CS2013-final-report

Recommendations

Info

Computer Systems Security (CS-475), Lewis-Clark State College Lewiston, Idaho, U.S.A. Daniel Conte de Leon dcontedeleon@acm.org Knowledge Areas that contain topics and learning outcomes covered in the course Knowledge Area Total Hours of Coverage (38) Information Assurance and Security (IAS) 28 Human-Computer Interaction (HCI) 3 Networking and Communication (NC) 2 Social Issues and Professional Practice (SP) 2 Architecture and Organization (AR) 1 Operating Systems (OS) 1 Programming Languages (PL) 1 Where does the course fit in your curriculum Context within the Program This course is usually taken within the last year of an undergraduate degree program in Computer Science. Students from all four emphasis areas within our Computer Science program are required to take this course. The emphasis areas are: Computer Science and Mathematics, Information Technology, Information Systems, and Web Development. Prerequisites Students should have finished the introductory CS sequence, a data structures course, a discrete mathematics course and Calculus, a computer architecture course, and have familiarity with multiple computing languages such as C, HTML, Python, and SQL. In addition, basic knowledge of computer networks and familiarity with Linux systems and the shell and command line tools are needed. What is covered in the course Short Description This course covers the fundamental concepts and practical applications of computing systems security with a holistic view and an applied approach. Topics include: security concepts and services, physical, operational, and organizational security, the role of people in systems security, introduction to cryptography and public key infrastructure, computing systems hardening, secure code, and secure applications development. The course emphasis is on developing, deploying, and maintaining a secure computing infrastructure with a handson approach. List of Topics Topics in this course broadly match topics listed within this CS2013 guidelines and their coverage is detailed in the Body of Knowledge coverage section below. One additional topic is listed in the Additional topics section. What is the format of the course Schedule and Meetings Lewis-Clark State College is on a semester-based schedule. Semesters are 16 weeks long including a final exams week. This course meets face-to-face in a computer laboratory twice a week for a combined lecture and laboratory session. Each session is 2 hours 30 minutes long, including a 15 minute break. The adjusted number of contact hours is approximately 68. The number of lecture equivalent contact hours is 38. - 295 -
Instructional Approach This course is taught using an interactive and hands-on approach. Students are required to read the textbook before coming to class session and short quizzes are given almost every week. A hybrid lecture and question and answer session is given almost every session. Students then move to the computers and network gear to carry out laboratory tasks in a collaborative class environment. Laboratory and homework reports must be prepared individually. All posting and submission of coursework is on-line. Coursework and Submissions Students are expected to write a laboratory report for each laboratory that is typically due at midnight on the immediately following Sunday. Similar to the quizzes, there is an average of one laboratory report per week. In addition to the weekly quizzes and laboratory reports, students must complete about five homework assignments, a project, a midterm test, and the final exam. The homework assignments vary in content from ethics reports to reviewing and reporting on relevant publications (e.g., NIST guidelines and ACM and IEEE codes of ethics). The projects are usually comprised of a hands-on detailed investigation of a security topic of interest to the student and a subsequent live and hands-on presentation to the class and associated report submission. The final exam is comprised of 2 parts: a hands-on in-lab 2 hour 30 minute exam and a term report on a given topic. How are students assessed Students receive points relative to the adequate and correct completion of coursework as described above plus points obtained during the question and answer sessions. The total grade is weighted using a variation of the following scheme: 1) laboratories, homework, and project 40%, 2) quizzes 25%, 3) mid-term tests 10%, 4) final exams 20%, and 5) participation 5%. Students are expected to work outside of class sessions an average of 8-10 hours per week. Course textbooks and materials The textbook selected for the latest section of this course is: Analyzing Computer Security: A Threat/Vulnerability/Countermeasure Approach by Charles P. Pfleeger and Shari Lawrence Pfleeger. The textbook used in the previous