This repository contains a digitized version of the course content for the CYBR 4580/8950 Certification and Accreditation capstone course at the University of Nebraska at Omaha.
The class materials are best viewed at https://mlhale.github.io/CYBR8950/
In this course, students will extend and apply their knowledge, accumulated from their undergraduate/graduate studies, towards defining, implementing, and assessing secured information systems. Students will demonstrate their ability to specify, apply, and assess different types of countermeasures at different points in a system or enterprise.
I have setup an online discussion board on slack.com for usage in this class. I can create some private channels for you to work in with your project teams (once created), but I want to be able to participate in your conversations - so please use the space on slack.
Go to https://cybr-4580-8950.slack.com and use your unomaha email address to register an account. This will give you access to the course discussion and project collaboration spaces. Use the the general channel, your project channel, or private messages. I expect all project-related communication to live in your slack channel. If you need my attention please use the @mlhale syntax to get my attention.
| Week | Activity |
|---|---|
| 1 | Course introduction, ideation, form pitches. |
| 2 | Intro to Research, short pitch presentations, form teams, begin working on full proposal (Milestone 1) |
| 3 | Project management tooling lab. Team meetings. Work on proposal (milestone 1). |
| 4 | Work on proposal (milestone 1). |
| 5 | Milestone 1 due, 20 minute presentations + 5 minute Q/A, random order. Milestone 2 assigned. |
| 6 | Work on Milestone 2. Team meetings. |
| 7 | Work on Milestone 2. Team meetings. |
| 8 | Work on Milestone 2. Team meetings. |
| 9 | Work on Milestone 2. Team meetings. |
| 10 | Milestone 2 due, 25minute presentations + 5 minute Q/A, random order. Milestone 3 assigned. |
| 11 | No class - Spring break. |
| 12 | Work on Milestone 3. Team meetings. |
| 13 | Work on Milestone 3. Team meetings. |
| 14 | Work on Milestone 3. Team meetings. |
| 15 | Work on Milestone 3. Team meetings. |
| 16 | Finish Milestone 3. Team meetings. (Prep week) |
| 17 | Milestone 3 Due. |
All classroom activities will take place in PKI room 164 (or via Zoom for the 820 section) unless otherwise noted ahead of time. Due to the nature of the course, often meeting rooms will be used for the individual teams meeting.
The structure of the course accommodates two types of projects.
In this project type, students will design, build, and secure a new full-fledged system or create a new, non-trivial, component for an existing system or product. Special attention will be paid towards open source environments. Relevant artifacts generated will include design documentation (use cases, architectures, interaction diagrams, etc), system/component code, unit/acceptance tests, and testing results.
In this project type, students will select an existing product or system and rigorously evaluate it using a combination of system, network, and software testing methods. Relevant artifacts generated will include reversed design docs (i.e. an understanding of how the product works), vulnerability surface analysis documentation, test cases, and analysis results.
Neither breaking nor making are necessarily more difficult than one another. Project difficulty is expected to be relatively uniform and tasking throughout the semester will be roughly equivalent in work hours, even if the nature of the work is quite different by type.
In this track students will select a project from those projects pitched in the first week of class. Projects will be curated from students by Dr. Hale.
In this track students will select or be assigned an existing product or system to develop or evaluate. Projects may originate from external local companies, internal UNO organizations, or external community partners.
- Capstone Pitches Capstone Milestone 1 rubric
- Capstone Milestone 2 rubric
- Capstone Milestone 3 rubric (final)
Please use the evaluation form below to assess your teammates. https://unomaha.az1.qualtrics.com/jfe/form/SV_78KSInR45r2vV89
Regardless of your project type, you will do the following:
(all projects this year were team projects)
- MITRE Cyber Competition --Private repo
- Kendrick Urbaniak
- (others unlisted)
- Stream Splitting Moving Target Defense
- Greg Baltzer
- Luke Zwenger
- Marvin Roe
- Alex Stara
- IoT Forensics
- Ashley Leedom
- Elizabeth Henderson
- Amber Makovica
- Nate Wood
- Ronald Ramierz
(all projects this year were team projects)
- The Impact of Known Vulnerabilities on Layered Solutions
- Brian Mellon
- Karthik Damuliri
- Joe White
- Nathan Henton
- David Phillips
- Container Security
- Dan Ritter
- Kerolos Lotfy
- Alisa Bohac
- Michael Keck
- Alexander Diaz
- VoIP Codec Leakage
- Juan Membreno
- Glenn Anderson
- Kendrick Urbaniak
- Sonia Liu
- Daniel Goudie
- NCCoE Practice Guide Vetting
- Dan Lucier
- Joe Franco
- Cody Ernesti
- Scott Olson
- Liam O'Riordan
- PLC Hacking
- Gary Roth
- Richard Tanner
- Daniel Ritter
- Forensic Tool Deficiency Analysis
- Casey Branan
- Preston Wells
- Brandon Franklin
- Analyzing and Penetration Testing an Amazon Echo Dot
- James Autry
- Matthew Sutton
- Tim Gekas
- Open Source Hypervisor Analysis and Evaluation
- Jesse Hembree
- Afnan Albokhari
- Data Loss Prevention System -- Private
- Leonora Gerlock
- DNS Intrusion Detection System
- Matthew Faltys
- Airlock - a P2P Encrypted Chat and Collaboration tool
- Darian Lepert
- Windows Native Plugin for SFTP interaction -- Private
- Chandler Huston
- Android Process inspector
- Paul Stratman
E-mail: [email protected] (please message me on slack instead of emailing)
- (10%) Participation score (meetings, short tutorial participation, etc)
- (5%) Project pitch
- (20%) Semester Project Milestone 1 (Proposal)
- (30%) Semester Project Milestone 2 (Mid point)
- (35%) Semester Project Milestone 3 (Final)
Each project milestone will have a specific grading rubric that includes the core requirements for the project, any required intermediate milestone goals (such as short progress meetings with the instructor), the project due date, and the list of items that must be submitted. Each project will include a presentation component to be presented in class on the project due date. Projects build upon each other. The final Project is considered to be comprehensive. This means that there is no final exam. Final Project presentations will be presented according to the schedule.
