Date

Lecture topic

Lecture Material

January 10

Introduction

 

 

 

1.      Lecture Notes

 

Required:

1.      Denning: Ch. 1

 

Interesting Reading (not-required):

1.  OLD:  SANS, 2001,The Future of Information Warfare,

 https://www.sans.org/reading-room/whitepapers/warfare/future-information-warfare-819

2.      NEW:  Catherine A. Theohary and  Kathleen J. McInnis,  Information

Warfare: Russian Activities, CRS Insight,  https://fas.org/sgp/crs/row/IN10563.pdf

January 12

Security Primer

 

 

 

 

 

1.      Lecture Notes

 

Required:

1.      CSCE 522 lecture notes, 2012 Fall, as needed,

http://www.cse.sc.edu/~farkas/csce522-2013/lecture.htm

 

Interesting Reading (not-required):

1.      Homeland Security News Wire, Cybersecurity,  http://www.homelandsecuritynewswire.com/topics/cybersecurity

2.      Defense Systems, Cyber Defense,  https://defensesystems.com/pages/topics/cyber-defense.aspx

3.      RAND Corporation,  http://www.rand.org/topics/cyber-warfare.html 

January 17

 

 

Theory of Information Warfare

 

 

 

 

 

1.      Lecture Notes

 

Required:

1.      Denning: Chapters 2, 3

2.      Denning, D. E. Stuxnet: What Has Changed? Future Internet 2012, 4, 672-687. (.pdf)

 

Interesting Reading (not-required):

1.      SplashData releases annual “Worst Passwords” list -- “123456” maintains top spot, Homeland

Security News Wire, 20/01/2016, http://www.homelandsecuritynewswire.com/dr20160120-splashdata-releases-annual-worst-passwords-list-123456-maintains-top-spot

2.      Office of the Press Secretary, SECURING CYBERSPACE - President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts, The White House, 1/13/2015, http://www.whitehouse.gov/the-press-office/2015/01/13/securing-cyberspace-president-obama-announces-new-cybersecurity-legislat

3.      Homeland Security News Wire, China suspected of waging an invisible war on the U.S. power grid, January 17, 2014, http://www.homelandsecuritynewswire.com/srcybersecurity20140121-china-suspected-of-waging-an-invisible-war-on-the-u-s-power-grid

4.      Gonsalves, Talk of cyberwarfare meaningless to many companies, NetworkWorld,, January 07, 2014,  http://www.networkworld.com/news/2014/010714-talk-of-cyberwarfare-meaningless-to-277431.html

5.      Iran Blames Computer Attack on US, http://www.voanews.com/english/news/middle-east/Iran-Blames-Computer-Attack-on-US-114149864.html , January 18, 2011

6.      Schneier on Security, Stuxnet, http://www.schneier.com/blog/archives/2010/10/stuxnet.html , October 7, 2010

January 19 - 24

Playgrounds to  Battlegrounds

 

 

 

 

 

1.      Lecture Notes

 

Required:

1.      Denning: Chapters 2, 3

2.      Denning, D. E., “Framework and Principles for Active Cyber Defense,” Computers & Security

40, February 2014, 108-113.   (prepublication .pdf )

 

Interesting Reading (not-required):

1.      S. Gorman and D. Yadron,U.S. Presses Beijing on Corporate Espionage, The Wall Street Journal, June 7, 2013, http://online.wsj.com/news/articles/SB10001424127887324069104578527323576340846

2.      P. Uchoa, Is Brazil the target of industrial espionage?, BBC News, Oct. 2013, http://www.bbc.co.uk/news/world-latin-america-24461679

3.      Fox News, German TV: Snowden says NSA also practices industrial espionage, January 26, 2014, http://www.foxnews.com/world/2014/01/26/german-tv-snowden-says-nsa-also-practices-industrial-espionage/

4.      DHS, Cybersecurity Laws & Regulations, http://www.dhs.gov/cybersecurity-laws-regulations 

5.      P. Roberts, U.S. Congress Hears Of Growing Cyber Espionage Threat To U.S., 06/29. 2012, http://threatpost.com/en_us/blogs/us-congress-hears-growing-cyber-espionage-threat-us-062912

 

January 31

February 7

Offensive Information Warfare

 

Opens Sources

 

 

 

1.      Lecture Notes 

2.      Technologies

3.      Bayesian Models, guest lecture by Ph.D. candidate Emad Alsuwat

 

Required:

1.      Denning:  Chapter 4

2.      Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps.

