|Course||CSC474 - Network Security, Fall 2018|
|Meeting Location||1005 EB1|
|Meeting Times||Tu/Th 4:30 – 5:45|
|Instructor||Prof. Brad Reaves|
|bgreaves -at- ncsu.edu (Include “[CSC 474]” in subject)|
|Office Hours||Wednesdays 4-5pm and by appointment|
|TA||Mohammad Maruful Haque (“Maruf”)|
|TA Office Hours||Thursdays 1:30 – 2:30|
|TA Office Hours Location||EB2 1229B|
|Final Exam Period||Dec. 11 1:00-4:00pm|
Formal: CSC 230
Strongly Encouraged: CSC 401
This course introduces students to network security. By examining case studies and reading seminal research papers, students will learn about network attacks and vulnerabilities as well as current defenses. Topics covered include cryptography, confidentiality and authentication protocols, botnets, firewalls, intrusion detection systems, and communication privacy and anonymity.
This introductory course will impart a broad understanding of the underpinnings of security techniques, security best practices, and computer security research. The course should help students to understand the mindsets of attackers (the bad guys and gals who do malicious things on the network) and system designers and defenders (the good guys and gals who try to stop the attackers). The course should prepare students to understand and assess security threats, become familiar with security engineering best practices, and write better software, protocols, and systems.
A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.
Textbooks and Reading Material
This course has no formal textbook. The course readings will come from online book chapters, seminal papers, and other informative sources.
We will have some readings from the following textbooks, which are available from the NCSU Library:
- Charles P. Pfleeger, Shari Lawrence Pfleeger. Analyzing computer security: a threat/vulnerability/countermeasure approach, 1st edition. Prentics Hall. 2012.
- Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security: Private Communication in a Public World, 2nd edition. Prentice Hall. 2002.
Here are some useful online books that provide additional information:
- Ross Anderson. Security Engineering, 2nd Edition. Wiley. April 2008.
- Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press. October 1996.
Student Learning Outcomes
By the end of this course, students will be able to:
- Explain concepts related to applied cryptography, including plaintext, ciphertext, symmetric cryptography, asymmetric cryptography, digital signatures.
- Outline the requirements and mechanisms for identification and authentication of users and computer systems, including authentication protocols and key management. Identify the possible threats to each mechanism and ways to protect against these threats.
- Explain common network and Web vulnerabilities and attacks, defense mechanisms against these attacks, and cryptographic protection mechanisms.
- Describe the methods and motivation of Internet malware, and explain existing defense mechanisms and their limitations.
Course Structure and Grading
The course will consist of two midterms, a final, five homework assignments, quizzes, and class participation that contribute the the final grade in the following propotions:
- 17% Exam 1
- 17% Exam 2
- 26% Final Exam
- 40% Homework Assignments
The final letter grade will be based on the final percentage as follows:
A+ <= 97% < A <= 93% < A- <= 90% < B+ <= 87% < B <= 83% < B- <= 80% < C+ <= 77% < C <= 73% < C- <= 70% < D+ <= 67% < D <= 63% < D- <= 60% < F
REG 02.50.03 describes the grade point interpretation of letter grades.
Homework Assignments: The instructor will assign homework assignments on a periodic basis for topics associated with the class assignments. These homeworks include questions as well as programming tasks. The content and due dates of these assignments will be decided over the course of the semester. If you cannot attend a lecture, contact other students to see if any assignments have been made and consult the syllabus.
Quizzes: Quizzes may given at the beginning of class and will cover topics from the preceding lecture and readings. It is strongly suggested that students do the reading prior class. Quizzes missed because of absences can not be made up unless arrangements are made with the instructor prior to the course meeting. Any quizzes will be included in the “Homework” portion of the grade.
Class Participation: To do well in this course, students must take active and regular roles in discussion and demonstrate comprehension of the reading and lecture themes. Students are required to do the assigned reading before class. This will be closely monitored by the instructor, thereby making a student’s ability to demonstrate their comprehension of papers essential to a receiving a passing grade.
Grading Concerns Timely and informative feedback is an essential element of effective education, and the instructional staff makes every effort to fairly and accurately grade every assignment and exam. If a student believes that a grading error has been made, they should contact the instructional staff by email clearly and objectively detailing the error and how the student believes it should be corrected. Grading corrections will not be made without a request in writing. While we are happy to correct honest errors, note that in the case of a grade dispute, the instructional staff reserves the right to regrade an entire assignment.
Weekly Course Schedule
See the course schedule. Note that the schedule is subject to change as the semester evolves.
Assignment Lateness Policy
All out-of-class assigments will be due at 11:50pm the day of the deadline unless otherwise specified. All deadlines are hard. Late homework will be accepted within 72 hours with a 20% reduction in grade per day. Homeworks submitted after 72 hours will have a 100% penalty. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.
