Syllabus

Course Overview

This course will introduce students to the fundamentals of computer security. We will focus on software security, applied cryptography, network security, OS security, and privacy. A recurring theme will be security definitions, what kinds of security vulnerabilities may arise, and how to spot and fix vulnerabilities. The course will be structured into three broad sections: Software Security, Cryptography, and Networks/System Security.

Exams

There will be three exams in the course: One for each of the course's main sections. Your lowest exam will be dropped. Note: In order to drop Exam 3, you must receive a score of 50 or higher on it.

There will be no final exam.

Homeworks

There will be three large scale homework assignments containing a variety of problems ranging from theoretical cryptography to hacking into a buggy web application. The details of those assignments will be released throughout the semester.

Grading

I will use standard, "rounded" grade percentages as follows:

The total points possible are allocated as follows:

Ethics and Cheating

The course staff will strive to treat all students ethically and fairly. We, in turn, expect the same from all students.

Any lapse in ethical behavior will immediately result in −1,000,000 points, as well as be immediately reported to the appropriate university disciplinary unit. Really. No matter what. The course staff looks at students who cheat or plagiarize as far beneath someone who fails the course.

This course will follow CMU’s policy on cheating and plagiarism. Note that the policy gives several examples of what constitutes cheating and plagiarism. If you have any questions, you should contact the instructor.

Students should behave ethically. This means obeying the law, but that is not enough. Behaving ethically means you avoid activities that do harm or may do harm to people, the environment, or other computers. In short, don't be a nuisance.

Note just because you can do something (or you read about others doing it) does not make it ok. For example, scanning a network may not be illegal (I am not a lawyer, so I shy away from definitive statements). However, scanning can crash computers. For example, we know of several very popular commodity-grade IP cameras that crash when you scan them. Sure, the camera software is buggy. But is there any reason for you, not being a professional, to crash someone else's camera? Launching exploits, "testing" the security of a system without explicit permission from all necessary parties, and so on are all unethical for the purpose of this course.

Collaboration. Students are encouraged to talk to each other, to the course staff, or to anyone else about any of the assignments. Assistance should be limited to discussion of the problem and sketching general approaches to a solution. Each student must turn in his or her own solution, derived from his or her own thoughts. Course staff may verify a student did the prescribed work by asking for a verbal explanation, and failure to correctly re-explain a submitted solution is considered a strong indication of cheating.