Course Details

Course CSC/ECE 574: Computer \& Network Security

Meeting Location 1021 EB2

Meeting Times MW 4:30-5:45

Credits 3 credit hours

Instructor Dr. Brad Reaves

Email bgreaves -at- ncsu.edu (include “CSC 574” in the subject)

Office 3256 Engineering Building 2

Office Hours Thursdays 3-4pm

TA

Sanghyun Ahn (sahn6 -at- ncsu.edu)

Tae Hyun Kim (tkim13 -at- ncsu.edu)

TA Office Hours

S. Ahn: Mondays 8:30-9:30am in EB2 1229B

T. Kim: Wednesdays 10:00-11:00am in EB2 1229B

Course Prerequisites

Informal: You need to understand (1) IP networks, (2) modern operating systems (e.g., Windows, Linux), (3) discrete mathematics, (4) basics of systems theory and implementation (e.g., file systems, distributed systems, networking, operating systems, etc.). If you do not have a basic understanding of these areas, you will have difficulty with the course. If you have questions regarding these prerequisites, please contact the instructor.

Overview

This course provides a graduate-level introduction to computer and network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography, cryptanalysis, and systems security, and continues by covering a number of seminal papers and monographs in a wide range of security areas.

Topics covered include network security, authentication, security protocol design and analysis, security modeling, key management, program safety, intrusion detection, DDoS detection and mitigation, architecture/operating systems security, security policy, web security, and other emerging topics. A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) will be available on the course schedule.

Textbooks and Reading Material

This course has no formal textbook. The course readings will come from online book chapters, seminal papers, and other informative sources.

Student Learning Outcomes

By the end of this course, students will be able to:

  • Design and evaluate computer systems using adversarial analysis, including developing realistic threat models for computer systems
  • Select topics, execute, and communicate the results of novel computer security research
  • Identify and address ethical concerns in computer security design, operations, research and auditing

Doing these things will rely on acquiring a large body of knowledge about computer systems security, and at the end of this course students will be able to:

  • Explain concepts related to applied cryptography, including plaintext, ciphertext, symmetric cryptography, asymmetric cryptography, digital signatures.
  • Outline the requirements and mechanisms for identification and authentication of users and computer systems, including authentication protocols and key management. Identify the possible threats to each mechanism and ways to protect against these threats.
  • Explain concepts related to access control and operating system security, including access control matrices, protection, reference monitors, least privilege, discretionary access control, mandatory access control, multi-level security, role-based access control, and capabilities.
  • Explain common network, software, and web vulnerabilities and attacks, defense mechanisms against these attacks, and cryptographic protection mechanisms.
  • Describe the methods and motivation of malware and explain existing defense mechanisms and their limitations.

Course Structure and Grading

The course will consist of one midterm, a final, quizzes, class participation, and several homework assignments and a course research project that contribute the the final grade in the following proportions:

  • 25% Course Research Project
  • 25% Mid-term Exam
  • 25% Final Exam
  • 20% Homework Assignments
  • 5% Class Participation and Quizzes

The final letter grade will be based on the final percentage as follows:

A+ <= 97% < A <= 93% < A- <= 90% < B+ <= 87% < B <= 83% < B- <= 80% < C+ <= 77% < C <= 73% < C- <= 70% < D+ <= 67% < D <= 63% < D- <= 60% < F

REG 02.50.03 describes the grade point interpretation of letter grades.

Assignments: The instructor will assign homework assignments on a periodic basis for topics associated with the class assignments. These homeworks require the students to write, program, or perform other basic research. The content and due dates of these assignments will be decided over the course of the semester. If you cannot attend a lecture, contact other students to see if any assignments have been made and consult the syllabus.

Course Project: The course project requires that students execute research in systems security. The result of the project will be a poster presentation. Project topics will be discussed in class after the introductory material is completed. Be realistic about what can be accomplished in a single semester. However, the work should reflect real thought and effort - projects executed in the closing days of the semester are unlikely to be well received. The grade will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort.

Quizzes: Quizzes may given at the beginning of class and will cover topics from the preceding lecture and readings. It is strongly suggested that students do the reading prior class. Quizzes missed because of absences can not be made up unless arrangements are made with the instructor prior to the course meeting.

Class Participation: To do well in this course, students must take active and regular roles in discussion and demonstrate comprehension of the reading and lecture themes. Students are required to do the assigned reading before class. This will be closely monitored by the instructor, thereby making a student’s ability to demonstrate their comprehension of papers essential to a receiving a passing grade.

Students are encouraged to use mobile devices during lectures in ways that facilitate their learning and do not distract others. However, using devices for activites not related to the lecture (including excessive off-topic browsing, social media, or for out-of-class assignments) will result in poor participation grades.

Grading Concerns Timely and informative feedback is an essential element of effective education, and the instructional staff makes every effort to fairly and accurately grade every assignment and exam. If a student believes that a grading error has been made, they should contact the instructional staff by email clearly and objectively detailing the error and how the student believes it should be corrected. Grading corrections will not be made without a request in writing. While we are happy to correct honest errors, note that in the case of a grade dispute, the instructional staff reserves the right to regrade an entire assignment.

