CS 6393: Cyber Security Models and Systems
CS 4593: Cyber Security Models and Systems (cross-listed)

Prof. Ravi Sandhu

Spring 2019, Friday 10am-12:30pm, Location: NPB 1.226
Class web site: www.profsandhu.com/cs6393_s19
Please send all class related emails to: ravi.utsa@gmail.com
Office hours: Friday 12:30pm-2:00pm, Location: NPB 3.122
UTSA common syllabus information: provost.utsa.edu/syllabus.asp

Important Notices:

• VERY IMPORTANT: Student Course Evalutions will be open in ASAP, April 1-15. Please complete.
• 04/03/19: Project grading rubric posted
• 04/03/19: Slides for 4/5/19 lecture posted
• 03/21/19: Lecture schedule for rest of semester finalized
• 03/19/19: FYI: Talk by Prof. Fred Schneider on Impediments to Incentivizing Cyber-security Investment, 3/28/19, 2:00pm-3:30pm, BSE 2.102
• 03/19/19: Guest lecture by Prof. Fred Schenider on 3/29/19 announced. Note: timing 10:30am-11:30am and location NPB 3.108-CS Conference Room.
• 03/19/19: Guest lectures for 4/5/19 (Dr. Maanak Gupta) and 4/26/19 (Prof. Ram Krishnan) announced.
• 03/07/19: FYI: Talk by Scott Aaronson on Quantum Computing and the Quest for Computational Supremacy, 3/8/19, 1:55pm-2:55pm, JPL 4.04.22
• 02/28/19: Project presentation schedule has been posted.
• 02/10/19: Slides for 2/22/19 lecture by Prof. Jadliwala have been posted.
• 02/08/19: FYI: Talk by C. Mohan on State of Public and Private Blockchains: Myths and Reality, 2/19/19, 10:30am-12:00pm, JPL Faculty Center Assembly Room.
• 02/06/19: Project selections so far updated. Project guidelines part 2 posted. Readings for 2/8 lecture posted.
• 01/25/19: Major details posted
• 11/27/19: Some of the significant details of how this course will be run depend upon the makeup of the class, and will be finalized only after the semester starts.
• Watch this space for important announcements throughout the semester. Announcements will be dated and recent posts will be highlighted in red.

Course Prerequisites:

Catalog Description:

• 6393 Advanced Topics in Computer Security (3-0) 3 hours credit.
  Analysis of computer security. The topics may include but are not limited to database and distributed systems security, formal models for computer security, privacy and ethics, intrusion detection, critical infrastructure protection, network vulnerability assessments, wireless security, trusted computing, and highly dependable systems. May be repeated for credit when topics vary.
• CS 4593. Topics in Computer Science. (3-0) 3 Credit Hours.
  Prerequisite: Consent of instructor. Advanced topics in an area of computer science. May be repeated for credit when topics vary. Generally offered: Spring.
• The Spring 2019 course is different from any prior offering of CS 6393 or CS 4593. It is eligible for repeated credit.

Course Format:

• Lectures with supporting readings from the literature.
• 2 part project as described below. Will constitute the bulk of the grade.
• Class attendance and participation will be factored into the grade at instructor's discretion.

Course Objectives:

• Designed for advanced CS graduate and undergraduate students.
• Study selected topics of current interest in cyber security models and systems.

Project Guidelines, Topics and Teams:

• 04/03: Project grading rubric (docx) (pdf)
• 02/08: Project selections finalized. Please deconflict as indicated. (pdf)
• 02/06: Project guidelines part 2 (pptx) (pdf)
• 01/25: Project guidelines part 1 (pptx) (pdf)

Schedule Notes:

• The weekly schedule is subject to change and adjustment as the semester progresses.
• Assigned readings for a lecture should be read for maximum benefit.
• Readings are marked as follows.
  • Full: Read in full.
  • Part: Read in part.
  • Ref: Reference.

Schedule by Week: Please visit often as the semester proceeds.

