Date |
Lecture
topic |
Lecture Material |
||
January 10 |
Introduction |
Required: 1.
Denning: Ch. 1 Interesting Reading
(not-required):
1. OLD: SANS, 2001,The Future of Information
Warfare, https://www.sans.org/reading-room/whitepapers/warfare/future-information-warfare-819
2.
NEW: Catherine A. Theohary
and Kathleen J. McInnis, Information Warfare: Russian Activities, CRS Insight, https://fas.org/sgp/crs/row/IN10563.pdf
|
||
January 12 |
Security Primer |
Required: 1.
CSCE 522 lecture
notes, 2012 Fall, as needed, http://www.cse.sc.edu/~farkas/csce522-2013/lecture.htm
Interesting Reading
(not-required):
1.
Homeland
Security News Wire, Cybersecurity, http://www.homelandsecuritynewswire.com/topics/cybersecurity
2.
Defense Systems,
Cyber Defense, https://defensesystems.com/pages/topics/cyber-defense.aspx
3.
RAND
Corporation, http://www.rand.org/topics/cyber-warfare.html |
||
January 17 |
Theory of
Information Warfare |
Required: 1. Denning:
Chapters 2, 3 2. Denning, D. E. Stuxnet: What Has Changed? Future Internet 2012, 4,
672-687. (.pdf) Interesting Reading
(not-required):
1.
SplashData releases annual
“Worst Passwords” list -- “123456” maintains top spot, Homeland Security News Wire, 20/01/2016, http://www.homelandsecuritynewswire.com/dr20160120-splashdata-releases-annual-worst-passwords-list-123456-maintains-top-spot
2.
Office of the Press Secretary, SECURING CYBERSPACE -
President Obama Announces New Cybersecurity Legislative Proposal and Other
Cybersecurity Efforts, The White House, 1/13/2015, http://www.whitehouse.gov/the-press-office/2015/01/13/securing-cyberspace-president-obama-announces-new-cybersecurity-legislat 3.
Homeland Security News Wire, China suspected of
waging an invisible war on the U.S. power grid, January 17, 2014, http://www.homelandsecuritynewswire.com/srcybersecurity20140121-china-suspected-of-waging-an-invisible-war-on-the-u-s-power-grid
4.
Gonsalves, Talk of
cyberwarfare meaningless to many companies, NetworkWorld,,
January 07, 2014, http://www.networkworld.com/news/2014/010714-talk-of-cyberwarfare-meaningless-to-277431.html
5.
Iran Blames Computer Attack on US, http://www.voanews.com/english/news/middle-east/Iran-Blames-Computer-Attack-on-US-114149864.html
, January 18, 2011 6.
Schneier on Security, Stuxnet, http://www.schneier.com/blog/archives/2010/10/stuxnet.html
, October 7, 2010 |
||
January 19 - 24 |
Playgrounds
to Battlegrounds |
Required: 1. Denning:
Chapters 2, 3 2. Denning, D. E.,
“Framework and Principles for Active Cyber Defense,” Computers & Security
40, February 2014, 108-113. (prepublication .pdf
) Interesting Reading
(not-required): 1.
S. Gorman and D. Yadron,U.S.
Presses Beijing on Corporate Espionage, The Wall Street Journal, June 7,
2013, http://online.wsj.com/news/articles/SB10001424127887324069104578527323576340846
2.
P. Uchoa, Is Brazil the
target of industrial espionage?, BBC News, Oct. 2013, http://www.bbc.co.uk/news/world-latin-america-24461679
3.
Fox News, German TV: Snowden says NSA also practices
industrial espionage, January 26, 2014, http://www.foxnews.com/world/2014/01/26/german-tv-snowden-says-nsa-also-practices-industrial-espionage/
4.
DHS, Cybersecurity Laws & Regulations, http://www.dhs.gov/cybersecurity-laws-regulations 5.
