CSci 454: Computer and Network Security, Spring 2024

General Information


CSci 303 and CSci 304. Students are expected to have a good understanding of computer organization and programming. In addition, knowledge about computer architecture, operating systems, programming languages and principals of computer systems and networks is recommended.

Course Materials

Recommended Textbook: Computer Security: A Hands-on Approach by Wenliang Du

Other useful books:

Some useful materials will be shared on Piazza/Discord. Slides will be available on Blackboard.

Course Description

An introduction to the principles and practices of building secure systems. Covered topics include: software attacks (buffer overflow, integer overflow, etc.), malware, systems security, hardware attacks, operating system security, authentication and authorization, basics of cryptography, public key infrastructures, SSL/TLS, web security, IP security, and Denial of Service (DoS) attacks.

Grade Distribution

Optional Undergraduate Research Project: Bonus 15pt will be awarded if and only if a successful project is completed by the end of the semester (a final report will be due in the finals week). Talk to the instructor if you are interested.

Final letter grades will be given based on the following scale. A >= 93% > A- >= 90% > B+ >= 85% > B >= 80% > B- >= 75% > C+ >= 70% > C >= 65% > C- >= 60% > D+ >= 55% > D >= 53% > D- >= 50% > F Grades may be curved at the instructor’s discretion.

General Information

Homework Assignments

We will use SEED labs for in this course. There will be around 3–6 homework assignments. Some of the assignments are SEED labs, others are programming assignments.

All assignments will be performed on a virtual machine (VM) (in a cloud) with docker containers. More instructions on how to set up a VM will be provided later.

Submissions, Grading, and Deadlines

Homework Assignments and Reports should be submitted electronically (no hard copies) through Blackboard by midnight on the due date in a format accepted by Blackboard. If assignment requires you to submit code, place all code and Makefiles in a directory, compress it (zip or tar.gz) and upload the archive. Some (or all) assignments can be autograded using gradescope or other tools.

Some homeworks may carry more points than others.

Submission deadlines are hard. However, we do have a late/miss policy: Late HWs are accepted with 20% penalty for each day they are late by.

If you miss an exam or quiz, you will get zero points.

Exceptions will be handled case by case and will only be considered under a university-approved condition with a written proof.

You are encouraged to discuss the assignments and homeworks with your fellow students, especially on Piazza/Discord, but avoid asking and answering too direct questions. Everybody must submit their original work.

AI use

The use of AI tools like ChatGPT is permitted for brainstorming, idea generation, and initial research purposes. However, it’s imperative that all work submitted is the student’s own original effort. Direct submission of AI-generated content is strictly prohibited. Violations of this policy may result in a score of 0 for the assignment or other disciplinary actions.

Exams & Quizzes

Quizzes are take home with few exceptions.

Exams are closed book. However, you will be allowed to use a single page handwritten cheat sheet (two-sided). Midterm exam is 1 hour 20 minutes long. The final exam is 3 hours. No collaboration is allowed on exams and quizzes.

Semester Schedule (This is a tentative schedule watch for updates!)

