Instructor Gang Wang (gangwang@vt.edu)
Time/Location MW 2:30 PM - 3:45 PM in Surge Space Building 107
Office Hour After class or By appointment. My CRC office is in KnowledgeWorks II, room 2223 (Reachable via CRC shuttle)
TAs Hang Hu (hanghu@vt.edu), office hour: Tuesday 11:00am - 1:00pm, 106 McBryde Hall
Jiameng Pu (jmpu@vt.edu), office hour: Thursday 5:30pm - 7:30pm, 106 McBryde Hall
Textbook Introduction to Computer Security. By Michael T Goodrich and Roberto Tamassia. First edition. Addison-Wesley. 2013. (E-book is fine. Hardcopy available on Newman reserve.)

Anouncements

Class Description

The topics of this class include survey of computer security problems and fundamental computer security design principles and models for software systems; Cryptographic models and methods; Modern cyber security techniques for robust computer operating systems, software, web applications, large-scale networks and data protection; Privacy models and techniques; Contemporary computer and network security examples.
Prerequisites: CS 3214 or (ECE 2500 and ECE 3574), with a grade of C or better.

Note

If any student needs special accommodations because of a disability, please contact the instructor in the first week of classes.

Expected Work

Students are required to attend all lectures, take in-class quizzes (ungraded) and short presentations, read all required textbook chapters and additional reading materials, complete the written and programming assignments on time, take the in-class midterm and final exams

Assignments (including both written and programming) have to be complete by the student individually. Write-ups of programming assignments are submitted through CANVAS course site.

Attack/Defense of the week presentation. Each week on Thursday, a group of students will give a short 10-minute presentation on a real-world security topic of their choice, e.g., equifax data breach, recent DDOS attacks. Students need to work in a group of three (3).

Class Schedule

Date Topic Chapter Note Presenters
Jan. 17 Class introduction
Jan. 22, 24 Security terminologies, User Authentication, Intro to cryptography Chapter 1, 2 [M]:
[W]:
Jan. 29, 31 Software security, malware Chapter 4 [M]:
[W]:
Feb. 05, 07 Buffer overflow attack Chapter 3.4 [M]:
[W]:
Feb. 12, 14 Symmetric encryption, OS security, BLP model Chapter 8.1, 3, 9.2
[M]:
[W]:
Feb. 19, 21 Guest lecture (TBA) [M]:
[W]:
Feb. 26, 28 Network intro, network security overview, Chapter 6.2, 6.4, 9.6 [W]:
[W]:
Mar. 05, 07 Spring Break N/A
Mar. 12, 14 Firewall, IDS/IPS, IPSec, DoSChapter 5, 8 [M]:
[W]:
Mar. 19, 21 Midterm on March 19. SSL, DNS poisoning Chapter 5, 8 [W]:
Mar. 26, 28 Web security Chapter 7 [M]:
[W]:
Apr. 02, 04 email security, Wifi security Chapter 10.2, 6.5 [M]:
[W]:
Apr. 09, 11 RSA public-key cryptosystems, digital signature schemes, Trusted platform model (TPM) Chapters 8.2.3, 9.7.3 [M]:
[W]:
Apr. 16, 18 Privacy and anonymity, TOR -- [M]:
[W]:
Apr. 23, 25 Advanced topic 1 -- [M]:
[W]:
Apr. 30 Advanced topic 2 (no class on May 2, reading day on May 3) -- [M]:
May 07, 10 Final Exam: May 09, 10:05AM - 12:05PM -- N/A

Grading

Class participation and in-class (ungraded) quizzes 10%
Attack/Defense of the week presentation 10%
Written homework assignments (~3) 18%
Programming assignments (~3) 20%
Midterm exam (close-book, close-note) 18%
Final exam (close-book, close-note) 24%

To calculate final grades, I simply sum up the points obtained by each student (the points will sum up to some number x out of 100) and then use the following scale to determine the letter grade: [0-60] F, [60-62] D-, [63-66] D, [67-69] D+, [70-72] C-, [73-76] C, [77-79] C+, [80-82] B-, [83-86] B, [87-89] B+, [90-92] A-, [93-100] A. I do not curve the grades in any way. All fractions will be rounded up.

