Beruflich Dokumente
Kultur Dokumente
MGT5156|Term:Summer12016
StudentAccess:5.2.201612:00AMEDT6.26.201611:59PMEDT|Section:1
PrintOutline
Syllabus Entry
Instructor Email
YourinstructorsFloridaTechemailaddressislistedhere,butpleaseusetheusethecoursemessagingsystem
forcourserelatedmessages.
Instructor
LouayKaradsheh
E-mail
lkaradsheh@fit.edu
Quality
EquivalentRange
Points
excellent
90100
good
8089
average
7079
poor
6069
failure
059
incompletecoursework
auditnograde
pass,noeffectonGPA
officialwithdrawal
AU
Attendance
Attendanceisrequiredonaweeklybasis.Studentsareexpectedtoviewtheonlinelecturesintheweekthey
areoffered,andtologontothesiteoftenenoughtoremainabreastofthecommunicationontheMessageBoard
aswellasanyClassNewsorinformationfromtheProfessor.Itistheresponsibilityofthestudenttobeawareof
everythinghappeningintheclassonline.
Academic Honesty
AcademichonestyishighlyvaluedinFloridaTech'sonlinecourses.Thestudentmustalwayssubmitworkthat
representsoriginalwordsorideas.Ifanywordsorideasareusedthatdonotrepresentthoseoriginalwordsor
ideas,thestudentmustciteallrelevantsourcesandprovideacleardefinitionoftheextenttowhichsuch
sourceswereused.Wordsorideasthatrequirecitationinclude,butarenotlimitedtoallhardcopyorelectronic
publications,whethercopyrightedornot,andallverbalorvisualcommunicationwhenthecontentofsuch
communicationclearlyoriginatesfromanidentifiablesource.IntheFloridaTechonlinecourse,allsubmissions
toanypublicmeetingbulletinboardorprivatemailboxfallwithinthescopeofwordsandideasthatrequire
citationsifusedbysomeoneotherthantheoriginalauthor.Academicdishonestyinanonlinelearning
environmentcouldinvolve:
Havingatutororfriendcompleteaportionofthestudent'sassignments
Havingareviewermakeextensiverevisionstoanassignment
Copyingworksubmittedbyanotherstudenttoanotherpublicclassmeeting
Usinginformationfromonlineinformationserviceswithoutpropercitation
Anyofthesepracticescouldresultinchargesofacademicdishonesty.ForthecompleteFloridaTechpolicyon
academicdishonesty,cheatingandplagiarismseetheFloridaTechStudentHandbook:
http://www.fit.edu/studenthandbook/
Disaster Statement
SchoolClosure:
BothFloridaTechandtheUniversityAllianceobservenationalholidaysandstudentsarenotrequiredto
participateinclassesonsuchdays.InthecaseofanemergencyclosureofFloridaTechortheUniversity
Alliance,ifclassesarestillabletooperate,theywillcontinue.IntherarecasethattheLearningManagement
Systemisunavailableformaintenancereasons,classeswillresumeasquicklyaspossibleandstudentsshould
checktheUniversityAlliancewebsite(www.floridatechonline.com)regularlyforupdates
Naturaldisaster:
IfanaturaldisasterimpactstheMelbourne,FloridaareaallstudentsshouldchecktheFloridaTechwebsite
www.fit.eduorcall(800)8884348forupdates.
IntheeventthatanaturaldisasteroccursnearthestudentsresidencetheyshouldcontactCustomerService
at:18002809718atthesoonestopportunityandinformthemofthesituation.Theywillmaketheappropriate
contacttoinstructors.Finaldecisionsontheappropriatetimelinetocompletecourserequirementsareatthe
discretionoftheinstructor.
