Instructor Gang Wang (
Time/Location MW 2:30 PM - 3:45 PM Torgersen Hall 3100
Office Hour After class or By appointment. My CRC office is in KnowledgeWorks II, room 2223 (Reachable via CRC shuttle)
TAs Location: 106 McBryde Hall
Peng Peng (, office hour: Tuesday and Thursday: 9:45-10:45 am
Limin Yang (, office hour: Wednesday: 5:30 – 7:30 pm
Andrew Bond (, office hour: Tuesday and Thursday: 3:00-4:30 pm
Textbook (optional) Introduction to Computer Security. By Michael T Goodrich and Roberto Tamassia. First edition. Addison-Wesley. 2013. (E-book is fine. Hardcopy available on Newman reserve.)
Final Exam May 13, 2019: 2:05PM - 4:05PM


1/23/2018: in-class presentation signup: Google Doc

1/8/2018: Force add:

Class Description

The topics of this class include survey of computer security problems and fundamental computer security design principles and models for software systems; Cryptographic models and methods; Modern cyber security techniques for robust computer operating systems, software, web applications, large-scale networks and data protection; Privacy models and techniques; Contemporary computer and network security examples.
Prerequisites: CS 3214 or (ECE 2500 and ECE 3574), with a grade of C or better.


If any student needs special accommodations because of a disability, please contact the instructor in the first week of classes.

Expected Work

Students are required to attend all lectures, take in-class quizzes (ungraded) and short presentations, read all required textbook chapters and additional reading materials, complete the written and programming assignments on time, take the in-class midterm and final exams

Assignments (including both written and programming) have to be complete by the student individually. Write-ups of programming assignments are submitted through CANVAS course site.

Attack/Defense of the week presentation. Each week on Thursday, a group of students will give a short 10-minute presentation on a real-world security topic of their choice, e.g., equifax data breach, recent DDOS attacks. Students need to work in a group of three (3).

Class Schedule

Date Topic Chapter Note Presenters
Jan. 23 Class introduction |Slides N/A
Jan. 28, 30 Security terminologies, User Authentication, Intro to cryptography | Slides | Slides Chapter 1, 2 hw1 open: due Feb 13, 5:00PM EST [W]: Alex Johnson, Kevin McCormack, Shaun Silk
Feb 4, 6 Software security, malware (no class on Feburary 6) | Slides Chapter 4 [M]: Benjamin Austin, Stephen Seong, Richard Patten
[W]: moved to next week
Feb. 11, 13 Guest lecture: Professor Bimal Viswanath.
Buffer overflow attack (1)| Slides
Chapter 3.4 [M]: Yoseph Minasie, Teriencio Solano II., Rocky Chen
[W]: (1)Mohammad Aarij, Sean Kim, Nelson Downs;
(2)Steven Trieu, Christina Lin, Joseph Chen;
Feb. 18, 20 Buffer overflow attack (2); Guest Lecture: Hang Hu | Slides program1 open: due March 4, 5:00PM EST
[M]: Alex Loulou, Megan Salvatore, Josh Doss
[W]: Christian Dufrois, Eric Wynn, Parker Lannom
Feb. 25, 27 Symmetric encryption, OS security| Slides Chapter 8.1, 3, 9.2 [M]: Hovhannes Avagyan, Hung Tran, Luke Knoble
[W]: Kulneet Singh, Zach Rotsch, Jason Lin
Mar. 4, 6 BLP model, Network intro, network security overview | Slides | Slides Chapter 6.2, 6.4, 9.6 program2 open: due March 20, 5:00PM EST [W]: Woo An, Marissa Einhorn, Angel Isiadinso
[W]: Ankit Patel, Chris Awad, Nathan Vigil
Mar. 11, 13 Spring Break N/A
Mar. 18, 20 Firewall, IDS/IPS |Slides Chapter 5, 8 [M]: Zeke Lin, Cihan Xiao, Max McGrath
[W]: Ryan Muller, Lucas Conti, Graham Haynie
Mar. 25, 27 Midterm on March 25. IPSec, VPN Chapter 5, 8 hw2 open: due April 6, 5:00PM EST [W]: Lance Church, Jack Maillett, David D’Atre
Apr. 1, 3 SSL, DNS poisoning, Midterm solution discussion |Slides Chapter 7 [M]: Chuwei Zhong , Chengen Li, Rahul Ramakrishnan
[W]: Daniel Lu , Taber Fisher, Nicholas Phan
Apr. 8, 10 Web security, Wifi security | Slides | Slides Chapter 10.2, 6.5 program3 open: due April 20, 5:00PM EST [M]: Kenny Worden, Stephen von Schmidt-Pauli, Daniel Moyer
[W]: Thomas Bellerose, Sean Clinton, Junjie Liang
Apr. 15, 17 Privacy and anonymity, TOR | Slides [M]: KC Cowan, Pooja Rathnashyam, Jaxson Hawkins
[W]: James Kirk, Phillip Ngo, Brian Van Rosendale
Apr. 22, 24Advanced topic: mobile app security | Slides -- hw3 open: due May 5, 5:00PM EST [M]: Joey Davis, Michael Severance, Robert Perry
[W]: Michael Roberto, Phillip Adams, Arron Jill
Apr. 29, May 1Advanced topic: machine learning -- [M]: Ethan Raphael, Steven McKim, Joe Hamilton
[W]: Rajarshi Roy, Guang Chen Li, Jaivir Baweja
[W]: Grant Rasmussen, Sam Furman, Terrence Mills
May 6, 8 Topic review (no class on May 8, reading day on May 9) -- N/A
May 13 Final Exam: May 13: 2:05PM - 4:05PM -- N/A