Policies

Late Policy: No late submission is allowed for any assignments in this class except in exceptional circumstances. However, each student has a one-day "time bank" for the semester that you may use to extend an assignment due date by one day without penalty. You do not have to inform anyone when you use your time bank -- just by submitting your assignment late (still need to be no later than 24 hours), you are requesting to use the time-bank day. You can only use it for one assignment (even if you are only late for 1 minute, we consider you used your time bank). You may only use the time bank to extend assignment deadlines. It may not be applied to quizzes, or tests. Except for your time-bank day, no late submissions will be counted toward your grade. The student is personally responsible for keeping track of usage of the time-bank day. Note: Delays resulting from machine availability, hardware failures or your failure to maintain a backup of your work do not merit an extension.

Requests for Regrading: In this class, we will use the Coaches Challenge to handle requests for regrading for assignments. Each student is allotted one (1) challenge each semester. If you want a project or a test to be regraded, you must come to the professor's office hours and make a formal challenge specifying (a) the problem or problems you want to be regraded, and (b) for each of these problems, why you think the problem was misgraded. If it turns out that there has been an error in grading, the grade will be corrected, and you get to keep your challenge. However, if the original grade was correct, then you permanently lose your challenge. Once your challenge is exhausted, you will not be able to request regrades. You may not challenge the grade of the mid-term or the final exam.

In the case of group projects/assignments, all group members must have an available challenge in order to contest a grade. If the challenge is successful, then all group members get to keep their challenge. However, if the challenge is unsuccessful, then all group members permanently lose one challenge.

The Virginia Tech Honor Code: The Virginia Tech Undergraduate Honor Code applies to this course. It describes the expectations for academic integrity in this course. In this course, all assignments, including homework, quizzes, program assignments, and tests, are individual work that you must complete on your own. In this course, you may freely offer and receive assistance on how to use the programming language, what library classes or methods do, what errors mean, or how to interpret assignment instructions with your classmates. You are encouraged to post any such questions to the course discussion forum, and are also encouraged to answer questions posted to the forum from other students. However, you may not give or receive help from others (except course staff) with writing your program code or your answers to any assignment or test. Further, on any course work you may only type at the keyboard, or view your source code on the screen when working alone. Do not show or share your program code with others, and do not view or copy source code from others.

Note: Often, students who are struggling with problems in a program assignment may have trouble interpreting an error message or diagnosing an error in their source code. I encourage you to ask questions about the interpretation of error messages on the forum, and to offer constructive advice to fellow students who run into such problems. If you are asking for help with an error or problem, describe it without showing code where possible. When necessary, you may post a short segment of your own code that you believe contains the problem (a handful of lines where you believe the problem to be). However, refrain from posting significant portions of your own problem solution to the course discussion board. Posts with excessive code may be deleted without notice. Ask the instructor if you are unsure what you are about to post is appropriate. Other than small code segments posted to the course discussion board, you should not use any mechanisms to share or view another student's code, and should not post your own code in any publicly accessible location.

Any writing or discussion of program source code or assignment answers must adhere to the limits expressed above. Examples of honor code violations include: Working with another student to derive a common program or solution to a programming assignment or homework problem. Discussing the details required to solve a programming task. You may not share solutions. Showing your source code to another student to get help fixing a problem, or to explain how you approached a specific task. Copying source code (programs) in whole or in part from someone else, with or without their knowledge or consent. Editing (computer generated) output to achieve apparently correct results. Taking another person's printout from a lab printer, remote printer, trashcan, etc. Note that all electronic work submitted for this course is archived and subjected to automatic plagiarism detection and cheating analysis. Whenever in doubt, please seek help from the instructor.