CSci 454: Computer and Network Security, Spring 2023
General Information
- Instructor: Dmitry Evtyushkin (Personal Website), email: devtyushkin at wm.edu
- Instructor Office hours: TR 3:30PM – 5:00PM on Zoom or by appointment, please notify instructor
-
TA: Md Obaidul Kabir, email: mkabir at wm.edu
- Time and location: TR 2:00PM – 3:20PM, Integrated Science Center 2280
- Deadlines: Add/Drop Feb 3, Withdraw Feb 4 – Mar 27
- Final exam: May 11, 2:00 – 5:00 p.m.
- Please keep checking this website for the latest information regarding the course.
Prerequisites
CSci 303 and CSci 304. Students are expected to have a good understanding of computer organization and programming. In addition, knowledge about computer architecture, operating systems, programming languages and principals of computer systems and networks is recommended.
Course Materials
Recommended Textbook: Computer Security: A Hands-on Approach by Wenliang Du
Other useful books:
- Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar
-
Security in Computing (5th Edition) by Charles P. Pfleeger et al.
- Hacking: The Art of Exploitation by Jon Erickson
- Applied Cryptography by Bruce Schneier
Some useful materials will be shared on Piazza/Discord. Slides will be available on Blackboard.
Course Description
An introduction to the principles and practices of building secure systems. Covered topics include: software attacks (buffer overflow, integer overflow, etc.), malware, systems security, hardware attacks, operating system security, authentication and authorization, basics of cryptography, public key infrastructures, SSL/TLS, web security, IP security, and Denial of Service (DoS) attacks.
Grade Distribution
- In-class/Take home Quizzes – 15pt
- Homework/Programming Assignment (5 to 8) – 30pt
- Midterm exam – 20pt
- Final Exam – 30pt
- Online activity and class participation – 5pt (+ 5pt bonus)
- Bonus points: Undergraduate Research Project – 15pt
Optional Undergraduate Research Project: Bonus 15pt will be awarded if and only if a successful project is completed by the end of the semester (a final report will be due in the finals week). Talk to the instructor if you are interested.
Final letter grades will be given based on the following scale. A >= 93% > A- >= 90% > B+ >= 85% > B >= 80% > B- >= 75% > C+ >= 70% > C >= 65% > C- >= 60% > D+ >= 55% > D >= 53% > D- >= 50% > F Grades may be curved at the instructor’s discretion.
General Information
- Piazza/Discord Poll
- We will use Piazza/Discord for discussions. Announcements will be made through Blackboard/email. If you cannot access Discord, please contact the instructor.
- Lecture slides from the instructor will be uploaded to Blackboard.
- Homework assignments are submitted via Blackboard.
- Grades are reported via Blackboard. Final grades are submitted via Banner.
- Students are expected to attend all lectures.
Homework Assignments
We will use SEED labs for in this course. There will be around 5–8 homework assignments. Some of the assignments are SEED labs, others are programming. It’s recommended to install VirtualBox on your own machine and download the SEEDUbuntu20.04 virtual machine image. If you have root access to a Linux system you can use it instead. VirtualBox is installed on CS lab machines. However, the image must be downloaded into the scratch directory. If you need assistance, please ask the techies.
Submissions, Grading, and Deadlines
Homework Assignments and Reports should be submitted electronically (no hard copies) through Blackboard by midnight on the due date in a format accepted by Blackboard. If assignment requires you to submit code, place all code and Makefiles in a directory, compress it (zip or tar.gz) and upload the archive.
Some homeworks may carry more points than others.
Submission deadlines are hard. However, we do have a late/miss policy:
Late HWs are accepted with 20% penalty for each day they are late by.
If you miss an exam or quiz, you will get zero points. Single lowest score on the quizzes will be dropped.
Exceptions will be handled case by case and will only be considered under a university-approved condition with a written proof.
You are encouraged to discuss the assignments and homeworks with your fellow students, especially on Piazza/Discord, but avoid asking and answering too direct questions. Everybody must submit their original work.
Exams & Quizzes
Quizzes are take home with few exceptions.
Exams are closed book. However, you will be allowed to use a single page handwritten cheat sheet (two-sided). Midterm exam is 1 hour 20 minutes long. The final exam is 3 hours. No collaboration is allowed on exams and quizzes. Due to COVID, instructor may choose to issue exams as take-home.
