|Course||CSC-405 Introduction to Computer Security|
|Meeting Location||2201 Engineering Building 3|
|Meeting Times||M/W 16:30pm-17:45pm|
|akaprav ‘at’ ncsu.edu|
|Office Hours||By appointment|
|TA office hours||M/W 10-11 AM room 1229B EB2|
Prerequisite: CSC 246 - Concepts and Facilities of Operating Systems for Computer Scientists
Informal: You need to understand (1) IP networks, (2) modern operating systems (e.g., Windows, Linux), (3) basics of systems theory and implementation (e.g., file systems, distributed systems, networking, operating systems, etc.). If you do not have a basic understanding of these areas, you will have difficulty with the course. If you have questions regarding these prerequisites, please contact the instructor.
In this class, we will explore several aspects of security research with the goal of understanding the attacker’s mindset. The class will help the students to develop a foundation and a well-rounded view of security research. We will cover some of the state-of-the-art attack/defense techniques and ongoing research activities in a number of topics in software security, web security, privacy and network security.
Textbooks and Reading Material
This course has no formal textbook. The course readings will come from online book chapters, seminal papers, and other informative sources.
Here are some useful online books that provide additional information:
- Ross Anderson. Security Engineering, 2nd Edition. Wiley. April 2008.
- Jaeger, T., Operating System Security. Morgan & Claypool, 2008. (PDF available for free download when on NCSU campus network: click here).
Student Learning Outcomes
By the end of this course, students will be able to:
- Explain software, network and web vulnerabilities and implement attacks against them
- Understand what defense mechanisms exist against these attacks, how they work and why some of them fail against the latest attacks
- Describe the methods and motivation of Internet malware and the motivations behind these attacks
- Design systems and software with security in mind
Course Structure and Grading
The course will consist of one midterm, a final and several homework assignments that contribute to the final grade in the following propotions:
|10%||Class Participation and Quizzes|
The final letter grade will be based on the final percentage as follows:
A+ <= 97% < A <= 93% < A- <= 90% < B+ <= 87% < B <= 83% < B- <= 80% < C+ <= 77% < C <= 73% < C- <= 70% < D+ <= 67% < D <= 63% < D- <= 60% < F
REG 02.50.03 (Grades and Grade Point Average) describes the grade point interpretation of letter grades.
The instructor will assign homework assignments on a periodic basis for topics associated with the class assignments. These homeworks require the students to write, program, or perform other basic research. The content and due dates of these assignments will be decided over the course of the semester. If you cannot attend a lecture, contact other students to see if any assignments have been made and consult the syllabus.
Quizzes may given at the beginning of class and will cover topics from the preceding lecture and readings. It is strongly suggested that students do the reading prior class. Quizzes missed because of absences can not be made up unless arrangements are made with the instructor prior to the course meeting.
To do well in this course, students must take active and regular roles in discussion and demonstrate comprehension of the reading and lecture themes. Students are required to do the assigned reading before class. This will be closely monitored by the instructor, thereby making a student’s ability to demonstrate their comprehension of papers essential to a receiving a passing grade. Students are also required to participate in at least one CTF event with the HackPack student group.
Weekly Course Schedule
See the course schedule. Note that the schedule is subject to change as the semester evolves.
No late assignments will be accepted.
The instructor will not take any formal attendance for class meetings. However, as stated above, a portion of the grade is based on class participation, which includes pop quizzes. Additionally, exam material includes anything in the readings, slides, and topics discussed in class. Students missing class should consult classmates on missed material.
The university policy on excused absences will be observed (see http://policies.ncsu.edu/regulation/reg-02-20-03). The students are responsible for discussing makeup exams if they miss exams due to excused absence. The instructor will choose a mutually agreed date and time for the makeup exam. Late submission of homework assignments due to excused absences is not subject to the policies on late assignments.
Academic Integrity Policy
The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct, or from the following URL: http://policies.ncsu.edu/policy/pol-11-35-01
The instructor expects honesty in the completion of test and assignments. The instructor has a zero tolerance policy for violations of academic integrity. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign the 'F' grade and refer the student to the appropriate University bodies for possible further action. It is the understanding and expectation of instructor that the student's signature on any test or assignment means that the student neither gave nor received unauthorized aid. For additional information, visit http://studentconduct.ncsu.edu/
Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.
When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.
Statement on transportation
Students have to provide their own transportation for any and all class related trips.
Statement on safety and risk assumption
This course does not require activities that pose physical risk to students.
Statement for students with disabilities
Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with Disability Services for Students at 1900 Student Health Center, Campus Box 7509, 919-515-7653. For more information on NC State's policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG 02.20.01).
N.C. State University Polices, Regulations, and Rules (PRR)
Students are responsible for reviewing the PRRs which pertain to their course rights and responsibilities. These include: http://policies.ncsu.edu/policy/pol-04-25-05 (Equal Opportunity and Non-Discrimination Policy Statement), http://oied.ncsu.edu/oied/policies.php (Office for Institutional Equity and Diversity), http://policies.ncsu.edu/policy/pol-11-35-01 (Code of Student Conduct), and http://policies.ncsu.edu/regulation/reg-02-50-03 (Grades and Grade Point Average).
Online class evaluations will be available for students to complete during the last two weeks of class. Students will receive an email message directing them to a website where they can login using their Unity ID and complete evaluations. All evaluations are confidential; instructors will never know how any one student responded to any question, and students will never know the ratings for any particular instructors.
|Student help desk:||firstname.lastname@example.org|
|Info about ClassEval:||https://oirp.ncsu.edu/surveys/classeval/for-students/how-classeval-works/|