Course Withdrawal
Towithdrawpriortothestartofclass,youmustcontactyourUniversityAlliancerepresentative.Onceclass
begins,youmustwithdrawusingtheFloridaTech'sonlinestudentaccountsystem(PAWS).Ifyouareanew
student,PAWSaccessinformationwillbeprovidedpriortoclassstart.Youhavetheprerogativeofdroppinga
courseuntiltheendofthefirstweekofclasseswithoutreceivingagradeof"W".Afterthefirstweek,agradeof
"W"willbeassignedupuntilthefinalpublisheddateforwithdrawing(thelastdayofweeksix).Thatgradewillbe
reflectedonyourtranscript,butnotcalculatedintoyourgradepointaverage.Withdrawalsafterweeksixwill
resultinagradeof"F".Youareresponsibleformaintainingwrittenevidenceofalldrops/withdrawals.Telephone
andemaildrops/withdrawalswillnotbeaccepted.FollowingisatablethatclearlyoutlinesFloridaTech's
withdrawalandrefundpolicies:
WithdrawalPolicy/RefundChart
Week
WithdrawalPermitted
TuitionRefunded
Deadline
Yes
100%
BySundayat11:59PMET
Yes
60%
BySundayat11:59PMET
Yes
40%
BySundayat11:59PMET
Yes
NoRefund
BySundayat11:59PMET
Yes
NoRefund
BySundayat11:59PMET
Yes
NoRefund
BySundayat11:59PMET
No
NoRefundNoWithdrawal
No
NoRefundNoWithdrawal
PAWSisaccessiblethroughtheuniversityportalACCESSFloridaTech.TocontinuetoPAWSclickhere(opens
innewwindow)
Smarthinking
SMARTHINKING'sfundamentalobjectivesaretoengageandencouragestudentsinactivelearning,aswellas
toenhancetheirmotivation.Ourtutorsstrivetohelpstudentsdevelopsuccessfullearningskills,ratherthan
simply"givinganswers"or"doinghomework"forthem.Inaprofessionalandsupportiveenvironment,wefocus
onthepowerofhumaninteractionandtheuseoftechnologytoassistastudentcenteredtutoringprocess.
www.smarthinking.com
Course Introduction
CourseDescription
Exploressecurityrelatedaspectsofhostbasedcomputersecurity.Coverstheelementsofsystemsthatmake
themsecureorvulnerable,defensearchitectures,forensics,reverseengineering,metrics,virtualization,and
othertopics.Conveyskeyconceptsthroughhandsonexamples.
CourseObjectives
Aftercompletingthiscourse,studentsshouldbeableto:
Describehowhostandapplicationsecurityrelatesmoregenerallytocomputersecurity
Applysecurityconceptstothechallengeofprovidinghostandapplicationsecurity
Describethehostenvironmentandthewayapplicationsinteractwiththeunderlyinghostarchitecture
ApplybasicsecurityconceptstotheoperatingsysteminordertoevaluatethefunctionsprovidedbytheOS
fromasecurityperspective
Explainmalware,itsimplications,andremediationstrategies
Analyzethethreatofmaliciouscodeindifferentcontextsandapplythisevaluationtotheselectionof
remediationstrategies
AssesshowtheWebworksfromaclientperspectiveandapplythisknowledgetowebbasedsecurity
threatsfortheclient
Describecommonvulnerabilitytypesandapplyknowledgeoftheunderlyingarchitecturetoanalyzethe
dependenciesthatexistbetweenvulnerability,OS,andarchitecture
Explainsomeoftheimplicationsofthecloudandhostvirtualization
Applyconceptslearnedtoshapeandevaluatesecuritypoliciesinacorporateenvironment
Prerequisites
MGT5000,5002,5013,5014,5113,5114
CreditHours
3
Course Materials
TheArtofComputerVirusResearchandDefense,1sted.(2005).Szor,Peter.AddisonWesley.
Grading
Yourgradeinthiscoursewillbeourevaluationofyourperformance.Thisevaluationwillbebasedonyour
demonstratedcompetenceonassignmentsandexams.Theproportionalcontributionofeachwillbe:
Grading
Assignment
Points
ModuleAssignments(6@25)
150
ClassDiscussion(8@20)
160
Assignments(6@50)(1@60)
360
Exam#1(5modules)
130
Exam#2(11modules)
200
Total
1,000
GradingScale
PointRange
Grade
9001,000
880989
770879
660769
0659
Week
Module
Number
ModuleTitle
Introduction&
Overview
1
2
3a
2
3b
WhatIs
Security?
HowtheHost
Boots
Assignments
DiscussionTopics
Readpaper:"HowtoThinkAbout
Introduceyourself.
Security".
Whatarethe
Readstartofpaper:"A
implicationsof
MathematicalTheoryof
Shannon'sworkon
Communication".
security?