section of this course was: Principles of Information Security by Michael E. Whitman and Herbert J. Mattord. In addition, the following laboratory manual is being used: “Hands-On Information Security Lab Manual” by Michael E. Whitman and Herbert J. Mattord. On-line accessible materials are also used to complement the course content and laboratories. For example, the secure coding standards published by CERT and the Software Engineering Institute, OWASP, and NIST resources. Systems and Tools We use a computer laboratory connected to an isolated VLAN. The laboratory has a dedicated switch, multiple hardware and software configurations including modern and older versions of OSs and applications running on either virtual or real hardware. During the laboratory sessions students learn to use a variety of (command line and GUI) network and host scanning, vulnerability analysis, and system hardening tools such as: Wireshark, Metasploit, Nmap, Nessus or OpenVAS, Bastille, Firewalls, Mutillidae, Gcc and secure libraries. The objective is for students to learn the limitations of computer-based systems and networks with respect to information assurance and how to harden, maintain, and create more secure systems. Why do you teach the course this way Course Goals and Rationale The goal of this course is to introduce students to the challenges, approaches, and techniques for implementing, deploying, and maintaining secure computing systems and networks. The rationale behind this course is to meet the need for information assurance content within the CS curriculum at the same time as tailoring to the diversity of potential career paths in the program's student population. Course History and Student Perceptions This course was developed in 2010 and was included as part of an update to the computer science curriculum which began implementation in the year 2011. This course is usually not viewed as challenging by students, however it is perceived as content and laboratory intensive. - 296 -
Page 1 and 2:
Computer Science Curricula 2013 Cur
Page 3 and 4:
Computer Science Curricula 2013 Cop
Page 5 and 6:
CS2013 Steering Committee ACM Deleg
Page 7 and 8:
Chapter 5: Introductory Courses ...
Page 9 and 10:
CC152: Computer Architecture and En
Page 11 and 12:
Programming Languages and Technique
Page 13 and 14:
Chapter 1: Introduction ACM and IEE
Page 15 and 16:
KA subcommittee Chairs (as members
Page 17 and 18:
Knowledge Areas The CS2013 Body of
Page 19 and 20:
of the implications of social respo
Page 21 and 22:
Manaris (College of Charleston), Sa
Page 23 and 24:
Chapter 2: Principles Early in its
Page 25 and 26:
novel, interesting, and effective w
Page 27 and 28:
Appreciation of the interplay betwe
Page 29 and 30:
to be able to communicate with, and
Page 31 and 32:
● The learning outcomes and hour
Page 33 and 34:
● Many strong computer-science cu
Page 35 and 36:
include appropriate elective materi
Page 37 and 38:
We use three levels of mastery, def
Page 39 and 40:
Parallel and Distributed Computing
Page 41 and 42:
select topics from Tier-2 (to inclu
Page 43 and 44:
common“CS0” courses: precursor
Page 45 and 46:
Tradeoffs: A programming-focused in
Page 47 and 48:
Parallel Processing Traditionally,
Page 49 and 50:
Chapter 6: Institutional Challenges
Page 51 and 52:
Computer Science Across Campus An a
Page 53 and 54:
programs do not have an explicit li
Page 55 and 56:
accessible, building interdisciplin
Page 57 and 58:
provide for assessing the effective
Page 59 and 60:
AL. Algorithms and Complexity (19 C
Page 61 and 62:
[Core-Tier2] 7. Describe various he
Page 63 and 64:
Learning Outcomes: 1. Define the cl
Page 65 and 66:
Architecture and Organization (AR)
Page 67 and 68:
7. Evaluate the functional and timi
Page 69 and 70:
AR/Interfacing and Communication [1
Page 71 and 72:
Computational Science (CN) Computat
Page 73 and 74:
CN/Introduction to Modeling and Sim
Page 75 and 76:
CN/Processing [Elective] The proces
Page 77 and 78:
CN/Data, Information, and Knowledge
Page 79 and 80:
Discrete Structures (DS) Discrete s
Page 81 and 82:
DS/Basic Logic [9 Core-Tier1 hours]
Page 83 and 84:
DS/Graphs and Trees [3 Core-Tier1 h
Page 85 and 86:
Graphics and Visualization (GV) Com
Page 87 and 88:
GV/Fundamental Concepts [2 Core-Tie
Page 89 and 90:
GV/Geometric Modeling [Elective] To
Page 91 and 92:
GV/Visualization [Elective] Visuali
Page 93 and 94:
HCI/Foundations [4 Core-Tier1 hours
Page 95 and 96:
HCI/User-Centered Design and Testin
Page 97 and 98:
Learning Outcomes: 1. Explain basic
Page 99 and 100:
o Game engines o Mobile augmented r
Page 101 and 102:
IAS. Information Assurance and Secu
Page 103 and 104:
OS/Concurrency 1.5 OS/Scheduling an
Page 105 and 106:
SP/Social Context 0.5 SP/Analytical
Page 107 and 108:
11. Discuss the importance of usabi
Page 109 and 110:
Learning outcomes: [Core-Tier2] 1.