P. Roberts, U.S. Congress Hears Of Growing Cyber
Espionage Threat To U.S., 06/29. 2012, http://threatpost.com/en_us/blogs/us-congress-hears-growing-cyber-espionage-threat-us-062912
|
||
January 31 February 7 |
Offensive
Information Warfare Opens Sources |
2. Technologies 3. Bayesian Models,
guest lecture by Ph.D. candidate Emad Alsuwat Required: 1. Denning: Chapter 4 2. Who
Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to
Third Parties by Mobile Apps. Zang J, Dummit K, Graves J, Lisker P,
and Sweeney L. , http://techscience.org/a/2015103001/
3. Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisition, and Operations, http://www.fas.org/irp/eprint/oss980501.htm Interesting Reading
(not-required): 1. Angwin and Parris,
Facebook Lets Advertisers Exclude Users by Race, 2016, https://www.propublica.org/article/facebook-lets-advertisers-exclude-users-by-race 2. Discrimination
in Online Ad Delivery. Sweeney
L. 3. Technology Science, 2015103001. October 30, 2015.CNN News: Pentagon sites: Journalism or propaganda?, http://www.cnn.com/2005/ALLPOLITICS/02/04/web.us/index.html 4. Privacy Act of 1974,
U.S. Department of Justice (http://www.justice.gov/opcl/1974privacyact-overview.htm
) 5. Electronic
Privacy Information Center (http://www.epic.org/
), -- Comment: what are the main issues
being debated in privacy forums, what additional risks IT represent, how this
risk can be controlled? |
||
February 14-16 |
Perception Management and
Psychological Operations |
Required: 1. Denning Chapter
5 Reading 1.
T. Simonite, “Honey Encryption” Will Bamboozle Attackers
with Fake Secrets, MIT Technology Review, 01/29/2014, http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/
2.
C. Kopp, Classical
deception techniques and perception management vs. the four strategies of
information warfare, Proceedings of the 6th Australian Information Warfare
& Security Conference 2005. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.60.3599&rep=rep1&type=pdf
|
||
Febr. 21-23 |
Insider threat |
Required: 1.
Denning Chapter
6 2.
The national
Infrastructure Advisory Council’s Final Report and Recommendation on the Insider
Threat to Critical Infrastructures, http://www.dhs.gov/xlibrary/assets/niac/niac_insider_threat_to_critical_infrastructures_study.pdf
, focus on sections IV, …, VII , 2008 3.
Sanger and Schmitt, The New York Times, Snowden Used
Low-Cost Tool to Best N.S.A., 02/08/2014, http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa.html?_r=0
Interesting Reading
(not-required): 1.
CERT, Insider
Threat Study: Illicit Cyber Activity in the Information Technology and
Telecommunications Sector, www.cert.org/archive/pdf/insiderthreat_it2008.pdf
, 2008 2.
Insider threat
to security may be harder to detect, experts say, http://www.computerworld.com/securitytopics/security/story/0,10801,70112,00.html
, 2012 |
||
February 28 – March 3 |
Computer Break-ins and Hacking Controls: Firewalls Intrusion Detection |
Required: ·
Denning Chapter 8, 9, 14 ·
Hutchins et al, Intelligence-Driven Computer Network Defense Informed
by Analysis of Adversary Campaigns and Intrusion Kill Chains, White paper, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf
Interesting Reading: ·
Iranian Hackers Claim Cyber Attack on New York Dam, NBC News, http://www.nbcnews.com/news/us-news/iranian-hackers-claim-cyber-attack-new-york-dam-n484611
·
Feds Set a Risky Precedent by Indicting 7 Iranian Hackers, WIRED, http://www.wired.com/2016/03/feds-set-risky-precedent-indicting-7-iranian-hackers/
·
DHS repairing internal security operations, Homeland Security News
Wire, April 9, 2014, http://www.homelandsecuritynewswire.com/seworld20140409-dhs-repairing-internal-security-operations
·
Student develops new way to detect hackers, Homeland
Security News Wire, April 9, 2014, http://www.homelandsecuritynewswire.com/dr20140409-student-develops-new-way-to-detect-hackers
·
Measuring smartphone malware infection rates, Homeland
Security News Wire, April 9, 2014, http://www.homelandsecuritynewswire.com/dr20140409-measuring-smartphone-malware-infection-rates
|
|
|
March 14 |
Incident Response |
1.
Lecture notes (slides) Required: 1.
Michael N. Schmitt, Computer
Network Attack and the Use of Force in International Law. Thoughts on a
Normative Framework., 37 Colum. J. Transnat'l L. 885, 1999, http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471993
2.
NIST special publications, Incident Handling
Updated Guidelines, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Interesting Reading
(not-required): 1.
Denning Chapters 8,
9 2.
NIST special publications, http://csrc.nist.gov/publications/nistpubs/index.html
3.
Top Ten Cyber Security Menaces for 2008, http://www.sans.org/press/top10menaces08.php
4.
Federal Communications Commission: Computer Security
Incident Response Guide, 2001, http://csrc.nist.gov/groups/SMA/fasp/documents/incident_response/Incident-Response-Guide.pdf 5.
