CSci 454: Computer and Network Security, Spring 2024
General Information
- Instructor: Dmitry Evtyushkin (Personal Website), email: devtyushkin at wm.edu
- Instructor Office hours: W 1:00 - 4:00 on Zoom (link on Blackboard) or by appointment
-
TA: Mostafa Sayed Ahmed, email: mnahmed at wm.edu
- Time and location: TR 3:30PM – 4:50PM, Tucker Hall 220
- Deadlines: Add/Drop Feb 2, Withdraw Feb 3 – Mar 25
- Final exam: May 10, 2:00 – 5:00 p.m., Tucker Hall 220
- Please keep checking this website for the latest information regarding the course.
Prerequisites
CSci 303 and CSci 304. Students are expected to have a good understanding of computer organization and programming. In addition, knowledge about computer architecture, operating systems, programming languages and principals of computer systems and networks is recommended.
Course Materials
Recommended Textbook: Computer Security: A Hands-on Approach by Wenliang Du
Other useful books:
- Understanding Cryptography: A Textbook for Students and Practitioners by Christof Paar
- Security in Computing (5th Edition) by Charles P. Pfleeger et al.
- Hacking: The Art of Exploitation by Jon Erickson
- Applied Cryptography by Bruce Schneier
Some useful materials will be shared on Piazza/Discord. Slides will be available on Blackboard.
Course Description
An introduction to the principles and practices of building secure systems. Covered topics include: software attacks (buffer overflow, integer overflow, etc.), malware, systems security, hardware attacks, operating system security, authentication and authorization, basics of cryptography, public key infrastructures, SSL/TLS, web security, IP security, and Denial of Service (DoS) attacks.
Grade Distribution
- In-class/Take home Quizzes – 15pt
- Homework/Programming Assignment (3 to 6) – 30pt
- Midterm exams – 30pt
- Final Exam – 25pt
- Online activity and class participation – (+ 5pt bonus)
- Bonus points: Undergraduate Research Project – 15pt
Optional Undergraduate Research Project: Bonus 15pt will be awarded if and only if a successful project is completed by the end of the semester (a final report will be due in the finals week). Talk to the instructor if you are interested.
Final letter grades will be given based on the following scale. A >= 93% > A- >= 90% > B+ >= 85% > B >= 80% > B- >= 75% > C+ >= 70% > C >= 65% > C- >= 60% > D+ >= 55% > D >= 53% > D- >= 50% > F Grades may be curved at the instructor’s discretion.
General Information
- We will use Piazza for discussions. Announcements will be made through Blackboard/email.
- Lecture slides from the instructor will be uploaded to Blackboard.
- Homework assignments are submitted via Blackboard.
- Grades are reported via Blackboard. Final grades are submitted via Banner.
- Students are expected to attend all lectures.
Homework Assignments
We will use SEED labs for in this course. There will be around 3–6 homework assignments. Some of the assignments are SEED labs, others are programming assignments.
All assignments will be performed on a virtual machine (VM) (in a cloud) with docker containers. More instructions on how to set up a VM will be provided later.
Submissions, Grading, and Deadlines
Homework Assignments and Reports should be submitted electronically (no hard copies) through Blackboard by midnight on the due date in a format accepted by Blackboard. If assignment requires you to submit code, place all code and Makefiles in a directory, compress it (zip or tar.gz) and upload the archive. Some (or all) assignments can be autograded using gradescope or other tools.
Some homeworks may carry more points than others.
Submission deadlines are hard. However, we do have a late/miss policy: Late HWs are accepted with 20% penalty for each day they are late by.
If you miss an exam or quiz, you will get zero points.
Exceptions will be handled case by case and will only be considered under a university-approved condition with a written proof.
You are encouraged to discuss the assignments and homeworks with your fellow students, especially on Piazza/Discord, but avoid asking and answering too direct questions. Everybody must submit their original work.
AI use
The use of AI tools like ChatGPT is permitted for brainstorming, idea generation, and initial research purposes. However, it’s imperative that all work submitted is the student’s own original effort. Direct submission of AI-generated content is strictly prohibited. Violations of this policy may result in a score of 0 for the assignment or other disciplinary actions.
Exams & Quizzes
Quizzes are take home with few exceptions.
Exams are closed book. However, you will be allowed to use a single page handwritten cheat sheet (two-sided). Midterm exam is 1 hour 20 minutes long. The final exam is 3 hours. No collaboration is allowed on exams and quizzes.
