|Course||CSC/ECE 574 - Computer and Network Security, Spring 2021|
|Meeting Location||Online (see Moodle for Zoom link)|
|Meeting Times||Mo/We 11:45am-1:00pm|
|Instructor||Prof. William Enck|
|Office||3260 EB2 / Virtual|
|Office Hours||Mondays 4-5pm Zoom (No password, waiting room enabled) and by appointment|
|TA||Jinku Cui (email@example.com)|
|TA Office Hours||Tuesdays 4-5pm Zoom (No password, waiting room enabled) and by appointment|
|Class Forum||Class discussion will take place via Moodle Forums|
Informal: You need to understand (1) IP networks, (2) modern operating systems (e.g., Windows, Linux), (3) discrete mathematics, (4) basics of systems theory and implementation (e.g., file systems, distributed systems, networking, operating systems, etc.). If you do not have a basic understanding of these areas, you will have difficulty with the course. If you have questions regarding these prerequisites, please contact the instructor.
This course provides a graduate-level introduction to computer and network security and privacy. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course covers four key topic areas: basics of cryptography and crypto protocols, network security, systems security, and privacy. Readings primarily come from seminal papers in the field. A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.
Textbooks and Reading Material
This course will use the following textbook, along with readings from seminal papers and other informative sources.
- Paul C. Van Oorschot. Computer Security and the Internet: Tools and Jewels. Springer. 2020. Note: Author’s self-archived version is freely available.
Here are some useful online books that provide additional information:
- Ross Anderson. Security Engineering, 2nd Edition. Wiley. April 2008.
- Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press. October 1996.
Student Learning Outcomes
By the end of this course, students will be able to:
- Fundamentals: Specify a security model for a given computer system
- Crypto: Explain and apply concepts related to applied cryptography, including plaintext, ciphertext, symmetric cryptography, asymmetric cryptography, digital signatures.
- Authentication: Outline the requirements and mechanisms for identification and authentication of users and computer systems, including authentication protocols and key management. Identify the possible threats to each mechanism and ways to protect against these threats.
- Network: Identify common network and application layer attacks and defense mechanisms.
- Software: Explain and identify instances of common software vulnerabilities and mitigations.
- System: Explain concepts related to access control and operating system security, including access control matrices, ACLs and capabilities, protection, reference monitors, least privilege, discretionary access control, mandatory access control.
- Privacy: Identify and explain common privacy definitions, techniques, and systems that preserve or reduce privacy.
- Research: Read and interpret bleeding-edge academic research papers on computer and network security and privacy, and describe how the results impact real systems and people.
Course Structure and Grading
The course will consist of four mini-projects or a research project, a midterm, a final, and class discussion activities that contribute the the final grade in the following propotions:
- 40% – Project (Research Project track or the Mini-Projects track)
- 25% – Midterm Exam
- 25% – Final Exam
- 10% – Class Discussion
The final letter grade will be based on the final percentage as follows:
A+ <= 97% < A <= 93% < A- <= 90% < B+ <= 87% < B <= 83% < B- <= 80% < C+ <= 77% < C <= 73% < C- <= 70% < D+ <= 67% < D <= 63% < D- <= 60% < F
REG 02.50.03 describes the grade point interpretation of letter grades.
Project: Students may choose either the Research Project track or the Mini-Projects track. The Research Project track will require the student to execute novel research in systems and network security or privacy. The result of the project will be a conference quality paper. The Mini-Projects track will provide a series of smaller projects that relate more directly to the course material. The projects require a range of programing as well as open-ended investigation.
Class Discussion: The schedule includes a “discussion” paper for most lectures (indicated with “[DISC]”). To earn the “class discussion” portion of the grade, students participate in the discussion for this paper. There will be two types of discussion: in-class and Moodle Forums. By 11:59pm ET the night before each class, students are expected to post thoughts to the online forum. On the day of class, students will vote on which posts they would like to hear discussed in class. Regular section students are then expected to partipate in the discussion during the lecture. Students are encouraged to continue the online discussion after the lecture. Distance Education (DE) section students are not required to participate in the in-class discussion, but are expected to participate in pre and post lecture online discussion.
Weekly Course Schedule
See the course schedule. Note that the schedule is subject to change as the semester evolves.
The following are initial dates for exams and project due dates (subject to change):
- Midterm: Wed Mar 10 (in class)
- Final: Mon May 03 (12n-2:30pm)
- Mini Project Track
- Mini-Project 1: Mon Feb 15
- Mini-Project 2: Mon Mar 15
- Mini-Project 3: Mon Apr 12
- Mini-Project 4: Fri Apr 30
- Research Project Track
- Milestone 1 (idea proposals): Mon Feb 15
- Milestone 2 (related work): Mon Mar 08
- Milestone 3 (research plan): Mon Mar 22
- Milestone 4 (abstract/intro): Wed Apr 07
- Milestone 5 (presentation): Wed Apr 28
- Milestone 6 (final paper): Fri May 07
Privacy and Video Recording
The course will be delievered synchronously via Zoom and will be recorded to be viewed by students who are unable to attend synchronously, including Distance Education (DE) students. By taking this course, you agree for your video and audio to be recorded and shared with other students taking this course this semester.