Incident Response Team, R. Nellis,
http://www.rochissa.org/downloads/presentations/Incidence%20Response%20Teams.ppt 6. Federal Computer Intrusion
Laws, http://www.usdoj.gov/criminal/cybercrime/cclaws.html
7.
Tracking a Computer Hacker by
D. Morris, http://www.usdoj.gov/criminal/cybercrime/usamay2001_2.htm 8.
9.
Information Sharing and Analysis Centers ( |
||
March 16 |
Cyber exercises |
1.
Guest lecture by
Mr. Drew Varner, NineFX Inc. (slides) Required: 1.
Cyberstorm, Securing Cyber Space, https://www.dhs.gov/cyber-storm |
||
March 21 |
Security Policies |
2.
Security Policies slides Required: 1.
Information
Security Policy - A Development Guide for Large and Small Companies, http://www.sans.org/reading_room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies_1331 Interesting Reading
(not-required): 1.
S. De Capitani di Vimercati, P. Samarati, S. Jajodia: Policies, Models, and Languages for
Access Control, http://spdp.di.unimi.it/papers/IJCSEaccesscontrol.pdf
2.
Jajodia, P. Samarati, M.L. Sapino, and V.S.
Subrahmanian: Flexible Support for Multiple Access
Control Policies, http://dl.acm.org/citation.cfm?id=383894 |
||
March 23 |
International Conflict in Cyber
Space |
Required: 1.
Michael N.
Schmitt, Computer Network Attack and the Use of Force in International
Law. Thoughts on a Normative Framework., 37 Colum.
J. Transnat'l L. 885, 1999, http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471993 Interesting Reading
(not-required): 1.
A. Foltz, Stuxnet, Schmitt Analysis, and the Cyber “Use-of-Force”
Debate, JFQ, 67/4, 2012, http://www.au.af.mil/au/awc/awcgate/jfq/foltz_stuxnet_schmitt_oct2012.pdf
2.
Homeland Security News Wire, U.S. weighing retaliatory
measures against China for hacking campaign, http://www.homelandsecuritynewswire.com/dr20130220-u-s-weighing-retaliatory-measures-against-china-for-hacking-campaign 3.
Homeland Security News Wire, NIST’s voluntary cybersecurity framework may be
regarded as de facto mandatory, 03/03/2014, http://www.homelandsecuritynewswire.com/dr20140303-nist-s-voluntary-cybersecurity-framework-may-be-regarded-as-de-facto-mandatory
|
||
March 28 |
Guest Lecture |
Mr. Antonio "T"
Scurlock, Chief of Cybersecurity Plans and Coordination within the Office of
the Assistant Secretary (OAS) for
Cybersecurity and Communications (CS&C), Department of Homeland Securiyt ·
Cybersecurity overview brief with Q&A for both
sessions (slides) ·
Cybersecurity careers
|
||
March 30 |
National Security |
Homework
6: Mark Edward Huberty.
2013. Multi-cycle forecasting of congressional elections with social media.
In Proceedings of the 2nd workshop on Politics, elections and data (PLEAD
'13). ACM, New York, NY, USA, 23-30. http://dl.acm.org/citation.cfm?id=2508439 Required:
2.
Denning:
Chapter 14 Interesting Reading
(not-required):
|
||
April 4 |
Student presentations Homework 7 DUE |
Announcement: Students, bring the presentation on a USB drive or upload to
the internet. I will be in meetings
and won’t be able to upload the slides to the class’ website for this
class only. ·
Nawras Alkassab, Natasha Delahunt, Marcos Moraes,
Vaishnavi Sunku: Security
issues in legacy systems (slides) Toshio Suganuma,
Toshiaki Yasue, Tamiya Onodera, and Toshio Nakatani.
2008. Performance pitfalls in large-scale java applications translated from
COBOL. In Companion to the 23rd ACM SIGPLAN conference on Object-oriented
programming systems languages and applications (OOPSLA Companion '08). ACM,
New York, NY, USA, 685-696., http://dl.acm.org/citation.cfm?doid=1449814.1449822
·
Aditya Tripathi, Mohan Krishna Karanam, Siva Prasad Reddy Nooli,
Srinivas Balivada, Srinivas Burra, Yugendhar Reddy Sarabudla: The
role of web application vulnerabilities in information warfare (slides) Omer Tripp, Omer Weisman, Lotem Guy. (2013). Finding your way in the testing
