CSci 454: Computer and Network Security, Spring 2022
General Information
- Instructor: Dmitry Evtyushkin (Personal Website)
- Email: devtyushkin at wm.edu
-
Instructor Office hours: TR 2:00PM – 3:30PM on Zoom or by appointment, please notify instructor
- Time and location: TR 12:30PM – 1:50PM, McGlothlin-Street 20
- Deadlines: Add/Drop Feb 4, Withdraw Mar 28
- Final exam: May 12, 9:00 am – 12:00 noon
- Please keep checking this website for the latest information regarding the course.
Prerequisites
CSci 303 and CSci 304. Students are expected to have a good understanding of computer organization and programming. In addition, knowledge about computer architecture, operating systems, programming languages and principals of computer systems and networks is recommended.
Course Materials
Recommended Textbook: Computer Security: A Hands-on Approach by Wenliang Du
Other useful books:
- Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar
-
Security in Computing (5th Edition) by Charles P. Pfleeger et al.
- Hacking: The Art of Exploitation by Jon Erickson
- Applied Cryptography by Bruce Schneier
Some useful materials will be shared on Discord. Slides will be available on Blackboard.
Course Description
An introduction to the principles and practices of building secure systems. Covered topics include: software attacks (buffer overflow, integer overflow, etc.), malware, systems security, hardware attacks, operating system security, authentication and authorization, basics of cryptography, public key infrastructures, SSL/TLS, web security, IP security, and Denial of Service (DoS) attacks.
Grade Distribution
- In-class/Take home Quizzes – 15pt
- Homework/Programming Assignment (5 to 8) – 30pt
- Midterm exam – 20pt
- Final Exam – 30pt
- Online activity and class participation – 5pt (+ 5pt bonus)
- Bonus points: Undergraduate Research Project – 15pt
Optional Undergraduate Research Project: Bonus 15pt will be awarded if and only if a successful project is completed by the end of the semester (a final report will be due in the finals week). Talk to the instructor if you are interested.
Final letter grades will be given based on the following scale. A >= 95% > A- >= 90% > B+ >= 85% > B >= 80% > B- >= 75% > C+ >= 70% > C >= 65% > C- >= 60% > D+ >= 55% > D >= 53% > D- >= 50% > F Grades may be curved at the instructor’s discretion.
General Information
- We will use Discord for discussions. Announcements will be made through Blackboard/email. If you cannot access Discord, please contact the instructor.
- Lecture slides from the instructor will be uploaded to Blackboard.
- Homework assignments are submitted via Blackboard.
- Grades are reported via Blackboard. Final grades are submitted via Banner.
- Students are expected to attend all lectures.
Homework Assignments
We will use SEED labs for in this course. There will be around 5–8 homework assignments. Some of the assignments are SEED labs, others are programming. It’s recommended to install VirtualBox on your own machine and download the SEEDUbuntu16.04 virtual machine image. If you have root access to a Linux system you can use it instead. VirtualBox is installed on lab machines. However, the image must be downloaded into the scratch directory. If you need assistance, please ask the techies.
Submissions, Grading, and Deadlines
Homework Assignments and Reports should be submitted electronically (no hard copies) through Blackboard by midnight on the due date in a format accepted by Blackboard. If assignment requires you to submit code, place all code and Makefiles in a directory, compress it (zip or tar.gz) and upload the archive.
Some homeworks may carry more points than others.
Submission deadlines are hard. However, we do have a late/miss policy:
Late HWs are accepted with 20% penalty for each day they are late by.
If you miss an exam or quiz, you will get zero points. Single lowest score on the quizzes will be dropped.
Exceptions will be handled case by case and will only be considered under a university-approved condition with a written proof.
You are encouraged to discuss the assignments and homeworks with your fellow students, especially on Discord, but avoid asking and answering too direct questions. Everybody must submit their original work.
Exams & Quizzes
Exams & Quizzes are closed book. However, you will be allowed to use a single page handwritten cheat sheet (two-sided). Midterm exam is 1 hour 20 minutes long. The final exam is 3 hours. No collaboration is allowed on exams and quizzes. Due to COVID, instructor may choose to issue exams as take-home.