Module
Assignment
orExam
Module
Assignment1
on
terminology
Analyzethebootprocessand
lookforvulnerabilitiesread
Saltzer/Schroederpaper.
Synthesizetheinformation
shared.
Applicationsecurity
Module
Assignment2
ontheboot
process
CompareandcontrastLinux,iOS,
Discussopen
Module
Assignment3
HowtheOS
Works
andWindowswithrespectto
security.
Vulnerabilities
ReadSmashingtheStackfor
FunandProfitandThe
GeometryofInnocentFleshon
theBone.Usewhatyouhave
learnedtocreateanexploitfora
fileprovidedtoyou.
Malware
History
5
7
8
6
9a
9b
7
10
Computer
Viruses
VirusDefense
CaseStudy:
sourcevs.closed
sourceand
security.
onOS
security
features
DiscussROPand
codeinjection.
Exam1on
Modules15
Discusssomething
currentinmalware.
Module
Assignment4
onmalware
history
Discusshowtesting
ofantimalware
shouldbe
conducted.
Module
Assignment5
onviruses
anddetection
Discusswhether
desktop
virtualizationisa
panacea.
Module
Assignment6
onweb
vulnerabilities
Exam2on
entirecourse
Read"YourBotnetisMyBotnet".
Writeapolymorphic"HelloWorld"
generator.
Writeadetectorforthe
generators.
Web,Part1
ReadChromesecuritypaper.
CaseStudy:
WriteademonstrationofanXSS
Web,Part2
attack.
Virtualization
ReadIntelvirtualizationpaper.
Read"SoLongandThanksforAll
theExternalities".
8
11
Management
oftheHost
Comeupwithavulnerability
analysisofyourownhost,and
applythistoacompany.
ModuleAssignmentsandDiscussionTopics
Foreachmoduleorgroupofmodules,therewillbeamoduleassignmentusingessayquestionsthatcover
termsandconceptsfromthechapterassignedforthatmodule.YoumustuseAPAcitationsforanysources
used,includingthetextbook.ResponsesmustbesubmittedtotheDigitalDropBoxbySundayat11:59p.m.
EST.
Eachweek,therewillbeadiscussiontopicthatrelatestooneofthemodulescoveredthatweek.Studentswill
berequiredtopostoneoriginalcommentandalsoreplytoatleasttwootherstudentpostings.Theywillreceive
upto10pointsfortheoriginalpostingandupto10pointsforthefollowuppostings.Thesepointsarebasedon
thecontentandcontributionofthepost,notsimplyonitsexistence.
ForEACHdiscussionquestion,youmustprovideasubstantiveandrelevantresponse(atleast200words)
tothemainquestionANDtoatleasttwo(2)otherstudents'comments(atleast100wordseach)inthe
questionthread
Responsesthatreferenceexternalarticles,webpages,orbooksmustbecitedproperly
YourinitialpostshouldcontainatleastTWOexternalpeerreviewedsources(beyondthetextbook)
EACHresponsemustnotbebasedonopinion,butratherdemonstratethatyouhavesynthesizedthe
informationyouhavegatheredinordertocometoascholarlyconclusion.Youmustciteevidenceinthe
formofpeerreviewedliteraturetosupportyourconclusion
AllinformationmustbeparaphrasedfromtheoriginalsourceandmustusecitationsinAPAformatto
supporttheparaphrasedinformation
Important!Alackofparticipationinthediscussionboardbyotherstudentsshouldnotserveasahindrance
foryoutoparticipateindiscussion.Intheeventothershavenotengagedindiscussion,youstillneedto
posttherequirednumberofresponses
HomeworkAssignments
Papersshouldshowtheauthorandwheretheyareavailableonline
Assignmentswillbepostedonlineandsubmittedviathedigitaldropbox
Exams
Exam#1willconsistofessayquestionsandcoversModules15
Exam#2willconsistofessayquestionsandcoversallthematerialinthecourse
Examsshouldbetreatedlikeresearchpapers.Answersmustincludeproperlycitedreferences.
ResearchGuide
ToassistyouinutilizingtheFITLibrary,pleaseviewtheComputerScienceandInformationSystem's
"ResearchGuide".
