Instructor Gang Wang (
Time/Location MW 2:30 PM - 3:45 PM in Surge Space Building 107
Office Hour After class or By appointment. My CRC office is in KnowledgeWorks II, room 2223 (Reachable via CRC shuttle)
TAs Location: 106 McBryde Hall
Hang Hu (, office hour: Thursday 9:30am - 11:30pm
Jiameng Pu (, office hour: Tuesday 1:00pm - 3:00pm
Sib Quayum (, office hour: Monday 10:00am - 2:00pm; Tuesday and Thursday 12:30pm - 2:00pm
Textbook Introduction to Computer Security. By Michael T Goodrich and Roberto Tamassia. First edition. Addison-Wesley. 2013. (E-book is fine. Hardcopy available on Newman reserve.)


4/13/2018: Homework 3 is open now.

3/28/2018: Check out the new Programming assignment 3, which is due on April 11.

3/14/2018: Check out the new homework 2, which is due on March 26.

2/25/2018: Check out the new Programming assignment 2, which is due on March 12.

2/9/2018: Programming assignment 1: if you cannot login to the VM, please check out the new CANVAS post for the username and password.

1/24/2018: Homework 1 is open now. Please submit through CANVAS

1/16/2018: Sign up for the in-class presentation using this link.

12/26/2017: Force add:

Class Description

The topics of this class include survey of computer security problems and fundamental computer security design principles and models for software systems; Cryptographic models and methods; Modern cyber security techniques for robust computer operating systems, software, web applications, large-scale networks and data protection; Privacy models and techniques; Contemporary computer and network security examples.
Prerequisites: CS 3214 or (ECE 2500 and ECE 3574), with a grade of C or better.


If any student needs special accommodations because of a disability, please contact the instructor in the first week of classes.

Expected Work

Students are required to attend all lectures, take in-class quizzes (ungraded) and short presentations, read all required textbook chapters and additional reading materials, complete the written and programming assignments on time, take the in-class midterm and final exams

Assignments (including both written and programming) have to be complete by the student individually. Write-ups of programming assignments are submitted through CANVAS course site.

Attack/Defense of the week presentation. Each week on Thursday, a group of students will give a short 10-minute presentation on a real-world security topic of their choice, e.g., equifax data breach, recent DDOS attacks. Students need to work in a group of three (3).

Class Schedule

Date Topic Chapter Note Presenters
Jan. 17 Class introduction slides N/A
Jan. 22, 24 Security terminologies, User Authentication, Intro to cryptography slides1|slides2 Chapter 1, 2 hw1 open N/A
Jan. 29, 31 Software security, malware slides Chapter 4 [M]: Huifeng, lan; Jose Canahui; Ryan Grant
[W]: Alex Shipe, Ryan Burton, Eric Simpson
Feb. 05, 07 Buffer overflow attack slide1|slide2 Chapter 3.4 pro1 open [M]: Christopher Rickey, Patrick Kloby, Henry Stephens
[W]: Brendan Sherman, Sean Rigden, Jacob Teves
Feb. 12, 14 Symmetric encryption, OS security, BLP model slide1|slide2 Chapter 8.1, 3, 9.2
[M]: Kipp Dunn, Fuadul Islam, Timothy Hughes
[W]: Bryce Humphrey, Ryan Berft, Doug Botello
Feb. 19, 21 Guest lecture (TBA) [M]: Keith Rosenborough, Sam Jones, Ariana Herbst
[W]: Tiffany Ma, Ryan Jakiel, Matthew Tuckman
Feb. 26, 28 Network intro, network security overview slides Chapter 6.2, 6.4, 9.6 pro2 open [W]: Chris Keener, Brandon Chang, Tyler Thompson
[W]: Michael Monger, Andrew Gidzinski, Gurmehar Cheema
Mar. 05, 07 Spring Break N/A
Mar. 12, 14 Firewall, IDS/IPS, IPSec, DoS slidesChapter 5, 8 hw2 open [M]: Jimmy Kuang, Daniel Xu, Kyle Dyess
[W]: Sheng Peng, Wenjia Song, Daniel VanGorden
Mar. 19, 21 Midterm on March 19. SSL, DNS poisoning slides Chapter 5, 8 [W]: Haoyun Yang, Kehan Lyu, Xianze Meng
Mar. 26, 28 Web security slides Chapter 7 pro3 open [M]: Forrest Doss, Nick Trettel, Zack Rankin
[W]: Adrian De Vera, Puvanai Avakul, Zach Sullivan
Apr. 02, 04 email security, network scanning, Wifi security slides Chapter 10.2, 6.5 [M]: Morgan Dykshorn, Wynton Cobb, Marcello Balboa
[W]: Nathan Mussie, Enrique Prieto, Nathaniel Guinn
Apr. 09, 11 Privacy and anonymity, TOR slides hw3 open [M]: Michael Rapp, Eric Walters, John Stradling
[W]: Andrew Kolodgie, Andrew Cooper, Collin Hardash
Apr. 16, 18Advanced topic: Mobile app security -- [M]: Wes Hirsheimer, Travis Weissenberger, Colin Grundey
[W]: Taeho Kim, Matthew J. Risley
Apr. 23, 25Advanced topic: Social network security -- [M]: Dong Gyu Lee, Seunglee Choi, Carter Tat
Apr. 30 Topic review (no class on May 2, reading day on May 3) -- N/A
May 07, 10 Final Exam: May 09, 10:05AM - 12:05PM -- N/A