To ensure this online course is engaging, students are expected to:
- Show their camera video during class.
- Update their Zoom profile picture with a picture of themselves
Students should feel free to turn off their video as needed during the lecture. If you need a “no video” day, please inform the instructor. If your computer does not have a camera, please inform the instructor.
Announcements and online class discussion will occur via the Moodle Forums. Important announcements may also be set via the class Google Groups mailing list. It is the responsibility of the student to sign up for a forum account. The discussion forum should only be used for non-sensitive information. Communications with sensitive information should be emailed to the intructor and/or TA with the subject prefix [CSC574]. The instructor or the TA will do their best to respond to questions within 24 hours. When appropriate, make the question viewable to everyone so that the answer can benefit all students. For sensitive matters (e.g., grading), email the instructor and/or TA. Whenever emailing the TA about grading concerns, please CC the instructor.
Assignment Lateness Policy
Project deadlines will be hard. Late assignments will be accepted within 24 hours with a 25% reduction in grade. Assignments submitted after 24 hours will have a 100% penalty. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.
COVID-19 Note: In light of the COVID-19 pandemic, I intend to be as accommodating as possible. If you are having trouble meeting the detail, please email me to identify a reasonable due date for assignments. However, you must contact me before the assignment is due.
The instructor will not take any formal attendance for class meetings. However, as stated above, a portion of the grade is based on class participation, which includes pop quizzes. Additionally, exam material includes anything in the readings, slides, and topics discussed in class. Students missing class should consult classmates on missed material.
The university policy on excused absences will be observed (see REG 02.20.03). The students are responsible for discussing makeup exams if they miss exams due to excused absence. The instructor will choose a mutually agreed date and time for the makeup exam. Late submission of homework assignments due to excused absences is not subject to the policies on late assignments.
Academic Integrity Policy
Violations of academic integrity will be handled in accordance with the Student Discipline Procedures (NCSU REG 11.35.02). You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct. Students are also strongly encouraged to review the ACM Code of Ethics and Professional Conduct.
The instructor expects honesty in the completion of test and assignments. The instructor has a zero tolerance policy for violations of academic integrity. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign a negative grade and refer the student to the appropriate University bodies for possible further action. It is the understanding and expectation of instructor that the student’s signature on any test or assignment means that the student neither gave nor received unauthorized aid. For additional information, visit studentconduct.ncsu.edu.
Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.
When in doubt, please contact the course professor for advice. Do not undertake any action that could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.
Statement on transportation
Students have to provide their own transportation for any and all class related trips.
Statement on safety and risk assumption
This course does not require activities that pose physical risk to students.
Statement for students with disabilities
Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with the Disability Resource Office at Holmes Hall, Suite 304, Campus Box 7509, 919-515-7653. For more information on NC State’s policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG 02.20.01).
NC State provides equal opportunity and affirmative action efforts, and prohibits all forms of unlawful discrimination, harassment, and retaliation (“Prohibited Conduct”) that are based upon a person’s race, color, religion, sex (including pregnancy), national origin, age (40 or older), disability, gender identity, genetic information, sexual orientation, or veteran status (individually and collectively, “Protected Status”). Additional information as to each Protected Status is included in NCSU REG 04.25.02 (Discrimination, Harassment and Retaliation Complaint Procedure). NC State’s policies and regulations covering discrimination, harassment, and retaliation may be accessed at POL 04.25.05 or https://oied.ncsu.edu/divweb/. Any person who feels that he or she has been the subject of prohibited discrimination, harassment, or retaliation should contact the Office for Equal Opportunity (OEO) at 919-515-3148.
Additional NC State Rules and Regulations
Students are responsible for reviewing the NC State University Policies, Rules, and Regulations (PRRs) which pertain to their course rights and responsibilities, including those referenced both below and above in this syllabus:
- Equal Opportunity and Non-Discrimination Policy Statement https://policies.ncsu.edu/policy/pol-04-25-05 with additional references at https://oied.ncsu.edu/divweb/policies/
- Code of Student Conduct https://policies.ncsu.edu/policy/pol-11-35-01.
In an effort to affirm and respect the identities of transgender students in the classroom and beyond, please contact me if you wish to be referred to using a name and/or pronouns other than what is listed in the student directory.
Students may be required to disclose personally identifiable information to other students in the course, via electronic tools like email or web-postings, where relevant to the course. Examples include online discussions of class topics, and posting of student coursework. All students are expected to respect the privacy of each other by not sharing or using such information outside the course.