Online Tutoring
Inadditiontoyourprofessorinthisclass,wehavemadearrangementsforyoutoaccessanonlinetutoring
serviceifyouwanttogetextrahelpwithmathandwriting.Whenyouclickonthelinkbelow,youwill
automaticallybeloggedintoawebsiteforthetutoringservice,offeredbySmarthinking.Noaccountsetupis
necessary,andthereisnoadditionalcosttoyouforthisservice.Youwillseeonthatpagethatyouhavethe
optiontoscheduleasessionwithatutor,submitaquestion,orsubmityourwritingforfeedback.
www.smarthinking.com
Week 1
Lecture
Introduction&Overview
Wewillidentifybasictermsusedthroughoutthiscourseanddiscusscoursegoals.
Reading
Read
HowtoThinkAboutSecurity,Whittaker&Ford,IEEESecurity&Privacy,2006
Discussion
Introduction
Pleasetakeamomenttointroduceyourselftoyourclassmates.
DiscussionGuidelines
Youcanearnupto20pointsforeachweeklydiscussionboard.Youmustprovideanoriginalresponseofyour
ownandatleasttworepliestoclassmates.
Initialpost(10points)
YouroriginalpostisduebyWednesdayat11:59p.m.ET
Replyposts(10points)
YourresponsesareduebySundayat11:59p.m.ET
What Is Security?
Aftercompletingthismodule,studentsshouldbeableto:
Recognizesecurityinthecontextofthehost/application
Explainthedifferencesbetweenconfidentialityandintegrity
Deducetheimpactofmalicewhenanalyzingasystem
Describesystemsfromtheperspectiveofanattacker
Lecture
WhatIsSecurity?
Analyzethedifferencesbetweenconfidentiality,availability,andintegrity,andevaluatesystemsfromthe
perspectiveofanattacker.
Reading
Read
First11pagesofAMathematicalTheoryofCommunication,Shannon,TheBellSystemTechnical
Journal,1948
Discussion
SecurityImplications
WhataretheimplicationsofShannonsworkonsecurity?
DiscussionGuidelines
Youcanearnupto20pointsforeachweeklydiscussionboard.Youmustprovideanoriginalresponseofyour
ownandatleasttworepliestoclassmates.
Initialpost(10points)
YouroriginalpostisduebyWednesdayat11:59p.m.ET
Replyposts(10points)
YourresponsesareduebySundayat11:59p.m.ET
Week 2
Lecture
TheHost,Part1:BootSequence
Weexplorehowthehost,CPU,assemblylanguage,physicalmemory,poweron,POST,andthebootsector
relatetooneanotherinabootsequence.
Lecture
TheHost,Part2
Identifythepartsofthebootingsequencethatarevulnerabletoattacks.
Reading
Read
Chapter4inTheArtofComputerVirusResearchandDefense,Szor,2005
TheProtectionofInformationinComputerSystems,Saltzer&Schroeder,1975
Assignment
Essay
Whatarethevulnerabilitiesinthebootprocess?Whatcananattackerexploit?
Guidelines
Youressayshouldinclude:
APAformatting:coverpage,referencespage,12pointTimesNewRoman,anddoublespacing
IncludeacoverpageformattedtoAPAspecifications
Includeareferencespageandatleasttworeferencesbeyondthecoursetextbook
Length:onetotwopages(doublespaced)
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DuebySaturday11:59p.m.ET
Plagiarism
Threecommontypesofplagiarismyouneedtobeawareofasastudent:
Recyclingapaperdoubledippingselfplagiarism:Reusingapaperyouhavewrittenforaprevious
course
Copyingdirectlyfromasourcewithoutproperquotationsorparaphrasing:Whenyoutrytopass
somethingoffasyourownwork
Notusingpropercitations
AccordingtotheAcademicIntegrityandAcademicDishonestyHandbook:
Yourpapershouldhaveatleast80%ofyourownoriginalthought,notborrowed,paraphrased[or]quotedfrom
materialpulledfromtheInternet,articles,journals,books,etc.Yourthoughts,notsomeoneelses!
PleasereviewtheHandbookformoreexamplesofplagiarismandhowtoavoidit.
Discussion
AnAttacker'sPerspective
Discusshowanattackerlooksatthesystem.
