INFO 415: Emerging Topics in Information Assurance and Cybersecurity

Instructor: Lindah Kotut
Meeting Times: Tuesday, Thursday 3:30pm - 5:20pm (SAV 132)
TA: Linda Chen
Office Hours: See Canvas

Course Description

This course examines the emerging trends in cybersecurity and information assurance. It considers implications on people (individual users, groups, and even countries), devices (from internet of things to critical infrastructure) and domains (from healthcare to artificial intelligence). The class is designed not only to allow you to be in the know regarding what is happening in the cybersecurity realm, but it is also to prepare you for either the job market or for a deeper research into the domain.

All upto date information will be posted on Canvas.

Course Schedule: Autumn 2021

Week/Dates	Topic	Description	Readings	Due
Week 1: Sep 29	Introduction	Course welcome and orientation, then general overview of the topic we will cover this quarter.	Security Posture Chapter from Cybersecurity--Attack and Defense Strategies: Infrastructure Security with Red Team and Blue Team Tactics, by Yuri Diogenes and Erdal Ozkaya Information Assurance Chapter from the Information assurance handbook: effective computer security and risk management strategies by Corey Schou and Steven Hernandez	Assignment 1: Self-Review
Week 2: Oct 4	Authentication	We'll cover the foundational aspects of authentication: Permissions, access control and passwords. The focus will primarily be on the end-user and various security concerns.	"Accounts and Identity" (Chapter 14) from Threat Modeling : Designing for Security by Adam Shostack	Quick Reflection 1
Week 2: Oct 6		We'll build on the foundation, and consider current landscape (and what the future brings). We switch focus to considering the sources and methods behind examples of breaches, and the support structures. We'll also talk about the structure of case studies. We'll also discuss options about your final project.	Case Studies: T-Mobile Breach (2021); Facebook Data Exposure (2019); and ClearViewAI (2020)	Assignment 2: Authentication
Week 3: Oct 11	Spam, Phishing & Ransomware	We'll consider the Small "phish" and discuss the fundamentals, the types of weaknesses, motivation for attacks and defense strategies.	"Banking On Phishing" (Chapter 1) from Phishing Exposed by Lance James (Optional)"Catching Phishers By Their Bait: Investigating the Dutch Phishing Landscape through Phishing Kit Detection" by Bijmans et al (Usenix 2021)	Quick Reflection 2
Week 3: Oct 13		We'll turn our attention to the Big "phish" and consider massive infrastructure and state actors.	Case Studies: Colonial Pipeline Ransomware (2021), JBS Meat Plant ransomware (2021); Microsoft Exchange Server Breaches (2021)	Assignment 3: Spam, Phishing and Ransomware Submit final group names and topic
Week 4: Oct 18	Risk Assesment	We consider risk assessment from the individual level and work our way up. We cover topics like: vulnerability scanning, asset inventory, nth-party risk, pen testing, source-code scanning, blackboxes vs whiteboxes, blue/red teaming, social engineering	TBD	Quick Reflection 3
Week 4: Oct 20		Security Architecture: From organization (e.g. access control and identity management) to government level.	TBD	Assignment 4: Final project pitch/draft (about 2 pages)
Week 5: Oct 25	Governance, Surveillance and Cyberwarfare	Matters democracy, censorship and attacking in the name of country. We discuss WAR! (maybe) and how different countries are impacted, mitigation strategies and what the future augurs.	"When we Police" (Chapter 5) from The Rise of Big Data Policing: Surveillance, Race, and the Future of Law Enforcement by Andrew Guthrie Ferguson "Offensive Cyber Operations by Nation- State Actors" (Chapter 10) from Cyberwarfare: an Introduction to Information-Age Conflict by Isaac R. Porche	Quick Reflection 4 I will provide feedback to the final project pitch
Week 5: Oct 27	MIDTERM	Each group will give their initial presentation and submit the finalized project document. Class members will provide written feedback. Specific instructions to come.
Week 6: Nov 1	Privacy and Privacy Enhancing Technologies	We'll talk about user expectations (including those that cannot give informed consent), the existing laws, and how all these impact design Decisions--for good and for ill.	Coded Exposure Is Visibility a Trap?" (Chapter 3) from Race after technology: Abolitionist Tools for the New Jim Code by Ruha Benjamin "Evaluating the Contextual Integrity of Privacy Regulation: Parents' IoT Toy Privacy Norms Versus COPPA" by Noah Apthorpe, Sarah Varghese, and Nick Feamster. USENIX '19 "Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence" by Midas Nouwens, Ilaria Liccardi, Michael Veale, David Karger, and Lalana Kagal. CHI Conference on Human Factors in Computing Systems (CHI '20)	Quick Reflection 5
