CS 335 - CYBERSECURITY

Spring 2024

Class times:

Section 101, T/Th 6:00PM - 7:15PM in KEC 123

Staff:

Instructor Email Office hours (KEC 123)

Galin Zhelezov gzhelezo at ycp dot edu After class or by appointment

Instructor	Email	Office hours (KEC 123)
Galin Zhelezov	gzhelezo at ycp dot edu	After class or by appointment

Course Description

The course covers a survey of various cyber security attacks and countermeasures used in network, web, database and application-level security. Topics include operating systems security, network security, web security, covert channels, and static/dynamic code analysis. Lab exercises and projects provide hands-on experience in understanding cyber security attacks and countermeasures. These include Cross-site scripting, SQL injection, Buffer Overflow, TCP/IP attacks, Web tracking, and ethical hacking. The course highlights hands-on-approach, and requires students to conduct a series of lab exercises. Through these labs, students can enhance their understanding of the principles, and be able to apply those principles to solve real problems.

Prerequisites

CS320 and CS330 with a grade of 2.0 or higher or IFS225, IFS230 and IFS320 with a grade of 2.0 or higher

Required Textbook

Wenliang Du, Computer & Internet Security: A Hands-on Approach. Wenliang Du; 2 edition, 2019, ISBN-13: 978-1733003926.

Course Structure and Expectations

Class meetings will be primarily discussion of questions related to the topic and/or working on corresponding lab exercises which are designed to illustrate the concepts from the lecture notes. Thus you should come to each class meeting prepared to work on the lab with any questions on the material. A series of homework assignments that will consist of both written and programming parts and will be assigned at approximately 1-2 week intervals, to be completed individually.

A special thanks goes to Prof. Wenliang Du for his contributions on the SEED security labs that will be adopted in our course projects.

There’s an old saying, usually attributed to Confucius, that goes something like “Give a man a fish, and you’ll feed him for a day. Teach a man to fish, and you’ve fed him for a lifetime”. You will only get as much out of this course as you choose to put into it. Since we will be covering a significant amount of material in the course at a rapid pace, it is imperative that you keep up by participating in the class meetings. You must have completed the lab activities up to and including the one for the current class meeting in order to receive assistance on the current programming assignment. The best way to learn about Cybersecurity is to practice. Our class meetings will be very hands on and interactive, so you will need to attend every session on time, having gone over any suggested readings, topics and applications, and respectfully participate in all class activities. To achieve the course objectives, you must take responsibility for your own learning and participate as an active learner.

Learning Outcomes

By the end of this course, you will be able to:

Know the various cyber security threats to networks, operating systems, web, database, and software applications
Demonstrate various cyber security ethical hacking techniques
Familiarize yourself with automated tools to analyze computer networks and applications for cyber security weaknesses
Understand various types of malware that can affect computer systems
Know techniques how attackers conduct various network, Web and application attacks
Understand countermeasures against network, operating systems, web and software applications threats and attacks
Conduct code analysis to determine security flaws and weaknesses in software

Policies

Grades

Grades are assigned on a 100-point scale:

Numeric Range Letter Grade

90-100 A (4.0)

87-90 B+ (3.5)

80-87 B (3.0)

77-80 C+ (2.5)

70-77 C (2.0)

60-70 D (1.0)

0-60 F (0.0)

Numeric Range	Letter Grade
90-100	A (4.0)
87-90	B+ (3.5)
80-87	B (3.0)
77-80	C+ (2.5)
70-77	C (2.0)
60-70	D (1.0)
0-60	F (0.0)

Your overall grade for the course will be determined as follows:

Labs and assignments: 30% (†)
2 Quizzes: 40%
Final project: 20% (†)
Attendance and participation: 10%

(†) You must make a good faith effort to complete all of the assignments and projects in order to pass the course. Failure to complete all assignments and projects is grounds for receiving a reduced or failing grade for the course.

Course website

Please check the course web page, https://ycpcs.github.io/cs335-spring2024/, regularly for important announcements.

Reading assignments

Readings from your text book will be assigned throughout the semester. You will find the readings listed in the Course Schedule. You are encouraged to read the scheduled material before coming to class.

Homework and Lab Assignments

Homework assignments will be based on the lab activities performed during class and may include both written and programming components. Collaboration on homework assignments is encouraged, but each student must submit their own assignment solutions that demonstrate their understanding of the material.

All homework assignments will be submitted as a single .pdf to https://cs.ycp.edu/marmoset/. If you have handwritten solutions, PLEASE USE A SCANNER APP to generate the .pdf. You are responsible for ensuring your submission and screenshots are legible.

Late assignments will be marked down 20% per day late. No credit will be given for assignments that are more than three (3) days late.

Any Programing assignments will be graded based on the following criteria:

4: Superior. The program extends the basic requirements significantly by implementing additional graphical features covered in the text and other resources.

3-3.5: Good. The program goes beyond the basic requirements by embellishing the final output using techniques discussed in class.

2-2.5: Average. The program meets only the basic requirements of the assignment.

1: Below Average. The program produces mostly incorrect output or shows little attempt at a solution to the problem.