Semester Schedule (This is a tentative schedule watch for updates!)
| Week | Lecture | Date | Topic | Reading |
|---|---|---|---|---|
| 1 | 1 | Thu, Jan 25, 24 | Introduction to the Course | |
| 2 | 2 | Tue, Jan 30, 24 | Security fundamentals, policies, threat models | |
| 3 | Thu, Feb 1, 24 | Trust & Trustworthiness | ||
| 3 | 4 | Tue, Feb 6, 24 | Access Control & Permissions | |
| 5 | Thu, Feb 8, 24 | Access Control & Permissions | ||
| 4 | 6 | Tue, Feb 13, 24 | Cryptography basics | |
| 7 | Thu, Feb 15, 24 | Block Ciphers | ||
| 5 | 8 | Tue, Feb 20, 24 | Block Ciphers | |
| 9 | Thu, Feb 22, 24 | Hash functions, HMAC | ||
| 6 | 10 | Tue, Feb 27, 24 | Public Key Cryptography I | |
| 11 | Thu, Feb 29, 24 | Public Key Cryptography II | ||
| 7 | 12 | Tue, Mar 5, 24 | Applications of Cryptography, midterm overview | |
| Thu, Mar 7, 24 | Midterm exam | |||
| 8 | Tue, Mar 12, 24 | Spring Break | ||
| Thu, Mar 14, 24 | Spring Break | |||
| 9 | 13 | Tue, Mar 19, 24 | Memory Organization, Stack, ABI | |
| 14 | Thu, Mar 21, 24 | Buffer Overflow Attacks and Protections | ||
| 10 | 15 | Tue, Mar 26, 24 | Buffer Overflow Attacks and Protections II | |
| 16 | Thu, Mar 28, 24 | Code Reuse Attacks and Protections | ||
| 11 | 17 | Tue, Apr 2, 24 | Integer Overflow and Format String Attacks, Protections | |
| 12 | 18 | Thu, Apr 4, 24 | Malware & Defense Techniques | |
| Tue, Apr 9, 24 | Midterm exam | |||
| 13 | 19 | Thu, Apr 11, 24 | Web Application Security | |
| 20 | Tue, Apr 16, 24 | Web Application Security II | ||
| 14 | 21 | Thu, Apr 18, 24 | Web Application Security III | |
| 22 | Tue, Apr 23, 24 | TLS/SSL, HTTPS | ||
| 15 | 23 | Thu, Apr 25, 24 | Network security I | |
| 24 | Tue, Apr 30, 24 | Network security II | ||
| 25 | Thu, May 2, 24 | Final Exam Overview | ||
| Finals week | Fri, May 10, 24 | Final Exam 2:00 p.m. - 5:00 p.m. |
CSci 554
Graduate students enrolled in CSci 554 are required to complete a semester long research project. Please contact the instructor to select your project topic. All project must be approved by instructor. You may choose to do detailed survey.
Project determination:
Please send an email to the instructor by the deadline (Mar 1) containing:
- Project Name (think of this as your paper/report title)
- Problem Statement
- Expected Steps (setting up infrastructure, implementation, performing experiment, data analyses, etc.)
- Expected/possible outcome and contribution
Final report
Please submit your final report via email your final project report in PDF format. Please use the ACM sigconf format. The expected length of your project is 4-8 pages. Your report should have following sections:
- Abstract
- Introduction (with problem statement)
- Threat model (if you are studying an attack or protection)
- Background and Related Work
- Implementation (or Analysis if you are doing a survey)
- If you are proposing some security solution, also include a security analyses section
- Results
- Conclusions
- References
If you need any help with the project or have any questions, contact the instructor during office hours. If you require access to computational resources or hardware, talk to the instructor.
Grade Distribution for CSci 554
- Quizzes - 10pt
- Project – 20pt
- Homework Assignments – 20pt
- Midterm exams – 25pt
- Final Exam – 25pt
Final letter grades will be given based on the following scale. A >= 93% > A- >= 90% > B+ >= 85% > B >= 80% > B- >= 75% > C+ >= 70% > C >= 65% > C- >= 60% > D+ >= 55% > D >= 53% > D- >= 50% > F Grades may be curved at the instructor’s discretion.
Helpful Services
The Writing Resources Center (WRC) can help when students have questions about how to construct an argument, deliver a presentation, use and cite sources, and more. Please visit the WRC website to request a class visit, tour, or brochures. The Writing Resources Center, located on the first floor of Swem Library, is a free service provided to W&M students. Trained consultants offer individual assistance with writing, presentation, and other communication assignments across disciplines and at any stage, from generating ideas to polishing a final product.
Mental and Physical Well-Being:
William & Mary recognizes that students juggle different responsibilities and can face challenges that make learning difficult. There are many resources available at W&M to help students navigate emotional/psychological, physical/medical, material/accessibility concerns, including:
- The W&M Counseling Center at (757) 221-3620. Services are free and confidential.
- The W&M Health Center at (757) 221-4386.
- For additional support or resources & questions, Contact the Dean of Students at 757-221-2510.
- For other resources available to students, see the document
Academic Accommodations
It is the policy of The College of William and Mary to accommodate students with disabilities and qualifying diagnosed conditions in accordance with federal and state laws. Any student who feels s/he may need an accommodation based on the impact of a learning, psychiatric, physical, or chronic health diagnosis should contact Student Accessibility Services staff at 757-221-2509 or at sas@wm.edu to determine if accommodations are warranted and to obtain an official letter of accommodation. For more information, please click here.
Ethics Statement
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.
When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.
Students must agree not to use the knowledge learned from this course to break into or otherwise compromise systems uninvited.
Honor Code
Students are required to follow the Honor System of the College of William and Mary.
The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the W&M Student Code from here
Violation of the Honor code will result in F grade and refer the student to the appropriate University bodies for possible further action.
Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.