Page 111 and 112:
Page 113 and 114:
Learning outcomes: 1. Describe the
Page 115 and 116:
Information Management (IM) Informa
Page 117 and 118:
• Design of core DBMS functions (
Page 119 and 120:
3. Demonstrate use of the relationa
Page 121 and 122:
IM/Physical Database Design [Electi
Page 123 and 124:
• Presentation, rendering, synchr
Page 125 and 126:
IS/Fundamental Issues [1 Core-Tier2
Page 127 and 128:
4. Describe over-fitting in the con
Page 129 and 130:
IS/Agents [Elective] Cross-referenc
Page 131 and 132:
Learning Outcomes: 1. Explain the d
Page 133 and 134:
Networking and Communication (NC) T
Page 135 and 136:
NC/Networked Applications [1.5 Core
Page 137 and 138:
NC/Social Networking [Elective] Top
Page 139 and 140:
OS/Overview of Operating Systems [2
Page 141 and 142:
OS/Memory Management [3 Core-Tier2
Page 143 and 144:
OS/File Systems [Elective] Topics:
Page 145 and 146:
Platform-Based Development (PBD) Pl
Page 147 and 148:
Learning Outcomes: 1. Design and im
Page 149 and 150:
Because the terminology of parallel
Page 151 and 152:
PD/Parallelism Fundamentals [2 Core
Page 153 and 154:
Page 155 and 156:
• Topologies o Interconnects o Cl
Page 157 and 158:
o Software as a service o Security
Page 159 and 160:
PL. Programming Languages (8 Core-T
Page 161 and 162:
PL/Functional Programming [3 Core-T
Page 163 and 164:
o o o Enforce invariants during cod
Page 165 and 166:
PL/Compiler Semantic Analysis [Elec
Page 167 and 168:
• Metaprogramming: Macros, Genera
Page 169 and 170:
PL/Language Pragmatics [Elective] T
Page 171 and 172:
emphasize formal analysis (e.g., Bi
Page 173 and 174:
Learning Outcomes: 1. Analyze and e
Page 175 and 176:
Software Engineering (SE) In every
Page 177 and 178:
such system are assigned to the cor
Page 179 and 180:
Learning Outcomes: [Core-Tier1] 1.
Page 181 and 182:
SE/Tools and Environments [2 Core-T
Page 183 and 184:
SE/Software Design [3 Core-Tier1 ho
Page 185 and 186:
[Elective] • Potential security p
Page 187 and 188:
o o o o Code segments Libraries and
Page 189 and 190:
Systems Fundamentals (SF) The under
Page 191 and 192:
2. Describe how hardware, VM, OS, a
Page 193 and 194:
2. Describe the scheduling algorith
Page 195 and 196:
Social Issues and Professional Prac
Page 197 and 198:
understanding of our commitment to
Page 199 and 200:
Learning Outcomes: 1. Evaluate stak
Page 201 and 202:
Learning Outcomes: [Core-Tier1] 1.
