https://github.com/extwiii/cybersecurity-university.of.maryland

Cybersecurity Specialization - Cybersecurity Fundamentals. Construction of Secure Systems - Coursera
https://github.com/extwiii/cybersecurity-university.of.maryland

cyber-security cybersecurity maryland security

Last synced: 16 days ago
JSON representation

Cybersecurity Specialization - Cybersecurity Fundamentals. Construction of Secure Systems - Coursera

• Host: GitHub
• URL: https://github.com/extwiii/cybersecurity-university.of.maryland
• Owner: extwiii
• License: apache-2.0
• Created: 2017-03-25T00:30:54.000Z (almost 8 years ago)
• Default Branch: master
• Last Pushed: 2017-04-03T23:42:22.000Z (almost 8 years ago)
• Last Synced: 2024-11-29T23:12:14.570Z (3 months ago)
• Topics: cyber-security, cybersecurity, maryland, security
• Size: 113 KB
• Stars: 6
• Watchers: 4
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Cybersecurity-University.of.Maryland :white_check_mark:

Cybersecurity Specialization - Cybersecurity Fundamentals. Construction of Secure Systems - Coursera

## Course 1 - Usable Security

* Fundamentals of Human-Computer Interaction

  * Integrate an understanding of human abilities with technological demands

  * Develop task lists

  * Identify usability issues, problems, and successes

  * [Usability 101](https://www.nngroup.com/articles/usability-101-introduction-to-usability/)

  * [Human-Computer Interaction](http://fit.mta.edu.vn/files/DanhSach/__Human_computer_interaction.pdf)

  

* Design

  * Exercise design methodology to develop an interface

  * Choose appropriate design techniques for your task

  * See how design lessons apply to building secure systems

  * [Crying Wolf: An Empirical Study of SSL Warning Effectiveness](https://www.usenix.org/legacy/event/sec09/tech/full_papers/sec09_browser.pdf)

  * [Human-Centered Design](http://www.ted.com/talks/david_kelley_on_human_centered_design)

  * [How to brainstorm-video tutorials](https://dschool-old.stanford.edu/groups/k12/wiki/3bae4/How_to_brainstorm__video_tutorials.html)

  

* Evaluation

  * Perform qualitative usability analysis

  * Run quantitative analyses

  * Execute a usability study

  * Read and analyze evaluations conducted by others

  * [You've been warned: an empirical study of the effectiveness of web browser phishing warnings](http://repository.cmu.edu/cgi/viewcontent.cgi?article=1023&context=isr&sei-redir=1&referer=http%3A%2F%2Fscholar.google.com%2Fscholar%3Fhl%3Den%26q%3Dphishing%2Bwarnings%26btnG%3D%26as_sdt%3D1%252C21%26as_sdtp%3D#search=%22phishing%20warnings%22)

  * [Introduction to Usability Testing](https://designhammer.com/services/usability/introduction)

* Strategies for Secure Interaction Design

  * Apply guidelines for creating usable security

  * Analyze the delegation of authority in secure systems

  * Understand how guidelines are applied (or not) in existing systems and how it affects usability

  * [Secure Interaction Design](http://sid.toolness.org/ch13yee.pdf)

* Usable Authentication

  * Describe many types of authentication mechanisms

  * Understand the usability of various authentication mechanisms and how they relate to security

  * [Your Online Secrets](https://www.psychologytoday.com/blog/your-online-secrets/201410/the-psychology-choosing-passwords)

  * [The Usability of Passwords](https://www.baekdal.com/insights/password-security-usability)

  * [Smudge Attacks on Smartphone Touch Screens](https://www.usenix.org/legacy/event/woot10/tech/full_papers/Aviv.pdf)

  * [XKCD Password Security](https://xkcd.com/936/)

  

* Usable privacy

  * Design usable privacy systems

  * Help users express privacy preferences

  * Evaluate the usability of privacy systems

  * [Why we overshare online](https://www.psychologytoday.com/blog/your-online-secrets/201410/why-we-overshare-online)

  * [Five Pitfalls for Designers](http://repository.cmu.edu/cgi/viewcontent.cgi?article=1077&context=hcii&sei-redir=1)

