|Course||CSC474 - Network Security, Fall 2019|
|Meeting Location||2207 Engineering Building 3|
|Meeting Times||Tu/Th 4:30 – 5:45|
|Instructor||Prof. Brad Reaves|
|bgreaves -at- ncsu.edu (Include “[CSC 474]” in subject)|
|Office Hours||Tuesdays 2-3pm and by appointment|
|TA Office Hours||TBD|
|TA Office Hours Location||TBD|
|Final Exam Period||Dec. 17 1:00-4:00pm|
Formal: CSC 230 or ECE 209
Strongly Encouraged: CSC 401
This course introduces students to network security. By examining case studies and reading seminal research papers, students will learn about network attacks and vulnerabilities as well as current defenses. Topics covered include cryptography, confidentiality and authentication protocols, botnets, firewalls, intrusion detection systems, and communication privacy and anonymity.
This introductory course will impart a broad understanding of the underpinnings of security techniques, security best practices, and computer security research. The course should help students to understand the mindsets of attackers (the bad guys and gals who do malicious things on the network) and system designers and defenders (the good guys and gals who try to stop the attackers). The course should prepare students to understand and assess security threats, become familiar with security engineering best practices, and write better software, protocols, and systems.
A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule. This course schedule is authoritative in the event of a conflict (e.g., with a Moodle date).
Textbooks and Reading Material
This course has no formal textbook. The course readings will come from online book chapters, seminal papers, and other informative sources.
We will have optional supplementary readings from the following textbooks, which are on reserve at the NCSU Library:
- Charles P. Pfleeger, Shari Lawrence Pfleeger. Analyzing computer security: a threat/vulnerability/countermeasure approach, 1st edition. Prentics Hall. 2012.
- Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security: Private Communication in a Public World, 2nd edition. Prentice Hall. 2002.
Here are some useful online books that provide additional information:
- Ross Anderson. Security Engineering, 2nd Edition. Wiley. April 2008.
- Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press. October 1996.
Student Learning Outcomes
By the end of this course, students will be able to:
- Explain concepts related to applied cryptography, including plaintext, ciphertext, symmetric cryptography, asymmetric cryptography, digital signatures.
- Outline the requirements and mechanisms for identification and authentication of users and computer systems, including authentication protocols and key management. Identify the possible threats to each mechanism and ways to protect against these threats.
- Explain common network and Web vulnerabilities and attacks, defense mechanisms against these attacks, and cryptographic protection mechanisms.
- Describe the methods and motivation of Internet malware, and explain existing defense mechanisms and their limitations.
Course Structure and Grading
The course will consist of two midterms, a final, five homework assignments, quizzes, and class participation that contribute the the final grade in the following propotions:
- 17% Exam 1
- 17% Exam 2
- 26% Final Exam
- 40% Homework Assignments
The final letter grade will be based on the final percentage as follows:
A+ <= 97% < A <= 93% < A- <= 90% < B+ <= 87% < B <= 83% < B- <= 80% < C+ <= 77% < C <= 73% < C- <= 70% < D+ <= 67% < D <= 63% < D- <= 60% < F
REG 02.50.03 describes the grade point interpretation of letter grades.
Homework Assignments: The instructor will assign homework assignments on a periodic basis for topics associated with the class assignments. These homeworks include questions as well as programming tasks. The content and due dates of these assignments will be decided over the course of the semester and are subject to change. If you cannot attend a lecture, contact other students to see if any assignments have been made and consult the syllabus.
Quizzes: Quizzes may given at the beginning of class and will cover topics from the preceding lecture and readings. It is strongly suggested that students do the reading prior class. Quizzes missed because of absences can not be made up unless arrangements are made with the instructor prior to the course meeting. Any quizzes will be included in the “Homework” portion of the grade.
Class Participation: To do well in this course, students should take active and regular roles in discussion and demonstrate comprehension of any reading and lecture themes. Students must do any required reading before class, and this may be monitored through in-class quizzes.
Grading Concerns Timely and informative feedback is an essential element of effective education, and the instructional staff makes every effort to fairly and accurately grade every assignment and exam. If a student believes that a grading error has been made, they should contact the instructional staff by email clearly and objectively detailing the error and how the student believes it should be corrected. Grading corrections will not be discussed without a request in writing. While we are happy to correct honest errors, note that in the case of a grade dispute, the instructional staff reserves the right to regrade an entire assignment.
Weekly Course Schedule
See the course schedule. Note that the schedule is subject to change as the semester evolves.
Assignment Lateness Policy
All out-of-class assigments will be due at 11:50pm the day of the deadline unless otherwise specified. All deadlines are hard. Late homework will be accepted within 72 hours with a 20% reduction in grade per day. Homeworks submitted after 72 hours will have a 100% penalty. Students with legitimate reasons who contact the professor before the deadline may request an extension.
The instructor will not take any formal attendance for class meetings. However, exam material includes anything in the required readings, slides, and topics discussed in class. Students missing class should consult classmates on missed material and review the class recordings.
The university policy on excused absences will be observed (see REG 02.20.03). The students are responsible for discussing makeup exams if they miss exams due to excused absence. The instructor will choose a mutually agreed date and time for the makeup exam. Late submission of homework assignments due to excused absences is not subject to the policies on late assignments.