DiscussionGuidelines
Youcanearnupto20pointsforeachweeklydiscussionboard.Youmustprovideanoriginalresponseofyour
ownandatleasttworepliestoclassmates.
Initialpost(10points)
YouroriginalpostisduebyWednesdayat11:59p.m.ET
Replyposts(10points)
YourresponsesareduebySundayat11:59p.m.ET
Week 3
Lecture
OperatingSystemSecurity,Part1
Examinetheroleoftheoperatingsystemandconsiderhowitsprimaryservices,directaccess,andmemory
managementaffectsecurity.
Lecture
OperatingSystemSecurity,Part2
Identifythecapabilitiesandweaknessesofvarioustypesofaccesscontrolapproachesandmodels.
Reading
Read
Chapters2and3inTheArtofComputerVirusResearchandDefense,Szor,2005
Assignment
Essay
WriteanessaycontrastingthesecuritymodelsofLinux,iOS,andWindows.Whichismoresecureandwhy?
Guidelines
Youressayshouldinclude:
APAformatting:coverpage,referencespage,12pointTimesNewRoman,anddoublespacing
IncludeacoverpageformattedtoAPAspecifications
Includeareferencespageandatleasttworeferencesbeyondthecoursetextbook
Length:onetotwopages(doublespaced)
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DuebySaturday11:59p.m.ET
Plagiarism
Threecommontypesofplagiarismyouneedtobeawareofasastudent:
Recyclingapaperdoubledippingselfplagiarism:Reusingapaperyouhavewrittenforaprevious
course
Copyingdirectlyfromasourcewithoutproperquotationsorparaphrasing:Whenyoutrytopass
somethingoffasyourownwork
Notusingpropercitations
AccordingtotheAcademicIntegrityandAcademicDishonestyHandbook:
Yourpapershouldhaveatleast80%ofyourownoriginalthought,notborrowed,paraphrased[or]quotedfrom
materialpulledfromtheInternet,articles,journals,books,etc.Yourthoughts,notsomeoneelses!
PleasereviewtheHandbookformoreexamplesofplagiarismandhowtoavoidit.
Discussion
OpenSourcevs.ClosedSource
Discussopensourcevs.closedsourceandsecurity.
DiscussionGuidelines
Youcanearnupto20pointsforeachweeklydiscussionboard.Youmustprovideanoriginalresponseofyour
ownandatleasttworepliestoclassmates.
Initialpost(10points)
YouroriginalpostisduebyWednesdayat11:59p.m.ET
Replyposts(10points)
YourresponsesareduebySundayat11:59p.m.ET
ClicktheSubmitAssignmentbelowtouploadyourassignmenttotheDigitalDropBox
ModuleAssignmentduebySundayat11:59p.m.ET
Week 4
Vulnerabilities
Thisweek,weexplorecommonvulnerabilities,identifywaysacomputercanbebroken,andcompareand
contrastcodeanddataonmoderncomputers.
Aftercompletingthismodule,studentsshouldbeableto:
Listthedifferenttypesofvulnerabilitythatapplicationshave
Describehowabufferoverruncanbeexploited
Describehowreturnorientedprogrammingworks
Exploitdifferentvulnerabilities
Lecture
Vulnerabilities:HowThingsGoWrong,Part1
Howdoattackersexploitcomputervulnerabilities?Reviewescalationofprivilegeexamplesandconsiderrace
conditions,misconfigurations,designflaws,andconfuseddeputyproblems.
Lecture
Vulnerabilities:HowThingsGoWrong,Part2
Inthislecture,wediscussbinarycodeandcodeinjection.Wealsoidentifytypesofapplicationvulnerabilities
andhowastackbasedbufferoverruncanbeexploited.
Reading
Read
Chapter9inTheArtofComputerVirusResearchandDefense,Szor,2005
SmashingtheStackforFunandProfit,AlephOne,Phrack,1996
TheGeometryofInnocentFleshontheBone,Shacham,ACM,2007
Assignment
Essay
Describeindetailcodeinjectionattacksandthecountermeasuresthatexisttostopthem.Whatfuturesolutions
arethere?