  * [Informed Consent by Design](https://d3c33hcgiwev3.cloudfront.net/_cd7d40dc30e8eea51dc78591863ea853_ch24friedman.pdf?Expires=1490745600&Signature=Wze1kWEZkQIj2P-p2xzER9M~pTrUWdTz4M8ApScqmAGWkStPNJRvRUHsXCsrRAk5NcdaXz9wzK8RL~xSsodGo0GWefJOTVefON2sv9pNY3bDuDtgRmodZjyB8bjNsQPV0tCl-ag0s0Z-HOuhX9uckvgX8Vza4wnGwpYzuDGcTHI_&Key-Pair-Id=APKAJLTNE6QMUY6HBC5A)

## Course 2 - Software Security 

* LOW-LEVEL SECURITY

  * Understand the standard memory layout of running processes on the x86 architecture

  * Identify buffer overflows and related memory-based vulnerabilities in C programs, such as those based on format strings

  * Construct a simple exploit of a buffer overflow

  * Understand how exploits can inject remote code, and perform other security compromises

  * [Common vulnerabilities guide for C programmers](https://security.web.cern.ch/security/recommendations/en/codetools/c.shtml)

  * [Memory Layout of C Programs](http://www.geeksforgeeks.org/memory-layout-of-c-program/)

  

* DEFENDING AGAINST LOW-LEVEL EXPLOITS

  * Comprehend the meaning of the properties memory safety, and type safety

  * Memory-based attacks, including stack canaries, data execution protection (DEP), and address space layout randomization (ASLR)

  * Understand how attacks based on return-oriented programming (ROP) work

  * Understand the concept of control-flow integrity (CFI) and how it can defeat ROP-based attacks

  * [What is memory safety?](http://www.pl-enthusiast.net/2014/07/21/memory-safety/)

  * [What is type safety?](http://www.pl-enthusiast.net/2014/08/05/type-safety/)

* WEB SECURITY

  * Understand how SQL injection attacks affect web application back ends

  * Session hijacking and Cross-site Request Forgery (CSRF) attacks

  * Understand how popular, browser-executed Javascript programs can be used incorrectly by web sites

  * Focus on employing input validation and sanitization

  * [SQL Injection](https://www.owasp.org/index.php/SQL_Injection)

  * [SQL Injection Cheat Sheet](https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/)

  * [2011 CWE/SANS Top 25 Most Dangerous Software Errors](http://cwe.mitre.org/top25/)

  

* SECURE SOFTWARE DEVELOPMENT

  * Enumerate a series of design principles for writing secure software

  * Explain how such principles can be violated, pointing to actual incidents

  * Put these principles into practice by drawing inspiration from well-designed, secure systems

  * [The Protection of Information in Computer Systems](http://web.mit.edu/Saltzer/www/publications/protection/)

  * [Avoiding the Top 10 Software Security Design Flaws ](http://cybersecurity.ieee.org/blog/2015/11/13/avoiding-the-top-10-security-flaws/)

  * [Building Security In](http://www.swsec.com/)

  

* PROGRAM ANALYSIS

  * Know what static analysis (SA) and symbolic execution (SE) are, how they compare, and why they are hard

  * Understand the basics of each approach

  * Understand how to improve the precision and scalability of each approach

  * [What is noninterference, and how do we enforce it?](http://www.pl-enthusiast.net/2015/03/03/noninterference/)

  * [Using Static Analysis to Find Bugs in the Real World](http://cacm.acm.org/magazines/2010/2/69354-a-few-billion-lines-of-code-later/fulltext)

  

* PEN TESTING

  * Understand what penetration testing is and what it achieves

  * Know the basics of several state-of-the-art penetration testing tools

  * Understand fuzz testing techniques and how they compare

  * [Ware report](http://www.rand.org/pubs/reports/R609-1/index2.html)

  * [Defcon CTF contest](https://www.defcon.org/html/links/dc-ctf.html)

## Course 3 - Cryptography

* Introduction and Classical Cryptography

  * Private-key encryption

  * Classical encryption schemes

  * Notion of perfect secrecy, and present a scheme that provably achieves this notion of security