Weekly Course Schedule

See the course schedule. Note that the schedule is subject to change as the semester evolves.

Assignment Lateness Policy

Homework and project deadlines will be hard. Late Assignments and projects are assessed a 20% per-day late penalty, with a maximum of 3 days. Unless the problem is apocalyptic, excuses will not be effective in reducing the penalty. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

Attendance Policy

The instructor will not take any formal attendance for class meetings. However, as stated above, a portion of the grade is based on class participation, which includes pop quizzes. Additionally, exam material includes anything in the readings, slides, and topics discussed in class. Students missing class should consult classmates on missed material.

The university policy on excused absences will be observed (see REG 02.20.03). The students are responsible for discussing makeup exams if they miss exams due to excused absence. The instructor will choose a mutually agreed date and time for the makeup exam. Late submission of homework assignments due to excused absences is not subject to the policies on late assignments.

Academic Integrity Policy

The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct.

The instructor expects honesty in the completion of test and assignments. For everyone’s sake, the instructor has a zero tolerance policy for violations of academic integrity. which include but are not limited to plagiarism and illegal collaboration. If a student is in doubt about the conduct of themselves or others, the instructor welcomes questions about this policy. In this case, it is far better to ask permission, as there will not be forgiveness of academic misconduct.

The penalties for academic misconduct will include assigning at least a negative grade and refering the student to the appropriate University bodies for possible further action.

It is the understanding and expectation of instructor that the student’s signature on any test or assignment means that the student neither gave nor received unauthorized aid. For additional information, visit studentconduct.ncsu.edu.

Students are explicitly forbidden from copying the work of others (with or without superficial modification). This includes Internet or text sources for code or prose. One exception is snippets of code (up to 5 lines) from reference sources (like man pages or library documentation). Snippets copied from references should be cited with a code comment.

Students are welcome and encouraged to discuss homework and project solutions (unless otherwise directed by the assignment). However, this discussion should be at a high-level and code or text should not be shared. All students should indicate their collaborators on every assignment turned in.

Ethics Statement

This course considers topics involving personal and public privacy and security, and this course covers topics concerning the security of many systems that are widely deployed and potentially critical. As part of this course, we will investigate methods, tools and techniques whose use may negatively impact the rights, property and lives of others. As security professionals, we rely upon the ethical use of the above technologies to perform research. However, it is easy to use such tools in an unethical manner. Unethical use includes the circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services.

This is NOT a class on hacking. Any activity outside of the spirit of these guidelines will be reported to the proper authorities both within and outside of NC State and may result in dismissal from the class and the University. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through the proper channels; however, students with any doubt should consult the instructor for advice. DO NOT conduct any action which could be perceived as technology misuse anywhere or under any circumstances unless you have received explicit permission from the instructor.

When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.

Resources for Support

The instructor’s goal is to help students gain a clear understanding of the course material, to foster a deep interest in the topic of computer security, and develop the basic research skills essential to a career at the frontiers of technology. With security, the devil is often in the details, and crucial understanding often relies on subtleties. Accordingly, it is natural for students to struggle both with the content of this course and with requisite background material.

To this end, the instructional staff are providing a number of mechanisms for support. These include:

  • Piazza The course will feature a Piazza message board. This should be your first go-to resource for any questions about course structure, deadlines, class material, or anything else that could possibly be relevant to other students. Note that active participation in Piazza will enhance your participation grade. The instructional staff receives emails from Piazza, so any questions posted to Piazza will be addressed as fast or faster than those sent by email.

  • MediaSite I will make recorded lectures available to you to aid in studying or to help in catching up after absences. These will be available on Mediasite. Please be advised this course is being recorded for current and potential future educational purposes. By your continued participation in this recorded course, you are providing your permission to be recorded.

  • Office Hours The instructor and two teaching assistants will hold office hours several times per week. Students are highly encouraged to come to office hours with the instructor or TAs to discuss doubts about course material, concerns about course performance, or to discuss computer security beyond what can be discussed in class. The instructor is also available by appointment when an office hours meeting is impractical.

  • Email The instructional staff strongly requests that you limit individual emails to communications regarding private questions (like grade concerns), appointment and make up exam requests, and other communications that are not suitable for Piazza. Note that emails that are of a general nature will be posted anonymously to Piazza on a student’s behalf. To ensure that student emails receive a high priority, students should place the string “[CSC 574]” somewhere in the subject line.

If at any time you have constructive suggestions about how to improve the course, feel free to share them with the instructor during office hours or via an email.

Statement on transportation

Students have to provide their own transportation for any and all class related trips.

Statement on safety and risk assumption

This course does not require activities that pose physical risk to students.

Statement for students with disabilities

Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with Disability Services for Students at 1900 Student Health Center, Campus Box 7509, 919-515-7653. For more information on NC State’s policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG 02.20.01).

N.C. State University Polices, Regulations, and Rules (PRR)

Students are responsible for reviewing the PRRs which pertain to their course rights and responsibilities. These include: Equal Opportunity and Non-Discrimination Policy Statement, Office for Institutional Equity and Diversity, Code of Student Conduct, and Grades and Grade Point Average.