Guidelines
Yourresponseshouldinclude:
APAformatting:coverpage,referencespage,12pointTimesNewRoman,anddoublespacing
IncludeacoverpageformattedtoAPAspecifications
Includeareferencespageandatleasttworeferencesbeyondthecoursetextbook
Length:onetotwopages(doublespaced)
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DuebySaturday11:59p.m.ET
Plagiarism
Threecommontypesofplagiarismyouneedtobeawareofasastudent:
Recyclingapaperdoubledippingselfplagiarism:Reusingapaperyouhavewrittenforaprevious
course
Copyingdirectlyfromasourcewithoutproperquotationsorparaphrasing:Whenyoutrytopass
somethingoffasyourownwork
Notusingpropercitations
AccordingtotheAcademicIntegrityandAcademicDishonestyHandbook:
Yourpapershouldhaveatleast80%ofyourownoriginalthought,notborrowed,paraphrased[or]quotedfrom
materialpulledfromtheInternet,articles,journals,books,etc.Yourthoughts,notsomeoneelses!
PleasereviewtheHandbookformoreexamplesofplagiarismandhowtoavoidit.
Discussion
ROPandCodeInjection
DiscussROPandcodeinjection.
DiscussionGuidelines
Youcanearnupto20pointsforeachweeklydiscussionboard.Youmustprovideanoriginalresponseofyour
ownandatleasttworepliestoclassmates.
Initialpost(10points)
YouroriginalpostisduebyWednesdayat11:59p.m.ET
Replyposts(10points)
YourresponsesareduebySundayat11:59p.m.ET
Midterm Exam
MidtermExam
ContainsmaterialsfromModules15
Thisexamcontainsfiveessayquestions
Answersmustincludeproperlycitedreferencesandshouldbetreatedlikearesearchpaper
Youhave3hourstocompleteyourexam
ExamduebySundayat11:59p.m.ET
Week 5
Malware History
Explorethehistoryandevolutionofmaliciouscodeandidentifysomeofthemorethreateningviruses,spyware,
worms,androotkitsthathavebeencreated.
Aftercompletingthismodule,studentsshouldbeableto:
Placecurrenteventsinmalwareintheirhistoricalperspective
Describetheevolutionofmalwarefromtheverybeginningoftheproblem
Lecture
MalwareHistory
Inordertograspthetrajectoryofmalware,weexploreitshistory.
Reading
Read
Chapter1inTheArtofComputerVirusResearchandDefense,Szor,2005
YourBotnetisMyBotnet:AnalysisofaBotnetTakeover,StoneGrossetal.,ACM,2009
Computer Viruses
Aftercompletingthismodule,studentsshouldbeableto:
Describehowbootviruseswork
Describehowparasiticfileviruseswork
Describehowstealthworksformalware
Describehowpolymorphismandmetamorphismwork
Lecture
ComputerViruses:TheArtoftheAttacker
Discoverthevarioustypesofviruses,andexaminetheprocessofoverwritingthem.
Assignment
Essay
Whatarethefinancialandothermodelswhichdrivemalware?Howdotheyimpactthetypesofmalwareseen?
Guidelines
Youressayshouldinclude:
APAformatting:coverpage,referencespage,12pointTimesNewRoman,anddoublespacing
IncludeacoverpageformattedtoAPAspecifications
Includeareferencespageandatleasttworeferencesbeyondthecoursetextbook
Length:onetotwopages(doublespaced)
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DuebySaturday11:59p.m.ET
Plagiarism
Threecommontypesofplagiarismyouneedtobeawareofasastudent:
Recyclingapaperdoubledippingselfplagiarism:Reusingapaperyouhavewrittenforaprevious
course
Copyingdirectlyfromasourcewithoutproperquotationsorparaphrasing:Whenyoutrytopass
somethingoffasyourownwork
Notusingpropercitations
AccordingtotheAcademicIntegrityandAcademicDishonestyHandbook:
Yourpapershouldhaveatleast80%ofyourownoriginalthought,notborrowed,paraphrased[or]quotedfrom
materialpulledfromtheInternet,articles,journals,books,etc.Yourthoughts,notsomeoneelses!
PleasereviewtheHandbookformoreexamplesofplagiarismandhowtoavoidit.
Discussion
CurrentEvents
Discusssomethingcurrentinmalware.