Semester Schedule (This is a tentative schedule watch for updates!)
| Week | Lecture | Date | Topic | Reading | Deadlines |
|---|---|---|---|---|---|
| 1 | 1 | Thu, Jan 26, 23 | Introduction to the Course | ||
| 2 | 2 | Tue, Jan 31, 23 | Security fundamentals | ||
| 3 | Thu, Feb 2, 23 | Trust and trustworthiness, threat models | |||
| 3 | 4 | Tue, Feb 7, 23 | Access Control & Permissions | ||
| 5 | Thu, Feb 9, 23 | Access Control & Permissions | |||
| 4 | 6 | Tue, Feb 14, 23 | Cryptography basics | ||
| 7 | Thu, Feb 16, 23 | Cryptography basics II | |||
| 5 | 8 | Tue, Feb 21, 23 | Block Ciphers | ||
| 9 | Thu, Feb 23, 23 | Block Ciphers | |||
| 6 | 10 | Tue, Feb 28, 23 | Hashes, Public Key Cryptography | ||
| 11 | Thu, Mar 2, 23 | Public Key Cryptography II | |||
| 7 | 12 | Tue, Mar 7, 23 | Public Key Cryptography III | ||
| 13 | Thu, Mar 9, 23 | Applications of Cryptography | |||
| 8 | Tue, Mar 14, 23 | Spring Break | |||
| Thu, Mar 16, 23 | Spring Break | ||||
| 9 | 14 | Tue, Mar 21, 23 | Midterm Overview | ||
| 15 | Thu, Mar 23, 23 | Midterm Exam | |||
| 10 | 16 | Tue, Mar 28, 23 | Memory Organization, Stack, ABI | ||
| 17 | Thu, Mar 30, 23 | Buffer Overflow Attacks and Protections | |||
| 11 | 18 | Tue, Apr 4, 23 | Buffer Overflow Attacks and Protections II | ||
| 12 | 19 | Thu, Apr 6, 23 | Code Reuse Attacks and Protections | ||
| 20 | Tue, Apr 11, 23 | Integer Overflow and Format String Attacks, Protections | |||
| 13 | 21 | Thu, Apr 13, 23 | Malware & Defense Techniques | ||
| 22 | Tue, Apr 18, 23 | Web Application Security | |||
| 14 | 23 | Thu, Apr 20, 23 | Web Application Security II | ||
| 24 | Tue, Apr 25, 23 | TLS/SSL, HTTPS | |||
| 15 | 25 | Thu, Apr 27, 23 | Network security I | ||
| 26 | Tue, May 2, 23 | Network security II | |||
| 27 | Thu, May 4, 23 | Final Exam Overview | |||
| Finals week | May 11, 2023 | Final Exam |
CSci 554
Graduate students enrolled in CSci 554 are required to complete a semester long research project. Please contact the instructor to select your project topic. All project must be approved by instructor. You may choose to do detailed survey.
Project determination:
Please send an email to the instructor by the deadline (Mar 1) containing:
- Project Name (think of this as your paper/report title)
- Problem Statement
- Expected Steps (setting up infrastructure, implementation, performing experiment, data analyses, etc.)
- Expected/possible outcome and contribution
Final report
Please submit your final report via email your final project report in PDF format. Please use the ACM sigconf format. The expected length of your project is 4-8 pages. Your report should have following sections:
- Abstract
- Introduction (with problem statement)
- Threat model (if you are studying an attack or protection)
- Background and Related Work
- Implementation (or Analysis if you are doing a survey)
- If you are proposing some security solution, also include a security analyses section
- Results
- Conclusions
- References
If you need any help with the project or have any questions, contact the instructor during office hours. If you require access to computational resources or hardware, talk to the instructor.
Grade Distribution for CSci 554
- Quizzes - 15pt
- Project – 20pt
- Homework Assignments – 15pt
- Midterm exam – 20pt
- Final Exam – 30pt
Final letter grades will be given based on the standard scale used in WM. Grades may be curved at the instructor’s discretion.
Helpful Services
The Writing Resources Center (WRC) can help when students have questions about how to construct an argument, deliver a presentation, use and cite sources, and more. Please visit the WRC website to request a class visit, tour, or brochures. The Writing Resources Center, located on the first floor of Swem Library, is a free service provided to W&M students. Trained consultants offer individual assistance with writing, presentation, and other communication assignments across disciplines and at any stage, from generating ideas to polishing a final product.
Mental and Physical Well-Being:
William & Mary recognizes that students juggle different responsibilities and can face challenges that make learning difficult. There are many resources available at W&M to help students navigate emotional/psychological, physical/medical, material/accessibility concerns, including:
- The W&M Counseling Center at (757) 221-3620. Services are free and confidential.
- The W&M Health Center at (757) 221-4386.
- For additional support or resources & questions, Contact the Dean of Students at 757-221-2510.
- For other resources available to students, see the document
Academic Accommodations
It is the policy of The College of William and Mary to accommodate students with disabilities and qualifying diagnosed conditions in accordance with federal and state laws. Any student who feels s/he may need an accommodation based on the impact of a learning, psychiatric, physical, or chronic health diagnosis should contact Student Accessibility Services staff at 757-221-2509 or at sas@wm.edu to determine if accommodations are warranted and to obtain an official letter of accommodation. For more information, please click here.
Ethics Statement
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.
When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.
Students must agree not to use the knowledge learned from this course to break into or otherwise compromise systems uninvited.
Honor Code
Students are required to follow the Honor System of the College of William and Mary.
The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the W&M Student Code from here
Violation of the Honor code will result in F grade and refer the student to the appropriate University bodies for possible further action.
Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.