Zang J, Dummit K, Graves J, Lisker P, and Sweeney L. , http://techscience.org/a/2015103001/

3.       Open Source Intelligence: Private Sector Capabilities to Support DoD Policy, Acquisition, and Operations, http://www.fas.org/irp/eprint/oss980501.htm

 

Interesting Reading (not-required):

1.      Angwin and Parris, Facebook Lets Advertisers Exclude Users by Race, 2016,  https://www.propublica.org/article/facebook-lets-advertisers-exclude-users-by-race

2.      Discrimination in Online Ad Delivery. Sweeney L. 
Communications of the Association of Computing Machinery (CACM), Vol. 56 No. 5, Pages 44-54 DOI 10.1145/2447976.2447990 http://cacm.acm.org/magazines/2013/5/163753-discrimination-in-online-ad-delivery/abstract 
Earlier technical report: Data Privacy Lab
 White Paper 1071-1. Harvard University. Cambridge. January 2013. SSRN: http://ssrn.com/abstract=2208240 and arXiv: http://arxiv.org/abs/1301.6822.

3.       Technology Science, 2015103001. October 30, 2015.CNN News: Pentagon sites: Journalism or propaganda?, http://www.cnn.com/2005/ALLPOLITICS/02/04/web.us/index.html

4.      Privacy Act of 1974, U.S. Department of Justice (http://www.justice.gov/opcl/1974privacyact-overview.htm )

5.      Electronic Privacy Information Center (http://www.epic.org/ ), -- Comment: what are the main issues being debated in privacy forums, what additional risks IT represent, how this risk can be controlled?

 

February 14-16

Perception Management and Psychological Operations

 

 

1.      Lecture Notes

 

Required:

1.      Denning Chapter 5

 

Reading

1.      T. Simonite, “Honey Encryption” Will Bamboozle Attackers with Fake Secrets, MIT Technology Review, 01/29/2014, http://www.technologyreview.com/news/523746/honey-encryption-will-bamboozle-attackers-with-fake-secrets/

2.      C. Kopp, Classical deception techniques and perception management vs. the four strategies of information warfare, Proceedings of the 6th Australian Information Warfare & Security Conference 2005. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.60.3599&rep=rep1&type=pdf

Febr. 21-23

Insider threat

1.      Lecture Notes

 

Required:

1.      Denning Chapter 6

2.      The national Infrastructure Advisory Council’s Final Report and Recommendation on the Insider Threat to Critical Infrastructures, http://www.dhs.gov/xlibrary/assets/niac/niac_insider_threat_to_critical_infrastructures_study.pdf , focus on sections  IV, …, VII , 2008

3.      Sanger and Schmitt, The New York Times, Snowden Used Low-Cost Tool to Best N.S.A., 02/08/2014, http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa.html?_r=0

 

 

Interesting Reading (not-required):

1.      CERT, Insider Threat Study: Illicit Cyber Activity in the Information Technology and Telecommunications Sector, www.cert.org/archive/pdf/insiderthreat_it2008.pdf , 2008

2.      Insider threat to security may be harder to detect, experts say, http://www.computerworld.com/securitytopics/security/story/0,10801,70112,00.html , 2012

 

February 28 – March 3

Computer Break-ins and Hacking

 

Controls:

Firewalls

Intrusion Detection

·         Lecture Notes 

 

Required:

·         Denning Chapter 8, 9, 14

·         Hutchins et al, Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains, White paper, http://www.lockheedmartin.com/content/dam/lockheed/data/corporate/documents/LM-White-Paper-Intel-Driven-Defense.pdf

 

Interesting Reading:

·         Iranian Hackers Claim Cyber Attack on New York Dam, NBC News,  http://www.nbcnews.com/news/us-news/iranian-hackers-claim-cyber-attack-new-york-dam-n484611

·         Feds Set a Risky Precedent by Indicting 7 Iranian Hackers, WIRED,  http://www.wired.com/2016/03/feds-set-risky-precedent-indicting-7-iranian-hackers/

·         DHS repairing internal security operations, Homeland Security News Wire, April 9, 2014, http://www.homelandsecuritynewswire.com/seworld20140409-dhs-repairing-internal-security-operations

·         Student develops new way to detect hackers, Homeland Security News Wire, April 9, 2014, http://www.homelandsecuritynewswire.com/dr20140409-student-develops-new-way-to-detect-hackers

·         Measuring smartphone malware infection rates, Homeland Security News Wire, April 9, 2014, http://www.homelandsecuritynewswire.com/dr20140409-measuring-smartphone-malware-infection-rates

 

 

March 14

Incident Response

 

 

 

 

 

 

 

1.      Lecture notes (slides)

 

Required:

1.      Michael N. Schmitt, Computer Network Attack and the Use of Force in International Law. Thoughts on a Normative Framework., 37 Colum. J. Transnat'l L. 885, 1999, http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471993

2.       NIST special publications, Incident Handling Updated Guidelines, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

 

Interesting Reading (not-required):

1.      Denning Chapters 8, 9

2.      NIST special publications, http://csrc.nist.gov/publications/nistpubs/index.html

3.      Top Ten Cyber Security Menaces for 2008, http://www.sans.org/press/top10menaces08.php

4.      Federal Communications Commission: Computer Security Incident Response Guide, 2001, http://csrc.nist.gov/groups/SMA/fasp/documents/incident_response/Incident-Response-Guide.pdf

5.      Incident Response Team, R. Nellis, http://www.rochissa.org/downloads/presentations/Incidence%20Response%20Teams.ppt 

6.      Federal Computer Intrusion Laws, http://www.usdoj.gov/criminal/cybercrime/cclaws.html

7.      Tracking a Computer Hacker by D. Morris, http://www.usdoj.gov/criminal/cybercrime/usamay2001_2.htm

8.      CERT® Coordination Center (CERT®/CC), http://www.cert.org

9.      Information Sharing and Analysis Centers (ISAC), https://www.it-isac.org/isacinfowhtppr.php (industry related)

 

March 16

Cyber exercises

1.      Guest lecture by Mr. Drew Varner, NineFX Inc. (slides)

Required:

1.      Cyberstorm, Securing Cyber Space, https://www.dhs.gov/cyber-storm

March 21

 

Security Policies

 

 

2.      Security Policies slides

 

Required:

1.      Information Security Policy - A Development Guide for Large and Small Companies, http://www.sans.org/reading_room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies_1331  

 

 

Interesting Reading (not-required):

1.      S. De Capitani di Vimercati, P. Samarati, S. Jajodia: Policies, Models, and Languages for Access Control, http://spdp.di.unimi.it/papers/IJCSEaccesscontrol.pdf

2.      Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian: Flexible Support for Multiple Access Control Policies, http://dl.acm.org/citation.cfm?id=383894

 

March 23

International Conflict in Cyber Space

 

 

1.      Lecture Notes

 

Required:

1.      Michael N.  Schmitt, Computer Network Attack and the Use of Force in International Law. Thoughts on a Normative Framework., 37 Colum. J. Transnat'l L. 885, 1999, http://www.dtic.mil/cgi-bin/GetTRDoc?AD=ADA471993

 

Interesting Reading (not-required):