DiscussionGuidelines
Youcanearnupto20pointsforeachweeklydiscussionboard.Youmustprovideanoriginalresponseofyour
ownandatleasttworepliestoclassmates.
Initialpost(10points)
YouroriginalpostisduebyWednesdayat11:59p.m.ET
Replyposts(10points)
YourresponsesareduebySundayat11:59p.m.ET
Week 6
Virus Defense
HowdoestheWebreallywork?Howdohackersconcealtheirattacks,andhowcanapplicationsecuritydefend
againstthem?Weinvestigateactiveandpassivestealth,identifygenericapproachestodefenseandspecific
defensemechanisms,andexplorethesecondgenerationofvirusscanners.
Aftercompletingthismodule,studentsshouldbeableto:
Contrastbenefitsanddisadvantagesofdifferentprotectionschemes
Explainhowscannerswork
Explainhowstealthandpolymorphismimpactthedefender
Describeheuristics,checksumming,andgenericdetection
Lecture
VirusDefense
Contrastthebenefitsanddisadvantagesofdifferentprotectionschemes,andexamineheuristics,
checksumming,andgenericdetection.
Reading
Read
Chapters11and12inTheArtofComputerVirusResearchandDefense,Szor,2005
Assignment
Essay
Howdoesantimalwaresoftwaredetectviruses?Whattechniquesareavailable,andhowdotheydiffer?
Guidelines
Youressayshouldinclude:
APAformatting:coverpage,referencespage,12pointTimesNewRoman,anddoublespacing
IncludeacoverpageformattedtoAPAspecifications
Includeareferencespageandatleasttworeferencesbeyondthecoursetextbook
Length:onetotwopages(doublespaced)
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DuebySaturday11:59p.m.ET
Plagiarism
Threecommontypesofplagiarismyouneedtobeawareofasastudent:
Recyclingapaperdoubledippingselfplagiarism:Reusingapaperyouhavewrittenforaprevious
course
Copyingdirectlyfromasourcewithoutproperquotationsorparaphrasing:Whenyoutrytopass
somethingoffasyourownwork
Notusingpropercitations
AccordingtotheAcademicIntegrityandAcademicDishonestyHandbook:
Yourpapershouldhaveatleast80%ofyourownoriginalthought,notborrowed,paraphrased[or]quotedfrom
materialpulledfromtheInternet,articles,journals,books,etc.Yourthoughts,notsomeoneelses!
PleasereviewtheHandbookformoreexamplesofplagiarismandhowtoavoidit.
Lecture
CaseStudy:WebSecurity,Part1
Discoverwhy,asanendusermachine,theWebisthelargestvulnerabilityandinfectionvector.
Reading
Read
BrowserSecurity:LessonsfromGoogleChrome,Reisetal.,ACM,2009
Discussion
AntiMalwareTesting
Discusshowtestingofantimalwareshouldbeconducted.
DiscussionGuidelines
Youcanearnupto20pointsforeachweeklydiscussionboard.Youmustprovideanoriginalresponseofyour
ownandatleasttworepliestoclassmates.
Initialpost(10points)
YouroriginalpostisduebyWednesdayat11:59p.m.ET
Replyposts(10points)
YourresponsesareduebySundayat11:59p.m.ET
ClicktheSubmitAssignmentbelowtouploadyourassignmenttotheDigitalDropBox
DuebySundayat11:59p.m.ET
Week 7
Lecture
CaseStudy:WebSecurity,Part2
Exploremorespecificwebvulnerabilities,suchascrosssitescriptingandclickjacking.
Assignment
Essay
Inanessayform,developanexampleofanXSSvulnerabilityandanexploitwhichdisplaysit.Youwillbe
expectedtoincludeasnippetofcodewhichillustratesanXSSvulnerabilityandalsoprovidessomegeneral
discussionofXSSvulnerabilities.