Class participation and in-class (ungraded) quizzes 10%
Attack/Defense of the week presentation 10%
Written homework assignments (~3) 18%
Programming assignments (~3) 20%
Midterm exam (close-book, close-note) 18%
Final exam (close-book, close-note) 24%

To calculate final grades, I simply sum up the points obtained by each student (the points will sum up to some number x out of 100) and then use the following scale to determine the letter grade: [0-60] F, [60-62] D-, [63-66] D, [67-69] D+, [70-72] C-, [73-76] C, [77-79] C+, [80-82] B-, [83-86] B, [87-89] B+, [90-92] A-, [93-100] A. I do not curve the grades in any way. All fractions will be rounded up.


Late Policy: No late submission is allowed for any assignments in this class except in exceptional circumstances. However, each student has a one-day "time bank" for the semester that you may use to extend an assignment due date by one day without penalty. You do not have to inform anyone when you use your time bank -- just by submitting your assignment late (still need to be no later than 24 hours), you are requesting to use the time-bank day. You can only use it for one assignment (even if you are only late for 1 minute, we consider you used your time bank). You may only use the time bank to extend assignment deadlines. It may not be applied to quizzes, or tests. Except for your time-bank day, no late submissions will be counted toward your grade. The student is personally responsible for keeping track of usage of the time-bank day. Note: Delays resulting from machine availability, hardware failures or your failure to maintain a backup of your work do not merit an extension.

Requests for Regrading: In this class, we will use the Coaches Challenge to handle requests for regrading for assignments. Each student is allotted one (1) challenge each semester. If you want a project or a test to be regraded, you must come to the professor's office hours and make a formal challenge specifying (a) the problem or problems you want to be regraded, and (b) for each of these problems, why you think the problem was misgraded. If it turns out that there has been an error in grading, the grade will be corrected, and you get to keep your challenge. However, if the original grade was correct, then you permanently lose your challenge. Once your challenge is exhausted, you will not be able to request regrades. You may not challenge the grade of the mid-term or the final exam.

In the case of group projects/assignments, all group members must have an available challenge in order to contest a grade. If the challenge is successful, then all group members get to keep their challenge. However, if the challenge is unsuccessful, then all group members permanently lose one challenge.

The Virginia Tech Honor Code: The Virginia Tech Undergraduate Honor Code applies to this course. It describes the expectations for academic integrity in this course. In this course, all assignments, including homework, quizzes, program assignments, and tests, are individual work that you must complete on your own. In this course, you may freely offer and receive assistance on how to use the programming language, what library classes or methods do, what errors mean, or how to interpret assignment instructions with your classmates. You are encouraged to post any such questions to the course discussion forum, and are also encouraged to answer questions posted to the forum from other students. However, you may not give or receive help from others (except course staff) with writing your program code or your answers to any assignment or test. Further, on any course work you may only type at the keyboard, or view your source code on the screen when working alone. Do not show or share your program code with others, and do not view or copy source code from others.

Note: Often, students who are struggling with problems in a program assignment may have trouble interpreting an error message or diagnosing an error in their source code. I encourage you to ask questions about the interpretation of error messages on the forum, and to offer constructive advice to fellow students who run into such problems. If you are asking for help with an error or problem, describe it without showing code where possible. When necessary, you may post a short segment of your own code that you believe contains the problem (a handful of lines where you believe the problem to be). However, refrain from posting significant portions of your own problem solution to the course discussion board. Posts with excessive code may be deleted without notice. Ask the instructor if you are unsure what you are about to post is appropriate. Other than small code segments posted to the course discussion board, you should not use any mechanisms to share or view another student's code, and should not post your own code in any publicly accessible location.

Any writing or discussion of program source code or assignment answers must adhere to the limits expressed above. Examples of honor code violations include: Working with another student to derive a common program or solution to a programming assignment or homework problem. Discussing the details required to solve a programming task. You may not share solutions. Showing your source code to another student to get help fixing a problem, or to explain how you approached a specific task. Copying source code (programs) in whole or in part from someone else, with or without their knowledge or consent. Editing (computer generated) output to achieve apparently correct results. Taking another person's printout from a lab printer, remote printer, trashcan, etc. Note that all electronic work submitted for this course is archived and subjected to automatic plagiarism detection and cheating analysis. Whenever in doubt, please seek help from the instructor.