1.      A. Foltz, Stuxnet, Schmitt Analysis, and the Cyber “Use-of-Force” Debate, JFQ, 67/4, 2012, http://www.au.af.mil/au/awc/awcgate/jfq/foltz_stuxnet_schmitt_oct2012.pdf

2.      Homeland Security News Wire, U.S. weighing retaliatory measures against China for hacking campaign, http://www.homelandsecuritynewswire.com/dr20130220-u-s-weighing-retaliatory-measures-against-china-for-hacking-campaign

3.      Homeland Security News Wire, NIST’s voluntary cybersecurity framework may be regarded as de facto mandatory, 03/03/2014, http://www.homelandsecuritynewswire.com/dr20140303-nist-s-voluntary-cybersecurity-framework-may-be-regarded-as-de-facto-mandatory

 

March 28

Guest Lecture

 

Mr. Antonio "T" Scurlock, Chief of Cybersecurity Plans and Coordination within the Office of the

Assistant Secretary (OAS) for Cybersecurity and Communications (CS&C), Department of Homeland Securiyt

·         Cybersecurity overview brief with Q&A for both sessions (slides)

·         Cybersecurity careers

 

March 30

National Security

 

 

 

 

  1. Lecture notes on System Certification (slides)
  2. Caitlin Brock, Bryan Haines, Alex Liscio, Steven Rubin: Perception Management (slides)

Homework 6:  Mark Edward Huberty. 2013. Multi-cycle forecasting of congressional elections with social media. In Proceedings of the 2nd workshop on Politics, elections and data (PLEAD '13). ACM, New York, NY, USA, 23-30. 

http://dl.acm.org/citation.cfm?id=2508439 

 

 

Required: 

2.      Denning:  Chapter 14

Interesting Reading (not-required):

  1. Rainbow Series Library, http://www.fas.org/irp/nsa/rainbow.htm 
  2. Common Criteria, http://www.commoncriteriaportal.org/
  3. NIST, Guide for Applying the Risk Management Framework to Federal Information System, 2010, http://csrc.nist.gov/publications/nistpubs/800-37-rev1/sp800-37-rev1-final.pdf 

 

  1. Roger C. Molander, Peter A. Wilson, B. David Mussington, Richard Mesic: What is Strategic Information Warfare?, 1996, http://www.rand.org/content/dam/rand/pubs/monograph_reports/2005/MR661.pdf
  2. B. Baer Arnold, Cyber war in Ukraine – business as usual for the Russian bear, Homeland Security News Wire, March 13, 2014, http://www.homelandsecuritynewswire.com/dr20140313-cyber-war-in-ukraine-business-as-usual-for-the-russian-bear
  3. D. Meyer, Online attacks hit Russian state and media in wake of independent media crackdown, GiaOM, http://gigaom.com/2014/03/14/online-attacks-hit-russian-state-and-media-in-wake-of-independent-media-crackdown/

 

April 4

Student presentations

 

 

Homework 7 DUE

Announcement: Students, bring the presentation on a USB drive or upload to the internet.  I will be in meetings and won’t be able to upload the slides to the class’ website for this class only.

·         Nawras Alkassab, Natasha Delahunt, Marcos Moraes, Vaishnavi Sunku: Security issues in legacy systems (slides)

Toshio Suganuma, Toshiaki Yasue, Tamiya Onodera, and Toshio Nakatani. 2008. Performance pitfalls in large-scale java applications translated from COBOL. In Companion to the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications (OOPSLA Companion '08). ACM, New York, NY, USA, 685-696., http://dl.acm.org/citation.cfm?doid=1449814.1449822

 

·         Aditya Tripathi, Mohan Krishna Karanam, Siva Prasad Reddy Nooli, Srinivas Balivada, Srinivas Burra, Yugendhar Reddy Sarabudla: The role of web application vulnerabilities in information warfare (slides)

