Instructor Gang Wang (
Time/Location Tuesday/Thursday 3:30 PM - 4:45 PM in New Classroom Building 120
Office Hour By appointment. My CRC office is in KnowledgeWorks II, room 2223 (Reachable via CRC shuttle)
TAs Fang Liu (, office hour: Tuesday 5:00PM - 7:00PM, 106 McBryde Hall
Stefan Nagy (, office hour: Friday, 10:00AM - 11:00AM, 106 McBryde Hall
Textbook Introduction to Computer Security. By Michael T Goodrich and Roberto Tamassia. First edition. Addison-Wesley. 2013. (E-book is fine. Hardcopy available on Newman reserve.)


Important note: Final Exam: 12/9/2016 (Friday) 10:05AM -- 12:05PM.

Exam Details and Example Topics

11/17/16: Programming Assignment 3 is online, due December 5 (Monday) 5PM EST, submission via Canvas.

11/04/16: Homework3 is online, due November 18 (Friday) 5PM EST, submission via Canvas.

10/24/16: Homework2 is online, due November 4 (Friday) 5PM EST, submission via Canvas.

9/30/16: Programming Assignment 2 is online, due Oct. 14 (Friday) 5PM EST, submission via Canvas.

9/22/16: VM download for Programming Assignment 1

9/15/16: Programming Assignment 1 is online, due Sep. 30 (Friday) 5PM EST, submission via Canvas.

9/1/16: Homework1 is online, due Sept 16 (Friday) 5PM EST, submission via Canvas.

8/25/16: All Thursday presentation slots are full (except for the first week). We have Tuesday slots open now. See the class schedule below.

8/15/16: The first class will be on Tuesday of August 23, 2016.

Class Description

The topics of this class include survey of computer security problems and fundamental computer security design principles and models for software systems; Cryptographic models and methods; Modern cyber security techniques for robust computer operating systems, software, web applications, large-scale networks and data protection; Privacy models and techniques; Contemporary computer and network security examples.
Prerequisites: CS 3214 or (ECE 2500 and ECE 3574), with a grade of C or better.


If any student needs special accommodations because of a disability, please contact the instructor in the first week of classes.

Expected Work

Students are required to attend all lectures, take in-class quizzes (ungraded) and short presentations, read all required textbook chapters and additional reading materials, complete the written and programming assignments on time, take the in-class midterm and final exams

Assignments (including both written and programming) have to be complete by the student individually. Write-ups of programming assignments are submitted through CANVAS course site.

Attack/Defense of the week presentation. Each week on Thursday, a group of students will give a short 10-minute presentation on a real-world security topic of their choice, e.g., Target data breach incident, Nevada Creech Air Force Base security breach incident, FireEye Intrusion Detection tool. Students need to work in a group of three (3).

Class Schedule

Date Topic Chapter Note Presenters
Aug 23, 25 Security terminologies, user authentication, data confidentiality: slides1, slides2 Chapter 1, 2 Fang Liu (TA), slides
Aug 30, Sep 1 Intro to cryptographic terms: slides1, slides2 -- hw1 open [Thu]: Joshua Chung, Doug Zabransky, Michael Littley
Sep 6, 8 Software security, malware slides1-2 Chapter 4 [Tue]: Kevin Zhang, Andrew Storms, Scott Hand
[Thu]: Thanh Pham, James Bui, Chi-Cheung Cheung
Sep 13, 15 Buffer overflow attack slides1-2 Chapter 3.4 hw1 due on 16th, 5PM
pa1 open
[Tue]: Jeremiah Harrington, Victor Weiss, Matthew Petracca
[Thu]: Matt Gross, Ryan Smith, Tony Tolstykh
Sep 20, 22 Symmetric encryption, OS security, BLP model slides1, slides2 Chapter 8.1, 3, 9.2 [Tue]: Nick Bolin, Andriy Katkov, Chris Hess
[Thu]: Ben Huff, Kaity Blohm, Ann Lyndon Griffin
Sep 27, 29 Network intro, guest lecture on Tue -- pa1 due on 30th, 5PM
pa2 open
[Thu]: Rachael Stempfley, Peter Price, Alex Van Brunt
[Thu]: Michael Wilkerson, Emma Manchester, Matthew Grier
Oct 4, 6 Network intro, network security overview, Firewall, IDS/IPS slides1-2 Chapter 6.2, 6.4, 9.6 [Tue]: Nicholas Greer, Alex Hsu, Ryan Asper
[Thu]: Thomas Makin, Nick Anderson, Ben Johnson
Oct 11, 13 Midterm on Oct. 11th, IDS/IPS (continue), IPSec slides1-2 -- pa2 due on 14th, 5PM [Thu]: Shiri Bendelac, Mary Carome, Andrew Snyder
Oct 18, 20 DoS, SSL, DNS poisoning slides1-2 Chapter 5, 8 [Tue]: Sushant Bhattarai, Divya Sengar, Thomas Oestreich
[Thu]: Jonathan DeFreeuw, Kate Nguyen, Zachary Burch
Oct 25, 27 Web security slides1-2 Chapter 7 hw2 open [Tue]: Andy Sin, Kelvin Aviles, Sachin Yadav
[Thu]: Teresa Lin, Tanya Sutan-Tanon, Danny Yang
Nov 1, 3 email security, Wifi security slides1-2 Chapter 10.2, 6.5 hw2 due on Friday, 5PM
hw3 open
[Tue]: TJ Corley, Kevin Koehncke, Philip Whitcomb
[Thu]: Alex Marshall, Anthony Dimarco, Jeffery Smith
Nov 8, 10 RSA public-key cryptosystems, digital signature schemes, Trusted platform model (TPM) slides1-2 Chapters 8.2.3, 9.7.3 [Tue]: Daniel Amick, Anirudha Simha
[Thu]: Zakk Lefkowits, Lucas Rose, Jisu Park
Nov 15, 17 Privacy and anonymity, TOR slides1-2 -- hw3 due on Friday, 5PM
pa3 open
[Thu]: Ryan Whitcomb, Joseph Nuar, James Wong
Nov 22, 24 Thanksgiving Break -- N/A
Nov 29, Dec 1 Advanced topic 1: mobile app security -- [Thu]: Khuram Chughtai, Pia Banerjee, John Janney
Dec 6, 8 Final Exam: 12/9/2016 10:05AM -- 12:05PM -- pa3 due on Monday, 5PM N/A