* Computational Secrecy and Principles of Modern Cryptography

  * Computational security, central concept of modern cryptography

  * Pseudorandom generator, also known as a stream cipher in practice

  * Roof by reduction, a powerful technique for proving schemes secure

* Private-Key Encryption

  * Private-key encryption by looking at stronger security notions and efficient schemes achieving them

  * Pseudorandom functions (aka, block ciphers)

  * Security against chosen-ciphertext attacks

  * Padding-oracle attack

* Message Authentication Codes

  * Message integrity

  * Message authentication codes

  * Secrecy and integrity in authenticated encryption

  * Secure communication sessions

* Number Theory

  * Public-key cryptography in group theory and number theory

  * Number-theoretic assumptions

  * Hardness of factoring, and the related RSA problem

  * Discrete logarithms in certain groups, and Diffie-Hellman problems

* Key Exchange and Public-Key Encryption

  * Public-key cryptography (in general) and public-key encryption (in particular)

  * Diffie-Hellman key-exchange protocol

  * Public-key encryption schemes based on both the discrete-logarithm (technically, decisional Diffie-Hellman) problem, and the RSA problem

* Digital Signatures

  * Digital signatures, which can be used to provide integrity in the public-key setting

  * Signature constructions based on the RSA and discrete-logarithm problems

  * Important application of digital signatures to public-key distribution in today's Internet

  * SSL/TLS protocol, which you are using right now as you view this page

## Course 4 - Hardware Security

* Digital System Design: Basics and Vulnerabilities

  * Understand how digital system is specified, implemented, and optimized

  * Learn what are sequential systems and how they are designed

  * Identify the don't care conditions introduced during the design process

  * Know that there exist security and trust vulnerabilities in hardware

* Design Intellectual Property (IP) Protection

  * Learn self-protection techniques for design IPs: watermarking, fingerprinting, metering

  * Assess the trade-off among security, cost and performance

* Physical Attacks and Modular Exponentiation

  * Understand the vulnerability to a system from hardware (physical attacks)

  * Learn the available countermeasures to physical attacks

  * Perform security evaluation for the hardware implementation of security modules

  * Modular exponentiation, various ways to evaluate it and the security vulnerability

  * [Physical Attacks and Tamper Resistance](http://www.cl.cam.ac.uk/~sps32/PartII_030214.pdf)

* Side Channel Attacks

  * Learn the vulnerabilities of information leak from side channels

  * Understand how attacks can be launched from various side channels

  * Consider the potential side channel information leak when you design a secure system

  * Get better understanding on how to implement security primitives such as RSA securely

* Hardware Trojan and Physical Unclonable Functions

  * Understand various kind of hardware Trojan and how they work

  * Know the popular hardware Trojan detection approaches

  * Study several practical methods for hardware Torjan prevention

  * Expose the concept of trusted integrated circuits and how to build trust in ICs

* Emerging Hardware Security Topics

  * Know the basics of TPM

  * Understand what is PUF and how it can help to build more secure system

  * Learn the vulnerabilities and countermeasures in FPGA design and FPGA-based systems

#### Taught by: 

#### Jennifer Golbeck, Director, Human-Computer Interaction Lab

#### Michael Hicks, Professor, Department of Computer Science

#### Jonathan Katz, Director, Maryland Cybersecurity Center

#### Gang Qu, Associate Professor, Electrical and Computer Engineering

### Rating :full_moon::full_moon::full_moon::full_moon::full_moon::full_moon::full_moon::new_moon::new_moon::new_moon:

### Difficulty :full_moon::full_moon::full_moon::full_moon::full_moon::full_moon::full_moon::new_moon::new_moon::new_moon:

### Created By Bilal Cagiran | [E-Mail](mailto:[email protected]) | [Github](https://github.com/extwiii/) | [LinkedIn](https://linkedin.com/in/bilalcagiran) | [CodePen](http://codepen.io/extwiii/) | [Blog/Site](http://bilalcagiran.com) | [FreeCodeCamp](https://www.freecodecamp.com/extwiii)