Class participation and in-class (ungraded) quizzes 10%
Attack/Defense of the week presentation 10%
Written homework assignments (~3) 18%
Programming assignments (~3) 20%
Midterm exam (close-book, close-note) 18%
Final exam (close-book, close-note) 24%

To calculate final grades, I simply sum up the points obtained by each student (the points will sum up to some number x out of 100) and then use the following scale to determine the letter grade: [0-60] F, [60-62] D-, [63-66] D, [67-69] D+, [70-72] C-, [73-76] C, [77-79] C+, [80-82] B-, [83-86] B, [87-89] B+, [90-92] A-, [93-100] A. I do not curve the grades in any way. All fractions will be rounded up.


Late Policy: No late submission is allowed for any assignments in this class except in exceptional circumstances. However, each student has a one-day "time bank" for the semester that you may use to extend an assignment due date by one day without penalty. You do not have to inform anyone when you use your time bank -- just by submitting your assignment late (still need to be no later than 24 hours), you are requesting to use the time-bank day. You can only use it for one assignment (even if you are only late for 1 minute, we consider you used your time bank). You may only use the time bank to extend assignment deadlines. It may not be applied to quizzes, or tests. Except for your time-bank day, no late submissions will be counted toward your grade. The student is personally responsible for keeping track of usage of the time-bank day. Note: Delays resulting from machine availability, hardware failures or your failure to maintain a backup of your work do not merit an extension.

Requests for Regrading: In this class, we will use the Coaches Challenge to handle requests for regrading for assignments. Each student is allotted one (1) challenge each semester. If you want a project or a test to be regraded, you must come to the professor's office hours and make a formal challenge specifying (a) the problem or problems you want to be regraded, and (b) for each of these problems, why you think the problem was misgraded. If it turns out that there has been an error in grading, the grade will be corrected, and you get to keep your challenge. However, if the original grade was correct, then you permanently lose your challenge. Once your challenge is exhausted, you will not be able to request regrades. You may not challenge the grade of the mid-term or the final exam.

In the case of group projects/assignments, all group members must have an available challenge in order to contest a grade. If the challenge is successful, then all group members get to keep their challenge. However, if the challenge is unsuccessful, then all group members permanently lose one challenge.

The Virginia Tech Honor Code: The Virginia Tech Undergraduate Honor Code applies to this course. It describes the expectations for academic integrity in this course. In this course, all assignments, including homework, quizzes, program assignments, and tests, are individual work that you must complete on your own. In this course, you may freely offer and receive assistance on how to use the programming language, what library classes or methods do, what errors mean, or how to interpret assignment instructions with your classmates. You are encouraged to post any such questions to the course discussion forum, and are also encouraged to answer questions posted to the forum from other students. However, you may not give or receive help from others (except course staff) with writing your program code or your answers to any assignment or test. Further, on any course work you may only type at the keyboard, or view your source code on the screen when working alone. Do not show or share your program code with others, and do not view or copy source code from others.

Note: Often, students who are struggling with problems in a program assignment may have trouble interpreting an error message or diagnosing an error in their source code. I encourage you to ask questions about the interpretation of error messages on the forum, and to offer constructive advice to fellow students who run into such problems. If you are asking for help with an error or problem, describe it without showing code where possible. When necessary, you may post a short segment of your own code that you believe contains the problem (a handful of lines where you believe the problem to be). However, refrain from posting significant portions of your own problem solution to the course discussion board. Posts with excessive code may be deleted without notice. Ask the instructor if you are unsure what you are about to post is appropriate. Other than small code segments posted to the course discussion board, you should not use any mechanisms to share or view another student's code, and should not post your own code in any publicly accessible location.

Any writing or discussion of program source code or assignment answers must adhere to the limits expressed above. Examples of honor code violations include: Working with another student to derive a common program or solution to a programming assignment or homework problem. Discussing the details required to solve a programming task. You may not share solutions. Showing your source code to another student to get help fixing a problem, or to explain how you approached a specific task. Copying source code (programs) in whole or in part from someone else, with or without their knowledge or consent. Editing (computer generated) output to achieve apparently correct results. Taking another person's printout from a lab printer, remote printer, trashcan, etc. Note that all electronic work submitted for this course is archived and subjected to automatic plagiarism detection and cheating analysis. Whenever in doubt, please seek help from the instructor.