jungle: A learning approach to web security testing. In Proceedings of the
2013 International Symposium on Software Testing and Analysis (ISSTA 2013).
ACM, New York, NY, USA, 347-357. http://dl.acm.org/citation.cfm?id=2483776&CFID=917132456&CFTOKEN=74829473
|
|
|
April 6 |
Student presentations Homework 8 DUE |
·
Zaid Alibadi, Joshua Gregory, Ming Wong, and Rick Stroud:
Biometric Authentication: Accuracy, Reliability, & Causes of Failure,
with Application to Smart Weapons (slides) Ziwen Sun, Yao Wang,
Gang Qu, and Zhiping Zhou. 2014. A 3-D hand gesture
signature based biometric authentication system for smartphones. In
Proceedings of the 8th International Conference on Bioinspired Information
and Communications Technologies (BICT '14). ICST (Institute for Computer
Sciences, Social-Informatics and Telecommunications Engineering), ICST,
Brussels, Belgium, Belgium, 157-164. http://dl.acm.org/citation.cfm?id=2744554
·
Barbare Preston, Morris Taylos, Wagner Tyler: Is there a
better way? Smart Device Security (slides) T. Xu, D. Gao, P. Dong, H. Zhang, C. H. Foh and H. C. Chao, "Defending Against New-Flow
Attack in SDN-Based Internet of Things," in IEEE Access, vol. 5, no. ,
pp. 3431-3443, 2017. http://ieeexplore.ieee.org/stamp/stamp.jspt
p=&arnumber=7847329&isnumber=7859429 |
|
|
April 11 |
Student presentations Homework 9 DUE |
Catalina L. Toma and Jeffrey T. Hancock. 2010. Reading between the
lines: linguistic cues to deception in online dating profiles. In Proceedings
of the 2010 ACM conference on Computer supported cooperative work (CSCW '10).
ACM, New York, NY, USA, 5-8. http://dl.acm.org/citation.cfm?doid=1718918.1718921
·
Hongrui Zhang, Mengjiao Zeng, Tieming Geng: Fake News in 2016 US Presidential Election (slides) T. Takahashi and N. Igata,
"Rumor detection on twitter," The 6th International Conference on
Soft Computing and Intelligent Systems, and The 13th International Symposium
on Advanced Intelligence Systems, Kobe, 2012, pp. 452-457. https://scholar.google.com/scholar?hl=en&q=Rumor+detection+on+twitter&btnG=&as_sdt=1%2C41&as_sdtp=
|
|
|
April 13 |
Student presentations Homework 10 DUE |
Hofmann, A. and Ramaj,
H. (2011) ‘Interdependent risk networks: the threat of cyber
attack’, Int. J. Management and Decision Making, Vol. 11, Nos. 5/6,
pp.312–323. http://www.hzv-uhh.de/fileadmin/Versicherungsbetriebslehre/Team/Dokumente/IJMDM1105-0602.pdf
·
Rudra Gupta, Deepak Begrajka, Adarsh Pillay, Abel
Jose : Impact of Social Media on Radicalization (slides) Akemi
Takeoka Chatfield, Christopher G. Reddick, and Uuf Brajawidagda. 2015.
Tweeting propaganda, radicalization and recruitment: Islamic state supporters
multi-sided twitter networks. In Proceedings of the 16th Annual International
Conference on Digital Government Research (dg.o
'15). ACM, New York, NY, USA, 239-249. http://dl.acm.org/citation.cfm?id=2757408
|
|
|
April 18 |
Panel Evaluations Attendance
is Mandatory for ALL students Class Location: Close Hipp Room 451 |
Logistics: 1. In order of the proposals (9 * 6 minutes = 54
minutes) a. The first reviewer has 1 minute to describe the
proposal and give his/her ranking. The
remaining reviewers will give their rankings and any different opinion (30
seconds/reviewer) b. Group has 3 minutes to convince the reviewers to
improve the ranking 2. Everyone writes down on handout the rankings and top
contribution and main limitation of the proposal 3. (10 minutes) Revisit the top 4 projects to identify
the top 2 winners 4. Award ceremony of the top 2 winners
·
Project 2: Nawras Alkassab, Natasha Delahunt, Marcos Moraes,
Vaishnavi Sunku: Security
issues in legacy systems
Media
·
Project 7:
Hongrui Zhang, Mengjiao Zeng, Tieming
Geng: Fake News in 2016 US Presidential Election
|
|
|
April 20 |
NO CLASS |
Work on the
project Make up
day: April 25, 2017 (Reading Day) Each group
should set up a time to meet me to discuss the project draft. |
|
|
May 2nd 12:30 pm |
Final Proposal due |
|
|
|