Semester Schedule (This is a tentative schedule watch for updates!)
| Week | Lecture | Date | Topic | Reading | Deadlines |
|---|---|---|---|---|---|
| 1 | 1 | Thu, Jan 27, 22 | Introduction to the Course | ||
| 2 | 2 | Tue, Feb 1, 22 | Security fundamentals, trust and trustworthiness, threat models | ||
| 3 | Thu, Feb 3, 22 | Attacks at different levels | |||
| 3 | 4 | Tue, Feb 8, 22 | Authentication, Acess Control, Permissions I | ||
| 5 | Thu, Feb 10, 22 | Authentication, Acess Control, Permissions II | |||
| 4 | 6 | Tue, Feb 15, 22 | Memory Organization, Stack, ABI | ||
| 7 | Thu, Feb 17, 22 | Buffer Overflow Attacks and Protections | |||
| 5 | 8 | Tue, Feb 22, 22 | Buffer Overflow Attacks and Protections II | ||
| 9 | Thu, Feb 24, 22 | Code Reuse Attacks and Protections | |||
| 6 | 10 | Tue, Mar 1, 22 | Integer Overflow and Format String Attacks, Protections I | ||
| 11 | Thu, Mar 3, 22 | Integer Overflow and Format String Attacks, Protections II | |||
| 7 | 12 | Tue, Mar 8, 22 | Malware | ||
| Thu, Mar 10, 22 | Midterm | ||||
| 8 | Tue, Mar 15, 22 | Spring Break Day | |||
| Thu, Mar 17, 22 | Spring Break Day | ||||
| 9 | 13 | Tue, Mar 22, 22 | Cryptography basics | ||
| 14 | Thu, Mar 24, 22 | Cryptography basics II | |||
| 10 | 15 | Tue, Mar 29, 22 | Block Ciphers | ||
| 16 | Thu, Mar 31, 22 | Block Ciphers | |||
| 11 | 17 | Tue, Apr 5, 22 | Hashes, Public Key Cryptography | ||
| 12 | 18 | Thu, Apr 7, 22 | Public Key Cryptography II | ||
| 19 | Tue, Apr 12, 22 | Public Key Cryptography III | |||
| 13 | 20 | Thu, Apr 14, 22 | Web Application Security | ||
| 21 | Tue, Apr 19, 22 | Web Application Security II | |||
| 14 | 22 | Thu, Apr 21, 22 | TLS/SSL, HTTPS | ||
| 23 | Tue, Apr 26, 22 | Network security I | |||
| 15 | 24 | Thu, Apr 28, 22 | Network security II | ||
| 25 | Tue, May 3, 22 | Denail of Service Attacks (DoS) and defenses | |||
| 26 | Thu, May 5, 22 | Final Exam Overview | |||
| Finals week | May 12, 2022 | 9:00 - 12:00 |
CSci 554
Graduate students enrolled in CSci 554 are required to complete a semester long research project. Please contact the instructor to select your project topic. All project must be approved by instructor. You may choose to do detailed survey.
Project determination:
Please send an email to the instructor by the deadline (Mar 1) containing:
- Project Name (think of this as your paper/report title)
- Problem Statement
- Expected Steps (setting up infrastructure, implementation, performing experiment, data analyses, etc.)
- Expected/possible outcome and contribution
Final report
Please submit your final report via email your final project report in PDF format. Please use the ACM sigconf format. The expected length of your project is 4-8 pages. Your report should have following sections:
- Abstract
- Introduction (with problem statement)
- Threat model (if you are studying an attack or protection)
- Background and Related Work
- Implementation (or Analysis if you are doing a survey)
- If you are proposing some security solution, also include a security analyses section
- Results
- Conclusions
- References
If you need any help with the project or have any questions, contact the instructor during office hours. If you require access to computational resources or hardware, talk to the instructor.
Grade Distribution for CSci 554
- Quizzes - 15pt
- Project – 20pt
- Homework Assignments – 15pt
- Midterm exam – 20pt
- Final Exam – 30pt
Final letter grades will be given based on the standard scale used in WM. Grades may be curved at the instructor’s discretion.
Helpful Services
The Writing Resources Center (WRC) can help when students have questions about how to construct an argument, deliver a presentation, use and cite sources, and more. Please visit the WRC website to request a class visit, tour, or brochures. The Writing Resources Center, located on the first floor of Swem Library, is a free service provided to W&M students. Trained consultants offer individual assistance with writing, presentation, and other communication assignments across disciplines and at any stage, from generating ideas to polishing a final product.
Academic Accommodations
It is the policy of The College of William and Mary to accommodate students with disabilities and qualifying diagnosed conditions in accordance with federal and state laws. Any student who feels s/he may need an accommodation based on the impact of a learning, psychiatric, physical, or chronic health diagnosis should contact Student Accessibility Services staff at 757-221-2509 or at sas@wm.edu to determine if accommodations are warranted and to obtain an official letter of accommodation. For more information, please click here.
Honor Code
Students are required to follow the Honor System of the College of William and Mary.