• 01/19: Course Introduction and Cyber Security Overview
  • Slides: L190118.pptx, L190118.pdf
• 01/25: What is Cyber Security?
  • Slides: L190125.pptx, L190125.pdf
  • Readings: Full: How to spell cyber security?, Bishop-2003, Solms-Niekerk-2013, Sandhu-etal-2010
• 02/01: Late start at 11am. Develop project guidelines interactively in class. Result postd as project guidelines part 2.
• 02/08: Securing Internet Banking Authentication
  • Readings: Full: Secure Internet Banking Authentication (annotated)
  • Readings: Full: Secure Internet Banking Authentication (clean)
  • Readings: Full: Two-Factor Authentication: Too Little, Too Late
  • Readings: Ref: A Survey of Authentication and Communications Security in Online Banking
  • Readings: Ref: 4/19/18 Authentication lecture in CS 5323 Spring 2018
  • Readings: Ref: 1/30/18 SSL lecture in CS 5323 Spring 2018
• 02/15: Prof. Sandhu out of town. No office hours.
  Guest lecture: Dr. Mahmoud Aslan on Malware Detection in Cloud IaaS
  • Slides: L190215.pdf
• 02/22: Prof. Sandhu out of town. No office hours.
  Guest lecture: Prof. Murtuza Jadliwala on Cryptocurrencies & Blockchains
  • Slides: L190222.pptx, L190222.pdf
• 03/01: Access Control and Authorization Models and Systems
  • The OM-AM Framework
    • Slides: L190301-1.ppt, L190301-1.pdf
    • Readings: Full: Engineering Authority and Trust in Cyberspace: The OM-AM and RBAC Way
  • The PEI Framework
    • Slides: L190301-2.ppt, L190301-2.pdf
    • Readings: Full: The PEI Framework for Application-Centric Security
  • Data and Application Security and Privacy (DASPY)
    • Slides: L190301-3.ppt, L190301-3.pdf
    • Readings: Full: The Challenge of Data and Application Security and Privacy (DASPY): Are We Up to it?
  • ASCAA Principles for Access Control
    • Slides: L190301-4.ppt, L190301-4.pdf
    • Readings: Full: ASCAA Principles for Next-Generation Role-Based Access Control
  • Risk-Adaptive Access Control (RAdAC)
    • Slides: L190301-5.ppt, L190301-5.pdf
    • Readings: Full: An Attribute Based Framework for Risk-Adaptive Access Control Models
• 03/08: Security and Privacy Enhanced Cloud Computing
  • Views of Cloud Computing
    • Slides: L190308-1.pptx, L190308-1.pdf
    • Readings: Full: NIST Definition of Cloud Computing
    • Readings: Part: Foster et al 2008: Cloud versus Grid, Armbrust et al 2010: Berkeley View of CLoud
    • Readings: Ref: NIST Guidelines on Security and Privacy in Public Cloud Computing
  • NIST Cloud Computing Reference Architecture
    • Readings: Extract: Chapter 4: Cloud Computing Reference Architecture
    • Readings: Ref: NIST Cloud Computing Standards Roadmap
  • Amazon AWS and AWS-IoT Access Control Models
    • Slides: L190308-2.pdf
    • Slides: L190308-3.pptx, L190308-3.pdf
    • Readings: Part: Secure Information and Resource Sharing in Cloud Infrastructure as a Service
    • Readings: Part: Access Control Model for AWS Internet of Things
• 03/15: Spring Break. No class. No office hours.
• 03/22: Attribute-Based Access Control: Insights and Challenges
  • Slides: L190322.pptx, L190322.pdf
• 03/29: Guest lecture by Prof. Fred Schneider.
  • Title: Security from Tags
  • Location: NPB 3.108-CS Conference Room
  • Time: 10:30am-11:30am
  • Abstract and Bio
  • Lecture will be followed by Pizza lunch, 12:30pm-2:00pm, same location. RSVP to Computer Science Department if you would like to join.
  • Come directly to the 10:30am lecture. Make sure to get attendance marked off with me.
• 04/05: Prof. Sandhu out of town. No office hours.
  Guest lecture: Dr. Maanak Gupta on Access Controls in Smart Cars: Needs and Solutions
  • Slides: L190405.pptx, L190405.pdf
• 04/12: Project presentations: 3 slots
  • Ficke, Eric D.: Attack/Vulnerability: MS03_026 RPC DCOM, Technology: Wireless 5G
  • Kesapragada, Srivarsha and Kondepudy, Ramya Sinduri: Attack/Vulnerability: Mirai Botnet, Technology: Social Media Challenges
  • Guillen, Roy S. and Mai, Jonathan A.: Attack/Vulnerability: Equifax, Technology: Blockchain
• 04/19: Project presentations: 4 slots
  • Balsaraf, Mehul V.: Attack/Vulnerability: Petra Ransomware, Technology: Social media
  • Ramesh, Janani and Theuri, Geofrey: Attack/Vulnerability: WannaCry Ransomware, Technology: Blockchain
  • Valenzuela, Salvador: Attack/Vulnerability: Sony (PSN), Technology: Quantum Computing
  • Lowe, Cullen M.: Attack/Vulnerability: Target, Technology: Smart home
• 04/26: Prof. Sandhu out of town. No office hours.
  Guest lecture: Prof. Ram Krishnan on Android Permissions
• 05/03: Project presentations: 4 slots
  • Davis Koola, Disney and Yaganti, Ravi Teja: Attack/Vulnerability: Stuxnet, Technology: Google home voice assistant
  • Garcia, Ashley C.: Attack/Vulnerability: Melissa Virus, Technology: Cloud Computing
  • Nobi, Mohammad Nur N.: Attack/Vulnerability: Spectre, Technology: Blockchain (cryptocurrency)
  • Kolar, Prasanna R.: Attack/Vulnerability: Meltdown, Technology: Internet Of Things (autonomous systems)

END