Week 6: Nov 3		We talk about malicious compliance, trickeries and other hijinks.	"Dark Patterns: Past, Present, and Future: The evolution of tricky user interfaces" by Arvind Narayanan, Arunesh Mathur, Marshini Chetty, and Mihir Kshirsagar. Communications of the ACM. 2020. "Human Factors and Usability" (Chapter 15) from Threat Modeling : Designing for Security by Adam Shostack.	Assignment 5: Privacy
Week 7: Nov 8	Artificial Intelligence	While we focus on these complex systems, you will find that they touch on other domains: Artificial Intelligence and Ethics for example. We'll start from discussing the security landscape and then go from there.	TBD	Quick Reflection 6
Week 7: Nov 10		We'll continue our discussion on Artificial Intelligence	TBD
Week 8: Nov 15	Internet of Things	Does anyone have an exhaustive list of these... things? This first week is understanding both the landscape and the security requirements and concerns.	Skim both, pick one: "Exploring How Privacy and Security Factor into IoT Device Purchase Behavior" by Pardis Emami-Naeini, Henry Dixon, Yuvraj Agarwal, and Lorrie Faith Cranor. CHI Conference on Human Factors in Computing Systems Proceedings (CHI 2019) "Security and Privacy Requirements for the Internet of Things: A Survey" by Nada Alhirabi, Omer Rana, and Charith Perera. ACM Transactions on Internet Things. 2021.	Quick Reflection 7 Group Check-in #1
Week 8: Nov 17		We build on our knowledge by considering case studies of breaches, and what they reveal about the future of securing (if this is even possible).	"Understanding the Mirai Botnet" by Manos Antonakakis et al. USENIX '17. "Shattered Chain of Trust: Understanding Security Risks in Cross-Cloud IoT Access Delegation" by Bin Huan et al. USENIX '20.	Assignment 5: Privacy Group check-in #2
Week 9: Nov 22	Automotive, Drone and Robot Security	Smart vehicle, swarm robots and the security implications of new tech	Skim both, pick one: "This Car Won't Drive Itself" (Chapter 8) from Artificial Unintelligence: How Computers Misunderstand the World by Meredith Broussard "Security, Privacy, and Safety Aspects of Civilian Drones: A Survey" by Riham Altawy and Amr Youssef. ACM Transaction on Cyber-Physical Systems. 2016.	Quick Reflection 8
Week 9: Nov 24		Thanksgiving Holiday. No class.
Week 10: Nov 29	Blockchain	Understanding Blockchain, its applications and the user perceptions surrounding its security.	"Bitcoin: A Peer-to-Peer Electronic Cash System" by Satoshi Nakamoto "Don’t Lose Your Coin! Investigating Security Practices of Cryptocurrency Users" by Michael Fröhlich, Felix Gutjahr, and Florian Alt (DIS 2020) "Bits Under the Mattress: Understanding Different Risk Perceptions and Security Behaviors of Crypto-Asset Users" by Svetlana Abramova, Artemij Voskobojnikov, Konstantin Beznosov, and Rainer Böhme. In CHI Conference on Human Factors in Computing Systems (CHI '21)	Quick Reflection 9
Week 10: Dec 1		Blockchain application across domains. We discuss information assurance and security implications.	Applications: Business, cryptocurrency (beyond the user expectations), the ballot, cross-discipline applications (and conflicts)	Assignment 7: Blockchain
Week 11: Dec 6	Conclusion	Wrap-up and project presentations
Week 11: Dec 8		Wrap-up and project presentations. You can submit your reports at this time as well, although the final deadline is by 11:59pm PT on December 15, 2022. (We do not have a final exam)

Grading and Late Submission Policy

There are four groups of assignments that will determine your final grade for this class:

• 35% : Weekly "Quick Reflections"
• 30% : Assignments
• 10% : Midterm (5% presentation grade, 5% feedback to classmates grade)
• 25% : Final Project (includes 5% for presentation grade)

Late Policy

• The Quick Reflections are due on Tuesdays by 11:59pm. There are no late days, but the lowest grade will be dropped.
• The Assignments are on Friday by 11:59pm. You each have 5 "bank days" that allow you to submit one or more of your assignment late with no explanation. For example, you can can submit three assignments a day late and a fourth assignment two days late. When you wish to use your bank days, let the TA know and they will adjust the due date for your assignment so that you are able to submit late.
• The Midterm and Final Project do not have a late submission allowance.
• If you are having trouble keeping up with the class pace, are generally struggling, let me know and we'll work on making sure you have the resources to succeed.