Academic Integrity Policy
Students are welcome and encouraged to discuss homework and project solutions (unless otherwise directed by the assignment). However, this discussion should be at a high-level and code or text should not be shared. All students should indicate their collaborators on every assignment turned in.
Students are explicitly forbidden from copying the work of others (with or without superficial modification). This includes Internet or text sources for code or prose. One exception is snippets of code (up to 5 lines) from reference sources (like man pages or library documentation). Snippets copied from references should be cited with a code comment.
My experiences with NC State students so far have lead me to believe that nearly every student is honorable, and I have every reason to believe that the students in this course will complete assignments in an honest fashion.
However, should an incident arise where I believe academic misconduct has occured, the university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct. The instructor expects honesty in the completion of test and assignments. For everyone’s sake, the instructor has a zero tolerance policy for violations of academic integrity, which include but are not limited to plagiarism and unapproved collaboration. If a student is in doubt about the conduct of themselves or others, the instructor welcomes questions about this policy. In this case, it is far better to ask permission, as there will not be forgiveness of academic misconduct. The penalties for academic misconduct will include assigning at least a negative grade and refering the student to the appropriate University bodies for possible further action.
It is the understanding and expectation of instructor that the student’s signature on any test or assignment means that the student neither gave nor received unauthorized aid. For additional information, visit studentconduct.ncsu.edu.
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class. This is a very serious issue – violations may not just be immoral, they may violate federal laws.
When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.
Students are also encouraged to read and adhere to the ACM Code of Ethics and Professional Conduct. Note that building secure and privacy-respecting systems is considered an ethical obligation, not merely a suggestion, by the ACM.
Resources for Support
The instructor’s goal is to help students gain a clear understanding of the course material, to foster a deep interest in the topic of computer security, and develop the basic research skills essential to a career at the frontiers of technology. With security, the devil is often in the details, and crucial understanding often relies on subtleties. Accordingly, it is natural for students to struggle both with the content of this course and with requisite background material.
To this end, the instructional staff are providing a number of mechanisms for support. These include:
Piazza The course will feature a Piazza message board. This should be your first go-to resource for any questions about course structure, deadlines, class material, or anything else that could possibly be relevant to other students. Note that active participation in Piazza will enhance your participation grade. The instructional staff receives emails from Piazza, so any questions posted to Piazza will be addressed as fast or faster than those sent by email.
MediaSite I will make recorded lectures available to you to aid in studying or to help in catching up after absences. These will be available on Mediasite. Please be advised this course is being recorded for current and potential future educational purposes. By your continued participation in this recorded course, you are providing your permission to be recorded.
Office Hours The instructor and teaching assistants will hold office hours every week. Students are highly encouraged to come to office hours with the instructor or TAs to discuss doubts about course material, concerns about course performance, or to discuss computer security beyond what can be discussed in class. The instructor is also available by appointment when an office hours meeting is impractical.
Email The instructional staff strongly requests that you limit individual emails to communications regarding private questions (like grade concerns), appointment and make up exam requests, and other communications that are not suitable for Piazza. Note that emails that are of a general nature will be posted anonymously to Piazza on a student’s behalf. To ensure that student emails receive a high priority, students should place the string “[CSC 474]” somewhere in the subject line.
If at any time you have constructive suggestions about how to improve the course, feel free to share them with the instructor during office hours or via an email.
Statement on Identity
I make an effort to treat all of my students with respect, and an important part of that is correctly addressing students with correct names and pronouns. If you would like to be called by a different name or pronoun other than what is in the directory, let me know (in person or email). Also, if I mispronounce your name, please let me know – it is not intentional!
Statement on Class Evaluation
Online class evaluations will be available for students to complete during the last 2 weeks of the semester for full semester courses and the last week of shorter sessions. Evaluations then become unavailable at 8am on the first day of finals. When the time comes, please complete these evaluations – I take them very seriously!
Statement on transportation
Students have to provide their own transportation for any and all class related trips.
Statement on safety and risk assumption
This course does not require activities that pose physical risk to students.
Statement for students with disabilities
Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with Disability Services for Students at 1900 Student Health Center, Campus Box 7509, 919-515-7653. For more information on NC State’s policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG 02.20.01).
NC State provides equal opportunity and affirmative action efforts, and prohibits all forms of unlawful discrimination, harassment, and retaliation (“Prohibited Conduct”) that are based upon a person’s race, color, religion, sex (including pregnancy), national origin, age (40 or older), disability, gender identity, genetic information, sexual orientation, or veteran status (individually and collectively, “Protected Status”). Additional information as to each Protected Status is included in NCSU REG 04.25.02 (Discrimination, Harassment and Retaliation Complaint Procedure). NC State’s policies and regulations covering discrimination, harassment, and retaliation may be accessed at http://policies.ncsu.edu/policy/pol-04-25-05 or https://oied.ncsu.edu/divweb/. Any person who feels that he or she has been the subject of prohibited discrimination, harassment, or retaliation should contact the Office for Equal Opportunity (OEO) at 919-515-3148.
N.C. State University Polices, Regulations, and Rules (PRR)
Students are responsible for reviewing the PRRs which pertain to their course rights and responsibilities. These include: Equal Opportunity and Non-Discrimination Policy Statement, Office for Institutional Equity and Diversity, Code of Student Conduct, and Grades and Grade Point Average.