0: Failure. The program does not execute.

Final Project

The project will be on a topic of interest not covered in class. The intent of the final project is to provide an opportunity for the student to investigate a particular issue of interest in greater depth. There will be periodic milestones throughout the semester to encourage you to start early and make continuous progress as new material is covered. There will be a final demonstration of your project during the final exam period to highlight all the functionality present.

Posting and submission of assignments and labs

Assignments and labs will be posted on the course web page, https://ycpcs.github.io/cs335-spring2024. Assignments and labs will be submitted using the server https://cs.ycp.edu/marmoset/. You will receive an email containing the username and password you will use for this server.

Quizzes

Quizzes will be open-book, closed-notes. They will last approximately 60 minutes and will be administered at the beginning of the class period.

Quizzes may include a programming component. The second half of the class may be used for instruction and/or laboratory work. A total of two quizzes will be administered.

No make-up quiz will be given without approval of the instructor prior to class unless proof of extreme emergency or illness is provided.

Data collection statement

As part of the regular ABET accreditation process for the undergraduate programs in computer science, we will be collecting samples of students’ work in each of our undergraduate classes. As a result, some of your labs, assignments and exams may be used to present to the ABET evaluators.

Academic Integrity

York College’s mission statement stipulates that strict adherence to principles of academic honesty is expected of all students. Therefore, academic dishonesty will not be tolerated at York College. Academic dishonesty refers to actions such as, but not limited to, cheating, plagiarism, fabricating research, falsifying academic documents, etc., and includes all situations where students make use of the work of others and claim such work as their own.

The following policy pertains to homework and graded (individual) Lab assignments:

All graded (individual) assignments are to be completed individually. I encourage you to discuss high level concepts with other students, but any work you submit must be yours alone.

Direct copying of code or other work from other students, web sites, or other sources is absolutely forbidden under any circumstances.

Any sources (books, websites, articles, fellow students, etc.), except for the course textbook and lecture notes, that you consult in completing an assignment must be properly acknowledged. In general, I strongly discourage you from using any resource not explicitly listed in the course syllabus or on the course web page. When you work on a programming assignment, it must be your program, not your adaptation of someone else’s program.

There may be some non-graded lab assignments (I will precisely stress that) - therefore, you may work with other students on them. However, I do expect you to complete them. You are encouraged to utilize the class time to work on the labs and ask any questions about them.

When a faculty member believes a student has committed an act of academic dishonesty, the faculty member must inform the student in writing and then has ten business days from that written notification to the student to report the incident to the Dean of Academic Affairs and the Department Chair. Documentation related to instances of academic dishonesty will be kept on file in the student’s permanent record. If the academic dishonesty is the student’s first offense, the faculty member will have the discretion to decide on a suitable sanction up to a grade of 0 for the course. Students are not permitted to withdraw from a course in which they have been accused of academic dishonesty.

Attendance and Participation

I expect you to attend class and participate regularly in class activities. If you miss a class, please notify me in advance. You are responsible for all material covered in class, regardless of whether or not you were present. If you attend and participate in class regularly, you can expect to receive full credit for attendance and participation. Frequent absence and/or lack of participation will reduce the credit you receive for attendance and participation. You are responsible for keeping up with the reading assignments as described in the course schedule.

Professionalism

I expect you to conduct yourself as a professional in this course. Professionalism includes:

Respect for and courteous interaction with peers, faculty and facilities;
Integrity, which includes at its core honesty, responsibility and accountability for one’s own actions;
Sensitivity and appreciation for diverse cultures, backgrounds, and life experiences;
Constructive evaluation, which means that criticism is offered and accepted in a productive manner;
Self-reflection and identification of one’s own strengths and weaknesses;
Responsibility for one’s own education and learning;
An attitude that fosters professional behavior in colleagues and peers;
Punctuality at meetings and class sessions;
Attentive behavior during class sessions, avoiding personal or social use of cell phones, laptops, or other electronic devices;
Acknowledgement of the Kinsley Engineering Center as a professional workplace, and treatment of this facility as a business or office space, not as an informal space.

I reserve the right to enforce this code through the York College Code of Student Conduct.

Academic Integrity Policy (Philosophy Statement)

York College of Pennsylvania, as an institution of higher education, serves to promote and sustain the creation, acquisition, and dissemination of knowledge. In order to fulfill this purpose, an environment of integrity, dependability and honesty must be maintained by all members of the York College community. Without a foundation based on intellectual honesty and integrity, the very ability to uphold the academic endeavors that York College strives to pursue is inhibited. The Spartan Oath embodies the expectation that all members of the York College community foster an environment of integrity and responsibility. Recognize that adhering to an ethical standard of honesty leads to professional, mature and responsible citizens, and enables society at large to trust our scholarship, research, and conferred degrees. Thus, each member of the York College community must be truthful, honest, personally and professionally responsible, and respect the intellectual contributions of others.

The following policy pertains to all graded work in this course:

All graded (individual) assignments are to be completed individually. I encourage you to discuss high level concepts with other students, but any work you submit must be yours alone.