- Class Attendance: You must attend team meetings and presentations. You will receive participation points for being present during team meetings and presentations.
Students will work in groups. The instructor in this class will assign the groups. The capstone class is like the real world – you don’t always get to have your way! Each group will have four members, although obviously there may be an odd group or two depending on the class list.
Group projects will include an individual participation grade worth 60% of the total group points, e.g. a group may make a 100% on a particular project, but an individual with low participation in the group may make a 40%. Participation will be anonymously rated by other group team members and the instructor.
The instructor reserves the right to make a change to any team or any project during the course of the semester for any reason that may or may not be disclosed. Project rescoping will be performed in this event.
As part of UNO’s strategic initiatives, individuals or groups may be partnered with community organizations in Omaha for service learning through the center for community engagement. If community partners can be identified, student projects (group or individual) in the class may work towards meeting community needs. In the event of community projects, appropriate scoping will be considered to ensure that community needs can be met within the time constraints of the coursework.
Sometimes unforeseen events occur or development takes longer than expected. In such cases, project extensions will be allowed. To receive a project extension, individuals or groups must request an extension at least 24hours in advance of the project due date. Extension time frames are at the discretion of the instructor, but generally will not be longer than 1 week. Failure to request an extension 24 hours prior to the due date means that the work is due at the specified time. Late work without a requested extension will receive a 5% point reduction per day up to a total of 40%. Late work submitted 2 weeks after an original (or extended) due date will not be accepted.
Students with disabilities requiring special accommodations must contact disability services. Disability services may be reached by phone at (402) 554-2872 or by email at [email protected].
Students serving in the military requiring special accommodations (e.g. unit deployment) must contact the office of Military and Veteran Services by phone at (402) 554-2349 or by email at [email protected].
The university policies on cheating and plagiarism apply in this course. Except on designated group work, the expectation is that every student will do their own work. Students under suspicion of plagiarism for individual assignment submitted materials will be given an opportunity to defend themselves. If after defense the instructor still believes the work to be plagiarized the department chair will be notified and the grade evaluation for the assignment will be lowered to a value between 50% and 0% at the discretion of the instructor. If a second occurrence of plagiarism occurs, the student will receive an F for the course and the registrar’s office will be notified that the student is not permitted to withdraw from the course. In addition the department chair and dean will be notified.
Conducting your capstone ethically is more important than any potential findings. As a simple ethical standard, make sure the following is always true:
- Get consent. If you do not know if it is ok, ask first.
- Do no harm.
- Report everything. If you discover something, disclose it to the owner without further exploitation - see 1 and 2.
- Do not disclose discovered information to unapproved parties.
- Respect user privacy
- Respect other's rights
The CS and IS programs in the College of IS&T are accredited through ABET (the Accreditation Board for Engineering and Technology. This organization occasionally requires that we keep samples of student work.
The instructor may retain a copy of your exams (with names and any other identifying information removed) for accreditation or pedagogy purposes, unless you specify otherwise in writing.
In addition, the instructor retains the right to use any code or project artifacts developed in the course for pedagogy, research, or service learning purposes. Student web project code developed in the course may be used in future secure project development courses, by the instructor for research purposes, or by designated stakeholders.
CYBR Capstone Copyright (C) 2016-2020 Dr. Matthew L. Hale
CYBER4580/CYBR 8950 and related works by Matt Hale are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