Students are responsible for reviewing the NC State University PRR’s which pertains to their course rights and responsibilities:
- Equal Opportunity and Non-Discrimination Policy Statement https://policies.ncsu.edu/policy/pol-04-25-05 with additional references at https://oied.ncsu.edu/equity/policies/
- Code of Student Conduct https://policies.ncsu.edu/policy/pol-11-35-01
- Grades and Grade Point Average https://policies.ncsu.edu/regulation/reg-02-50-03
- Credit-Only Courses https://policies.ncsu.edu/regulation/reg-02-20-15
- Audits https://policies.ncsu.edu/regulation/reg-02-20-04
COVID-19 Specific Information
Due to the Coronavirus pandemic, public health measures have been implemented across campus. Students should stay current with these practices and expectations through the Protect the Pack website (https://www.ncsu.edu/coronavirus/). The sections below provide expectations and conduct related to COVID-19 issues.
Health and Participation in Class
We are most concerned about your health and the health of your classmates and instructors/TAs.
- If you test positive for COVID-19, or are told by a healthcare provider that you are presumed positive for the virus, please work with your instructor on health accommodations and follow other university guidelines, including self-reporting: https://healthypack.dasa.ncsu.edu/coronavirus/. Self-reporting is not only to help provide support to you, but also to assist in contact tracing for containing the spread of the virus.
- If you feel unwell, even if you have not been knowingly exposed to COVID-19, please do not attend any in-person classes.
- If you are in quarantine, have been notified that you may have been exposed to COVID-19, or have a personal or family situation related to COVID-19 that prevents you from attending this course in person (or synchronously), please connect with your instructor to discuss the situation and make alternative plans, as necessary.
- If you need to make a request for an academic consideration related to COVID-19, such as a discussion about possible options for remote learning, please talk with your instructor for the appropriate process to make a COVID-19 request.
Health and Well-Being Resources
These are difficult times, and academic and personal stress is a natural result. Everyone is encouraged to take care of themselves and their peers. If you need additional support, there are many resources on campus to help you:
- Counseling Center (https://counseling.dasa.ncsu.edu/)
- Health Center (https://healthypack.dasa.ncsu.edu/)
- If the personal behavior of a classmate concerns or worries you, either for the classmate’s well-being or yours, we encourage you to report this behavior to the NC State CARES team: (https://advising.dasa.ncsu.edu/resources-for-advisors/advisors-toolkit/cares/)
- If you or someone you know are experiencing food, housing or financial insecurity, please see the Pack Essentials Program (https://dasa.ncsu.edu/pack-essentials/).
Community Standards related to COVID-19
We are all responsible for protecting ourselves and our community. Please see the community expectations and Rule 04.21.01 regarding Personal Safety Requirements Related to COVID-19.
Course Expectations Related to COVID-19:
- Course Attendance: NC State attendance policies can be found at: https://policies.ncsu.edu/regulation/reg-02-20-03-attendance-regulations/. Please refer to this course’s attendance, absence, and deadline policies for additional details. If you are quarantined or otherwise need to miss class because you have been advised that you may have been exposed to COVID-19, you should not be penalized regarding attendance or class participation. However, you will be expected to develop a plan to keep up with your coursework during any such absences. If you become ill with COVID-19, you should follow the steps outlined in the health and participating section above. COVID 19-related absences will be considered excused; documentation need only involve communication with your instructor.
Course Meeting Schedule: Your course might not have a traditional meeting schedule in Fall 2020. Be sure to pay attention to any updates to the course schedule as the information in this syllabus may have changed. Please discuss any questions you have with the instructor.
- Technology Requirements: This course may require particular technologies to complete coursework. Be sure to review the syllabus for these expectations, and see go.ncsu.edu/syllabus-tech-requirements to find out more about technical requirements for your course. If you need access to additional technological support, please contact the Libraries’ Technology Lending Service: https://www.lib.ncsu.edu/devices.
Course Delivery Changes Related to COVID-19
Please be aware that the situation regarding COVID-19 is frequently changing, and the delivery mode of this course may need to change accordingly, including from in-person to online. Regardless of the delivery method, we will strive to provide a high-quality learning experience.
Grading/Scheduling Changing Options Related to COVID-19
If the delivery mode has a negative impact on your academic performance in this course, the university has provided tools to potentially reduce the impact:
- Enhanced S/U Grading Option: https://studentservices.ncsu.edu/your-resources/covid-19/spring2020-sat-grading/
- Late Drop: https://studentservices.ncsu.edu/your-resources/covid-19/spring2020-latedrop/
In some cases, another option may be to request an incomplete in the course. Before using any of these tools, discuss the options with your instructor and your academic advisor. Be aware that if you use the enhanced S/U, you will still need to complete the course and receive at least a C- to pass the course.
Other Important Resources
- Keep Learning: https://dasa.ncsu.edu/students/keep-learning/
- Protect the Pack FAQs: https://www.ncsu.edu/coronavirus/frequently-asked-questions/
- NC State Protect the Pack Resources for Students: https://www.ncsu.edu/coronavirus/reactivating-campus/resources-for-students/
- NC State Keep Learning, tips for students opting to take courses remotely: https://dasa.ncsu.edu/students/keep-learning/
- Introduction to Zoom for students: https://youtu.be/5LbPzzPbYEw
- Learning with Moodle, a student’s guide to using Moodle: https://moodle-projects.wolfware.ncsu.edu/course/view.php?id=226