Omer Tripp, Omer Weisman, Lotem Guy. (2013). Finding your way in the testing jungle: A learning approach to web security testing. In Proceedings of the 2013 International Symposium on Software Testing and Analysis (ISSTA 2013). ACM, New York, NY, USA, 347-357.

http://dl.acm.org/citation.cfm?id=2483776&CFID=917132456&CFTOKEN=74829473

 

 

 

April 6

Student presentations

 

Homework 8 DUE

·         Zaid Alibadi, Joshua Gregory, Ming Wong, and Rick Stroud: Biometric Authentication: Accuracy, Reliability, & Causes of Failure, with Application to Smart Weapons (slides)

Ziwen Sun, Yao Wang, Gang Qu, and Zhiping Zhou. 2014. A 3-D hand gesture signature based biometric authentication system for smartphones. In Proceedings of the 8th International Conference on Bioinspired Information and Communications Technologies (BICT '14). ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), ICST, Brussels, Belgium, Belgium, 157-164.

http://dl.acm.org/citation.cfm?id=2744554

 

·         Barbare Preston, Morris Taylos, Wagner Tyler: Is there a better way?  Smart Device Security (slides)

T. Xu, D. Gao, P. Dong, H. Zhang, C. H. Foh and H. C. Chao, "Defending Against New-Flow Attack in SDN-Based Internet of Things," in IEEE Access, vol. 5, no. , pp. 3431-3443, 2017.

http://ieeexplore.ieee.org/stamp/stamp.jspt p=&arnumber=7847329&isnumber=7859429 

 

 

April 11

Student presentations

 

 

Homework 9 DUE

  • Li Wang, Wenzhi Cai, Sunghun Park, Venkata Kotha: Detection of misinformation on social Media (slides)

Catalina L. Toma and Jeffrey T. Hancock. 2010. Reading between the lines: linguistic cues to deception in online dating profiles. In Proceedings of the 2010 ACM conference on Computer supported cooperative work (CSCW '10). ACM, New York, NY, USA, 5-8.   http://dl.acm.org/citation.cfm?doid=1718918.1718921

 

·         Hongrui Zhang, Mengjiao Zeng, Tieming Geng: Fake News in 2016 US Presidential Election (slides)

T. Takahashi and N. Igata, "Rumor detection on twitter," The 6th International Conference on Soft Computing and Intelligent Systems, and The 13th International Symposium on Advanced Intelligence Systems, Kobe, 2012, pp. 452-457. https://scholar.google.com/scholar?hl=en&q=Rumor+detection+on+twitter&btnG=&as_sdt=1%2C41&as_sdtp=

 

 

 

April 13

Student presentations

 

Homework 10 DUE

  • Chandra Bhatt, Himani Gulati, Sanaz Hosseinzadeh, Panati Sree Sai Lekha, Aman Sharma, Richard Whitehouse: Cyber Insurance (slides)

Hofmann, A. and Ramaj, H. (2011) ‘Interdependent risk networks: the threat of cyber attack’, Int. J. Management and Decision Making, Vol. 11, Nos. 5/6, pp.312–323. http://www.hzv-uhh.de/fileadmin/Versicherungsbetriebslehre/Team/Dokumente/IJMDM1105-0602.pdf

 

·         Rudra Gupta, Deepak Begrajka, Adarsh Pillay, Abel Jose : Impact of Social Media on

Radicalization (slides)

Akemi Takeoka Chatfield, Christopher G. Reddick, and Uuf Brajawidagda. 2015. Tweeting propaganda, radicalization and recruitment: Islamic state supporters multi-sided twitter networks. In Proceedings of the 16th Annual International Conference on Digital Government Research (dg.o '15). ACM, New York, NY, USA, 239-249. http://dl.acm.org/citation.cfm?id=2757408

 

April 18

Panel Evaluations

 

Attendance is Mandatory for ALL students

 

Class Location:

Close Hipp Room 451

Logistics:

1.      In order of the proposals (9 * 6 minutes = 54 minutes)

a.       The first reviewer has 1 minute to describe the proposal and give his/her ranking.  The remaining reviewers will give their rankings and any different opinion (30 seconds/reviewer)

b.      Group has 3 minutes to convince the reviewers to improve the ranking

2.      Everyone writes down on handout the rankings and top contribution and main limitation of the proposal

3.      (10 minutes) Revisit the top 4 projects to identify the top 2 winners

4.      Award ceremony of the top 2 winners

 

 

  • Project 1:  Caitlin Brock, Bryan Haines, Alex Liscio, Steven Rubin: Perception Management
    1. Reviewer: Preston Barbare
    2. Reviewer: Wang, Li
    3. Reviewer: Sree Sai Panati
    4. Reviewer: Sanaz Hosseinzadeh
    5. Nawras Alkassab

 

·         Project 2: Nawras Alkassab, Natasha Delahunt, Marcos Moraes, Vaishnavi Sunku: Security issues in legacy systems

    1. Reviewer: Taylor Morris
    2. Reviewer: Wenzhi Cai
    3. Reviewer: Sunhun Park
    4. Reviewer: Yugendhar Sarabudla

 

  • Project 3: Aditya Tripathi, Mohan Krishna Karanam, Siva Prasad Reddy Nooli, Srinivas Balivada, Srinivas Burra, Yugendhar Reddy Sarabudla: The role of web application vulnerabilities in information warfare
    1. Reviewer: Chandra Bhatt
    2. Reviewer: Abel Jose
    3. Reviewer: Natasha Delahunt
    4. Reviewer: Marcos Moraes

 

  • Project 4: Zaid Alibadi, Joshua Gregory, Ming Wong, and Rick Stroud: Biometric Authentication: Accuracy, Reliability, & Causes of Failure, with Application to Smart Weapons
    1. Reviewer: Tyler Wagner
    2. Reviewer: Bryan Haines
    3. Reviewer: Alex Liscio
    4. Reviewer: Aman Sharma

 

  • Project 5: Barbare Preston, Morris Taylos, Wagner Tyler: Is there a better way?  Smart Device Security
    1. Reviewer: Josh Gregory
    2. Reviewer: Caitlin Brock
    3. Reviewer: Deepak Begrajka
    4. Reviewer: Ming Wong

 

  • Project 6: Li Wang, Wenzhi Cai, Sunghun Park, Venkata Kotha: Detection of misinformation on social

      Media

    1. Reviewer: Himani Gulati
    2. Reviewer: Zaid Alibadi
    3. Reviewer: Richard Whitehouse
    4. Reviewer: Aditya Tripathi

 

·         Project 7: Hongrui Zhang, Mengjiao Zeng, Tieming Geng: Fake News in 2016 US Presidential Election

    1. Reviewer: Constantin Rubin
    2. Reviewer: Siva Prasad Nooli
    3. Reviewer: Adarsh Pillay
    4. Reviewer: Venkat Kotha

 

  • Project 8: Chandra Bhatt, Himani Gulati, Sanaz Hosseinzadeh, Panati Sree Sai Lekha, Aman Sharma, Richard Whitehouse: Cyber Insurance
    1. Reviewer: Rick Stroud
    2. Reviewer: Srinivas Balivada
    3. Reviewer: Rudra Gupta
    4. Reviewer:  Vaishnavi Sunku

 

  • Project 9: Rudra Gupta, Deepak Begrajka, Adarsh Pillay, Abel Jose : Impact of Social Media on Radicalization
    1. Reviewer: Mohan Krishna Karanam
    2. Reviewer: Hongrui Zhang
    3. Reviewer: Tieming Geng
    4. Reviewer: Srinivas Burra
    5. Mengjiao Zeng

 

 

 

April 20

NO CLASS

Work on the project

Make up day:  April 25, 2017 (Reading Day)

Each group should set up a time to meet me to discuss the project draft.

 

 

May 2nd 12:30 pm

Final Proposal due