The instructor will not take any formal attendance for class meetings. However, exam material includes anything in the readings, slides, and topics discussed in class. Students missing class should consult classmates on missed material and review the class recordings.
The university policy on excused absences will be observed (see REG 02.20.03). The students are responsible for discussing makeup exams if they miss exams due to excused absence. The instructor will choose a mutually agreed date and time for the makeup exam. Late submission of homework assignments due to excused absences is not subject to the policies on late assignments.
Academic Integrity Policy
Students are welcome and encouraged to discuss homework and project solutions (unless otherwise directed by the assignment). However, this discussion should be at a high-level and code or text should not be shared. All students should indicate their collaborators on every assignment turned in.
Students are explicitly forbidden from copying the work of others (with or without superficial modification). This includes Internet or text sources for code or prose. One exception is snippets of code (up to 5 lines) from reference sources (like man pages or library documentation). Snippets copied from references should be cited with a code comment.
My experiences with NC State students so far have lead me to believe that nearly every student is honorable, and I have every reason to believe that the students in this course will complete assignments in an honest fashion.
However, should an incident arise where I believe academic misconduct has occured, the university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct. The instructor expects honesty in the completion of test and assignments. For everyone’s sake, the instructor has a zero tolerance policy for violations of academic integrity. which include but are not limited to plagiarism and illegal collaboration. If a student is in doubt about the conduct of themselves or others, the instructor welcomes questions about this policy. In this case, it is far better to ask permission, as there will not be forgiveness of academic misconduct. The penalties for academic misconduct will include assigning at least a negative grade and refering the student to the appropriate University bodies for possible further action.
It is the understanding and expectation of instructor that the student’s signature on any test or assignment means that the student neither gave nor received unauthorized aid. For additional information, visit studentconduct.ncsu.edu.
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.
When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.
Resources for Support
The instructor’s goal is to help students gain a clear understanding of the course material, to foster a deep interest in the topic of computer security, and develop the basic research skills essential to a career at the frontiers of technology. With security, the devil is often in the details, and crucial understanding often relies on subtleties. Accordingly, it is natural for students to struggle both with the content of this course and with requisite background material.
To this end, the instructional staff are providing a number of mechanisms for support. These include:
Piazza The course will feature a Piazza message board. This should be your first go-to resource for any questions about course structure, deadlines, class material, or anything else that could possibly be relevant to other students. Note that active participation in Piazza will enhance your participation grade. The instructional staff receives emails from Piazza, so any questions posted to Piazza will be addressed as fast or faster than those sent by email.
MediaSite I will make recorded lectures available to you to aid in studying or to help in catching up after absences. These will be available on Mediasite. Please be advised this course is being recorded for current and potential future educational purposes. By your continued participation in this recorded course, you are providing your permission to be recorded.
Office Hours The instructor and teaching assistants will hold office hours every week. Students are highly encouraged to come to office hours with the instructor or TAs to discuss doubts about course material, concerns about course performance, or to discuss computer security beyond what can be discussed in class. The instructor is also available by appointment when an office hours meeting is impractical.
Email The instructional staff strongly requests that you limit individual emails to communications regarding private questions (like grade concerns), appointment and make up exam requests, and other communications that are not suitable for Piazza. Note that emails that are of a general nature will be posted anonymously to Piazza on a student’s behalf. To ensure that student emails receive a high priority, students should place the string “[CSC 474]” somewhere in the subject line.
If at any time you have constructive suggestions about how to improve the course, feel free to share them with the instructor during office hours or via an email.
Statement on Identity
I make an effort to treat all of my students with respect, and an important part of that is correctly addressing students with correct names and pronouns. If you would like to be called by a different name or pronoun other than what is in the directory, let me know (in person or email). Also, if I mispronounce your name, please let me know – it is not intentional!
Statement on Class Evaluation
Online class evaluations will be available for students to complete during the last 2 weeks of the semester for full semester courses and the last week of shorter sessions. Evaluations then become unavailable at 8am on the first day of finals. When the time comes, please complete these evaluations – I take them very seriously!
Statement on transportation
Students have to provide their own transportation for any and all class related trips.
Statement on safety and risk assumption
This course does not require activities that pose physical risk to students.
Statement for students with disabilities
Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with Disability Services for Students at 1900 Student Health Center, Campus Box 7509, 919-515-7653. For more information on NC State’s policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG 02.20.01).
N.C. State University Polices, Regulations, and Rules (PRR)
Students are responsible for reviewing the PRRs which pertain to their course rights and responsibilities. These include: Equal Opportunity and Non-Discrimination Policy Statement, Office for Institutional Equity and Diversity, Code of Student Conduct, and Grades and Grade Point Average.