Week Lecture Date Topic Reading
1 1 Thu, Jan 25, 24 Introduction to the Course  
2 2 Tue, Jan 30, 24 Security fundamentals, policies, threat models  
  3 Thu, Feb 1, 24 Trust & Trustworthiness  
3 4 Tue, Feb 6, 24 Access Control & Permissions  
  5 Thu, Feb 8, 24 Access Control & Permissions  
4 6 Tue, Feb 13, 24 Cryptography basics  
  7 Thu, Feb 15, 24 Block Ciphers  
5 8 Tue, Feb 20, 24 Block Ciphers  
  9 Thu, Feb 22, 24 Hash functions, HMAC  
6 10 Tue, Feb 27, 24 Public Key Cryptography I  
  11 Thu, Feb 29, 24 Public Key Cryptography II  
7 12 Tue, Mar 5, 24 Applications of Cryptography, midterm overview  
    Thu, Mar 7, 24 Midterm exam  
8   Tue, Mar 12, 24 Spring Break  
    Thu, Mar 14, 24 Spring Break  
9 13 Tue, Mar 19, 24 Memory Organization, Stack, ABI  
  14 Thu, Mar 21, 24 Buffer Overflow Attacks and Protections  
10 15 Tue, Mar 26, 24 Buffer Overflow Attacks and Protections II  
  16 Thu, Mar 28, 24 Code Reuse Attacks and Protections  
11 17 Tue, Apr 2, 24 Integer Overflow and Format String Attacks, Protections  
12 18 Thu, Apr 4, 24 Malware & Defense Techniques  
    Tue, Apr 9, 24 Midterm exam  
13 19 Thu, Apr 11, 24 Web Application Security  
  20 Tue, Apr 16, 24 Web Application Security II  
14 21 Thu, Apr 18, 24 Web Application Security III  
  22 Tue, Apr 23, 24 TLS/SSL, HTTPS  
15 23 Thu, Apr 25, 24 Network security I  
  24 Tue, Apr 30, 24 Network security II  
  25 Thu, May 2, 24 Final Exam Overview  
Finals week   Fri, May 10, 24 Final Exam 2:00 p.m. - 5:00 p.m.  

CSci 554

Graduate students enrolled in CSci 554 are required to complete a semester long research project. Please contact the instructor to select your project topic. All project must be approved by instructor. You may choose to do detailed survey.

Project determination:

Please send an email to the instructor by the deadline (Mar 1) containing:

  1. Project Name (think of this as your paper/report title)
  2. Problem Statement
  3. Expected Steps (setting up infrastructure, implementation, performing experiment, data analyses, etc.)
  4. Expected/possible outcome and contribution

Final report

Please submit your final report via email your final project report in PDF format. Please use the ACM sigconf format. The expected length of your project is 4-8 pages. Your report should have following sections:

  1. Abstract
  2. Introduction (with problem statement)
  3. Threat model (if you are studying an attack or protection)
  4. Background and Related Work
  5. Implementation (or Analysis if you are doing a survey)
  6. If you are proposing some security solution, also include a security analyses section
  7. Results
  8. Conclusions
  9. References

If you need any help with the project or have any questions, contact the instructor during office hours. If you require access to computational resources or hardware, talk to the instructor.

Grade Distribution for CSci 554

Final letter grades will be given based on the following scale. A >= 93% > A- >= 90% > B+ >= 85% > B >= 80% > B- >= 75% > C+ >= 70% > C >= 65% > C- >= 60% > D+ >= 55% > D >= 53% > D- >= 50% > F Grades may be curved at the instructor’s discretion.

Helpful Services

The Writing Resources Center (WRC) can help when students have questions about how to construct an argument, deliver a presentation, use and cite sources, and more. Please visit the WRC website to request a class visit, tour, or brochures. The Writing Resources Center, located on the first floor of Swem Library, is a free service provided to W&M students. Trained consultants offer individual assistance with writing, presentation, and other communication assignments across disciplines and at any stage, from generating ideas to polishing a final product.

Mental and Physical Well-Being:

William & Mary recognizes that students juggle different responsibilities and can face challenges that make learning difficult. There are many resources available at W&M to help students navigate emotional/psychological, physical/medical, material/accessibility concerns, including:

Academic Accommodations

It is the policy of The College of William and Mary to accommodate students with disabilities and qualifying diagnosed conditions in accordance with federal and state laws. Any student who feels s/he may need an accommodation based on the impact of a learning, psychiatric, physical, or chronic health diagnosis should contact Student Accessibility Services staff at 757-221-2509 or at to determine if accommodations are warranted and to obtain an official letter of accommodation. For more information, please click here.

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.

Students must agree not to use the knowledge learned from this course to break into or otherwise compromise systems uninvited.

Honor Code

Students are required to follow the Honor System of the College of William and Mary.

The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the W&M Student Code from here

Violation of the Honor code will result in F grade and refer the student to the appropriate University bodies for possible further action.

Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.