Page 203 and 204:
[Elective] 8. Discuss ways to influ
Page 205 and 206:
• Differences in access to comput
Page 207 and 208:
Appendix B: Migrating to CS2013 A g
Page 209 and 210:
and are treated as a topic geared t
Page 211 and 212:
GV The storage of analog signals in
Page 213 and 214:
SDF This new knowledge area pulls t
Page 215 and 216:
Table B-3: Core Learning Topics and
Page 217 and 218:
Table B-4: New and Expanded Core Le
Page 219 and 220:
IAS Core-Tier1: • Analyze the tra
Page 221 and 222:
IS NC Core-Tier2: • Translate a n
Page 223 and 224:
• Describe at least one design te
Page 225 and 226:
• Explain why the creation of cor
Page 227 and 228:
• Use refactoring in the process
Page 229 and 230:
• Apply simple algorithms for exp
Page 231 and 232:
Appendix C: Course Exemplars While
Page 233 and 234:
IS U. San Francisco Artificial Inte
Page 235 and 236:
ACM/IEEE-CS CS2013 Course-Exemplar
Page 237 and 238:
CSCI 140: Algorithms, Pomona Colleg
Page 239 and 240:
AL PD advanced data structures algo
Page 241 and 242:
What is the format of the course Th
Page 243 and 244:
CS 256 Algorithm Design and Analysi
Page 245 and 246:
and other applications including Ba
Page 247 and 248: • Data races and higher-level rac
Page 249 and 250: CS/ECE 552: Introduction to Compute
Page 251 and 252: Body of Knowledge coverage KA Knowl
Page 253 and 254: AR Assembly Level Machine Organizat
Page 257 and 258: Altruism/Collaboration/Competition,
Page 259 and 260: everyday lives, and therefore at le
Page 261 and 262: COSC/MATH 201: Modeling and Simulat
Page 263 and 264: ehaviors, simplifying assumptions;
Page 265 and 266: MAT 267: Discrete Mathematics, Unio
Page 267 and 268: Identify a problem and analyze it i
Page 269 and 270: CS109 covers: • Counting • Comb
Page 271 and 272: CS 250 - Discrete Structures I, Por
Page 274 and 275: CS 251 - Discrete Structures II, Po
Page 276 and 277: DS Graphs and Trees Tree, tree trav
Page 278 and 279: The course gives an overview to a v
Page 280 and 281: CS371: Computer Graphics, Williams
Page 282 and 283: Texture mapping, including minifica
Page 284 and 285: Other materials are: R and RStudio
Page 286 and 287: 3. Assignment (20% + 10%) Due in we
Page 288 and 289: CO328: Human Computer Interaction,
Page 290 and 291: Human Computer Interaction, Univers
Page 292 and 293: Human-Computer Interaction, Stanfor
Page 294 and 295: Human Information Processing (HIP),
Page 296 and 297: Software and Interface Design, Univ
Page 302 and 303: Ullman and Widom, 2 nd edition, Pre
Page 304 and 305: Technology, Ethics, and Global Soci
Page 306 and 307: SP Professional Communication These
Page 310 and 311: Why do you teach the course this wa
Page 312 and 313: search, probabilistic reasoning, lo
Page 314 and 315: Students are expected to spend abou
Page 316 and 317: CS188: Artificial Intelligence, Uni
Page 318 and 319: Introduction to Artificial Intellig
Page 326 and 327: Computer Networks, Williams College
Page 328 and 329: NC Introduction All 1.5 NC Networke
Page 330 and 331: CSCI 432 Operating Systems, William
Page 332 and 333: OS Security and Protection Access c
Page 334 and 335: Assignment Five: Memory management
Page 340 and 341: Programming Language: C Assignment
Page 342 and 343: Parallel Programming Principle and
Page 344 and 345: PD Parallel Algorithms, Analysis, a
Page 346 and 347: • Grama, A., Gupta, A., Kumar V.
