-book exams in the style of CISSP (Certified Information Systems Security Professional) certification.
- Final Competition: The class will be divided into 4-5 teams and each team will compete with each other in a "capture-the-flag" style competition, usually involving attacking or protecting certain network asset. The competition will be conducted during the time slot for final examination. The winning team will be awarded with a small trophy and all team members will receive bonus points. The performance is graded based on participation and a detailed report on strategies and techniques during preparation stage.
Expectations for graduate students beyond the expectations for undergraduates:
An additional final research paper on an instructor-approved topic is required of all graduate students taking this course. Undergraduate students are encouraged to try them for extra credit. As graduate students are required to have more assignments, each assignment will carry a smaller weight compared to undergraduate students.
Grading scale for undergraduates: 90-100% = A, 80-89% = B, 70-79% = C, 60-69% = D, below 60% = E
Grading scale for graduate students (no D): 90-100% = A, 80-89% = B, 70-79% = C, below 70%= E