Direct copying of solutions or work from other students, web sites, or other sources is absolutely forbidden under any circumstances.

Any sources (books, websites, articles, fellow students, etc.), except for the course textbook and lecture notes, that you consult in completing an assignment must be properly acknowledged. In general, I strongly discourage you from using any resource not explicitly listed in the course syllabus or on the course web page but rather asking the instructor for assistance.

Exams must be completed individually using only the resources from the course.

You may work with other students on labs. However, we do expect you to complete and submit them, and they count towards your participation grade: see “Lab Policy” below.

Definition of Academic Dishonesty

Engaging in academic dishonesty is a violation of the school’s academic integrity policy and is not tolerated at York College. Examples of academic dishonesty include, but are not limited to, cheating on assignments or examinations, plagiarism (i.e. passing someone else’s words or ideas off as one’s own without proper attribution), improper paraphrasing, fabricating research, falsifying academic documents, handing in material completed for another course, and submitting work not done independently (unless part of an explicitly collaborative project).

Academic Integrity Procedure – Reporting

When a faculty member believes a student has violated the Academic Integrity Policy, the faculty member is encouraged to discuss the incident in person with the student promptly, identifying the sanction he or she is going to apply. The faculty member should then reiterate the charge and sanction in writing to the student.
The faculty member has full discretion to determine a suitable sanction, such as a “0” on the assignment in question, up to a course grade of “0”. In the case of an egregious first offense, the faculty member may request that the Student Welfare Committee conduct a hearing and determine a sanction, which may involve academic probation, suspension, or dismissal from the College.
The faculty member has ten days from the written notification to the student to report the incident to the Department Chair and Associate Provost of Academic Services. The faculty member must submit as part of the report: 1) a detailed description of the incident, 2) a course syllabus, 3) an assignment sheet or assignment instructions, 4) the assignment in question, and 5) supporting documentation, such as copied material. The documentation will be kept on file in the student’s permanent record.
Students cannot withdraw from a course in which they have been accused of academic dishonesty, until the accusation is withdrawn by the faculty member, or is overturned by the Student Welfare Committee or the Associate Provost of Academic Services. Academic Integrity Procedure – Appeals
Students who believe they have been unjustly charged or sanctioned have ten days after receiving written notification from their instructor regarding the incident to file an appeal with the Student Welfare Committee by submitting a formal letter to the Associate Provost of Academic Services.
If an appeal is filed, the Student Welfare Committee will schedule a hearing which includes inviting the student and faculty member to attend to provide additional information or clarity regarding the incident. The Student Welfare Committee will then review the charge and/or sanction.
If the Associate Provost of Academic Services determines that the incident of academic dishonesty is the student’s second or subsequent offense, he or she will provide written documentation to the student, faculty member, and Department Chair. The Student Welfare Committee will automatically conduct a hearing to review the charge and decide on an appropriate sanction: academic probation, suspension or dismissal from the College.
Academic Services will receive written notification of the Student Welfare Committee’s decision. Students who are unsatisfied with the decision may submit a second and final written appeal to the Associate Provost of Academic Services within 72 hours of receiving notification of the Student Welfare Committee’s decision. All decisions made by the Associate Provost of Academic Services will be final.

Use of Personal Technology in the Classroom

While York College recognizes students’ need for educational and emergency-related technological devices such as laptops, PDAs, cellular phones, etc., using them unethically or recreationally during class time is never appropriate. The college recognizes and supports faculty members’ authority to regulate in their classrooms student use of all electronic devices.

Communication Standards

York College recognizes the importance of effective communication in all disciplines and careers. Therefore, students are expected to competently analyze, synthesize, organize, and articulate course material in papers, examinations and presentations. In addition, students should know and use communication skills current to their field of study, recognize the need for revision as part of their writing process, and employ standard conventions of English usage in both writing and speaking. Students may be asked to further revise assignments that do not demonstrate effective use of these communication skills.

Auditing

I expect some effort and commitment from students auditing the course. Therefore I require that you appear for all the labs and exams in the course. You are not required to turn in the programming assignments. Of course, you are welcome to do more, but you must meet this minimum requirement.

Student Accessibility Services

In accordance with the provisions of Section 504 of the Rehabilitation Act of 1973, and the Americans with Disabilities Act of 1990, York College and its faculty are obliged to make reasonable classroom and physical accommodations for students with disabilities. If you are a student with a disability in need of classroom accommodations and have not already registered with Student Accessibility Services, please see the SAS webpage for more information and to complete the online form to apply for accommodations. You may also contact sas@ycp.edu to establish the accommodations for which you are eligible.

Advice

Don’t wait until the last minute to start labs and assignments! They can be time-consuming. Pace yourself. Students who procrastinate generally suffer.
Ask the questions you have.
Participate actively in discussions! Don’t use slides to answer questions during class.

Disclaimer

The instructor reserves the right to modify all policies within this syllabus including, but not limited to, number of assignments, weighting of assignments, and homework policies. Any significant changes will be announced to all students via Canvas.

CS 335: Syllabus