Guidelines
Yourresponseshouldinclude:
APAformatting:coverpage,referencespage,12pointTimesNewRoman,anddoublespacing
IncludeacoverpageformattedtoAPAspecifications
Includeareferencespageandatleasttworeferencesbeyondthecoursetextbook
Length:onetotwopages(doublespaced)
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DuebySaturday11:59p.m.ET
Plagiarism
Threecommontypesofplagiarismyouneedtobeawareofasastudent:
Recyclingapaperdoubledippingselfplagiarism:Reusingapaperyouhavewrittenforaprevious
course
Copyingdirectlyfromasourcewithoutproperquotationsorparaphrasing:Whenyoutrytopass
somethingoffasyourownwork
Notusingpropercitations
AccordingtotheAcademicIntegrityandAcademicDishonestyHandbook:
Yourpapershouldhaveatleast80%ofyourownoriginalthought,notborrowed,paraphrased[or]quotedfrom
materialpulledfromtheInternet,articles,journals,books,etc.Yourthoughts,notsomeoneelses!
PleasereviewtheHandbookformoreexamplesofplagiarismandhowtoavoidit.
Virtualization
Aftercompletingthismodule,studentsshouldbeableto:
DescribehowOSvirtualizationworks
Describeissuesthatimpactthedevelopmentofeconomicmodelsforsecurity,andexplainhowcorporate
culturecanaffecteconomicdecisionmaking
Lecture
Virtualization
Analyzehowvirtualizationcanhelpandhurtsecurity.
Reading
Read
IntelVirtualizationTechnology:HardwareSupportforEfficientProcessorVirtualization,Neigeretal.,
IntelTechnologyJournal,2006
Discussion
DesktopVirtualization
Discusswhetherdesktopvirtualizationisapanacea.
DiscussionGuidelines
Youcanearnupto20pointsforeachweeklydiscussionboard.Youmustprovideanoriginalresponseofyour
ownandatleasttworepliestoclassmates.
Initialpost(10points)
YouroriginalpostisduebyWednesdayat11:59p.m.ET
Replyposts(10points)
YourresponsesareduebySundayat11:59p.m.ET
Week 8
Lecture
Management,Part1
Inthistwopartlecture,wewillfocusonhowtomanagehostsecurityandputintopracticewhatwehavelearned
throughoutthecourse.
Lecture
Management,Part2
Inparttwoofthislecture,wewillanswerthefollowingquestion:Howcanyouknowyourpatchingprocedures
areworking?
Reading
Read
Chapter14inTheArtofComputerVirusResearchandDefense,Szor,2005
SoLong,andNoThanksfortheExternalities,Herley,ACM,2009
Assignment
Essay
YouaretheCISOofalargecompany.Usingyourownmachineasanexample,tellmehowyouwouldharden
yourownmachineandhowyouwouldhardenmachinesacrossthecompany,usingideasgarneredfromthis
class.
Guidelines
Youressayshouldinclude:
APAformatting:coverpage,referencespage,12pointTimesNewRoman,anddoublespacing
IncludeacoverpageformattedtoAPAspecifications
Includeareferencespageandatleasttworeferencesbeyondthecoursetextbook
Length:onetotwopages(doublespaced)
ClicktheSubmitAssignmentbuttonbelowtouploadyourassignmenttoTurnitin
DuebySaturday11:59p.m.ET
Plagiarism
Threecommontypesofplagiarismyouneedtobeawareofasastudent:
Recyclingapaperdoubledippingselfplagiarism:Reusingapaperyouhavewrittenforaprevious
course
Copyingdirectlyfromasourcewithoutproperquotationsorparaphrasing:Whenyoutrytopass
somethingoffasyourownwork
Notusingpropercitations
AccordingtotheAcademicIntegrityandAcademicDishonestyHandbook:
Yourpapershouldhaveatleast80%ofyourownoriginalthought,notborrowed,paraphrased[or]quotedfrom
materialpulledfromtheInternet,articles,journals,books,etc.Yourthoughts,notsomeoneelses!
PleasereviewtheHandbookformoreexamplesofplagiarismandhowtoavoidit.
Final Exam
FinalExam
Containsmaterialsfromtheentirecourse
Thisexamcontainsfiveessayquestions
Answersmustincludeproperlycitedreferencesandshouldbetreatedlikearesearchpaper
Youhave3hourstocompleteyourexam
ExamduebySundayat11:59p.m.ET
UniversityAllianceOnlineisadivisionofBiskEducation,Inc.2015Bisk
Education.Allrightsreserved.Company,products,servicenamesmaybe
trademarksoftheirrespectiveowners.