Class participation and in-class (ungraded) quizzes 10%
Attack/Defense of the week presentation 10%
Written homework assignments (~3) 18%
Programming assignments (~3) 20%
Midterm exam (close-book, close-note) 18%
Final exam (close-book, close-note) 24%

To calculate final grades, I simply sum up the points obtained by each student (the points will sum up to some number x out of 100) and then use the following scale to determine the letter grade: [0-60] F, [60-62] D-, [63-66] D, [67-69] D+, [70-72] C-, [73-76] C, [77-79] C+, [80-82] B-, [83-86] B, [87-89] B+, [90-92] A-, [93-100] A. I do not curve the grades in any way. All fractions will be rounded up.


Late Policy: No late submission is allowed for any assignments in this class except in exceptional circumstances. However, each student has a one-day "time bank" for the semester that you may use to extend an assignment due date by one day without penalty. You do not have to inform anyone when you use your time bank -- just by submitting your assignment late (still need to be no later than 24 hours), you are requesting to use the time-bank day. You can only use it for one assignment (even if you are only late for 1 minute, we consider you used your time bank). You may only use the time bank to extend assignment deadlines. It may not be applied to quizzes, or tests. Except for your time-bank day, no late submissions will be counted toward your grade. The student is personally responsible for keeping track of usage of the time-bank day. Note: Delays resulting from machine availability, hardware failures or your failure to maintain a backup of your work do not merit an extension.

Requests for Regrading: In this class, we will use the Coaches Challenge to handle requests for regrading for assignments. Each student is allotted one (1) challenge each semester. If you want a project or a test to be regraded, you must come to the professor's office hours and make a formal challenge specifying (a) the problem or problems you want to be regraded, and (b) for each of these problems, why you think the problem was misgraded. If it turns out that there has been an error in grading, the grade will be corrected, and you get to keep your challenge. However, if the original grade was correct, then you permanently lose your challenge. Once your challenge is exhausted, you will not be able to request regrades. You may not challenge the grade of the mid-term or the final exam.

In the case of group projects/assignments, all group members must have an available challenge in order to contest a grade. If the challenge is successful, then all group members get to keep their challenge. However, if the challenge is unsuccessful, then all group members permanently lose one challenge.

The Virginia Tech Honor Code: The Virginia Tech Undergraduate Honor Code applies to this course. It describes the expectations for academic integrity in this course. In this course, all assignments, including homework, quizzes, program assignments, and tests, are individual work that you must complete on your own. In this course, you may freely offer and receive assistance on how to use the programming language, what library classes or methods do, what errors mean, or how to interpret assignment instructions with your classmates. You are encouraged to post any such questions to the course discussion forum, and are also encouraged to answer questions posted to the forum from other students. However, you may not give or receive help from others (except course staff) with writing your program code or your answers to any assignment or test. Further, on any course work you may only type at the keyboard, or view your source code on the screen when working alone. Do not show or share your program code with others, and do not view or copy source code from others.

Note: Often, students who are struggling with problems in a program assignment may have trouble interpreting an error message or diagnosing an error in their source code. I encourage you to ask questions about the interpretation of error messages on the forum, and to offer constructive advice to fellow students who run into such problems. If you are asking for help with an error or problem, describe it without showing code where possible. When necessary, you may post a short segment of your own code that you believe contains the problem (a handful of lines where you believe the problem to be). However, refrain from posting significant portions of your own problem solution to the course discussion board. Posts with excessive code may be deleted without notice. Ask the instructor if you are unsure what you are about to post is appropriate. Other than small code segments posted to the course discussion board, you should not use any mechanisms to share or view another student's code, and should not post your own code in any publicly accessible location.

Any writing or discussion of program source code or assignment answers must adhere to the limits expressed above. Examples of honor code violations include: Working with another student to derive a common program or solution to a programming assignment or homework problem. Discussing the details required to solve a programming task. You may not share solutions. Showing your source code to another student to get help fixing a problem, or to explain how you approached a specific task. Copying source code (programs) in whole or in part from someone else, with or without their knowledge or consent. Editing (computer generated) output to achieve apparently correct results. Taking another person's printout from a lab printer, remote printer, trashcan, etc. Note that all electronic work submitted for this course is archived and subjected to automatic plagiarism detection and cheating analysis. Whenever in doubt, please seek help from the instructor.