Page 348 and 349:
Body of Knowledge coverage For each
Page 350 and 351:
1: Map-reduce for CS1/WMR 2: Multic
Page 352 and 353:
What is the format of the course Co
Page 354 and 355:
Csc 453: Translators and Systems So
Page 356 and 357:
CSCI 434T: Compiler Design, William
Page 358 and 359:
AR Machine-level representation of
Page 360 and 361:
Why do you teach the course this wa
Page 362 and 363:
Languages and Compilers, Utrecht Un
Page 364 and 365:
COMP 412: Topics in Compiler Constr
Page 366 and 367:
separate compilation is the key fea
Page 368 and 369:
programming languages. A major them
Page 370 and 371:
CSCI 1730: Introduction to Programm
Page 372 and 373:
CSC 2/454: Programming Language Des
Page 374 and 375:
PL Runtime Systems Data layout; sto
Page 376 and 377:
How are students assessed Over 10 w
Page 378 and 379:
Page 380 and 381:
Programming Languages and Technique
Page 382 and 383:
Body of Knowledge coverage KA Knowl
Page 384 and 385:
esults from programming language th
Page 386 and 387:
PL Event-driven and Reactive Progra
Page 388 and 389:
Overall, students learn the followi
Page 390 and 391:
PL Type systems Compositional type
Page 392 and 393:
What is the format of the course Th
Page 394 and 395:
Introduction to Computer Science, H
Page 396 and 397:
PD PD/Parallelism Fundamentals Para
Page 398 and 399:
• Analytical Reasoning: Assertion
Page 400 and 401:
CS1101: Introduction to Program Des
Page 402 and 403:
Finally, the design process from
Page 404 and 405:
documentation activity that occurs
Page 406 and 407:
Page 408 and 409:
SE Software Validation and Verifica
Page 410 and 411:
Cloud computing and the shift in th
Page 412 and 413:
SE-2890 Software Engineering Practi
Page 414 and 415:
Software Development, Quinnipiac Un
Page 416 and 417:
Page 418 and 419:
• Networking subsystem focusing o
Page 420 and 421:
SF Input/output Programmed data tra
Page 422 and 423:
Page 424 and 425:
◦ C preprocessors, multifile prog
Page 426 and 427:
Ethics in Technology (IFSM304), Uni
Page 428 and 429:
Analyze basic logical fallacies in
Page 430 and 431:
Specific topics include: • Capaci
Page 432 and 433:
Additional topics The sustainabilit
Page 434 and 435:
How are students assessed The basic
Page 436 and 437:
Ethics & the Information Age (CSI 1
Page 438 and 439:
SP Intellectual Property Overview a
Page 440 and 441:
privacy. Students are asked to shar
Page 442 and 443:
The Digital Age, Grinnell College G
Page 444 and 445:
AR Digital logic and digital system
Page 446 and 447:
COS 126: General Computer Science,
Page 448 and 449:
Prospective computer science majors
Page 450 and 451:
CSCI 0190: Accelerated Introduction
Page 452 and 453:
An Overview of the Two-Course Intro
Page 454 and 455:
Course textbooks and materials Free
Page 456 and 457:
programming (scripting) is covered
Page 458 and 459:
One way to document this spiral app
Page 460 and 461:
3. Data types and structures 1. pri
Page 462 and 463:
Page 464 and 465:
◦ Comparison of results for small
Page 466 and 467:
Appendix D: Curricular Exemplars Th
Page 468 and 469:
Bluegrass Community and Technical C
Page 470 and 471:
Knowledge Units in a Typical Major
Page 472 and 473:
Notation: < 25% of KU covered # 25-
Page 474 and 475:
Appendix: Information on Individual
Page 476 and 477:
Curricular Analysis The Knowledge U
Page 478 and 479:
Page 480 and 481:
Page 482 and 483:
management, the Internet, e-mail, t
Page 484 and 485:
Mathematical Foundations (two desig
Page 486 and 487:
Multi-paradigm, Introductory Sequen
Page 488 and 489:
Page 490 and 491:
Page 492 and 493:
Additional Comments Although the ex
Page 494 and 495:
CSC 312 - Implementation of Program
Page 496 and 497:
• Biocomputation • Unspecialize
Page 498 and 499:
Page 500 and 501:
Page 502 and 503:
Additional Comments We instituted a
Page 504 and 505:
CS 145: Introduction to Databases T
Page 506 and 507:
Williams College Department of Comp
Page 508 and 509:
Page 510 and 511:
Page 512 and 513:
Possible Curricular Revisions Note
Page 514 and 515:
CSCI 237 - Computer Organization Th
Page 516 and 517:
surface scattering functions, binar
Page 518:
A Cooperative Project of
show all

CS2013-final-report

Create successful ePaper yourself

Delete template?

Save as template?