A printable PDF is also available.

CSC 481/681 – Fall 2021 – Syllabus

Instructor: Stephen R. Tate (Steve)
Lectures: Tues/Thurs 3:30-4:45, Petty Building, Room 219
Office: Petty 157
Office Hours: Tues/Thurs 1:45-3:15 (or by appointment), in-person or virtual – see below
E-mail:

Note regarding Fall 2021: While the COVID-19 pandemic is ongoing, the wide availability of safe and effective vaccines provide hope that we will be able to hold a somewhat normal, in-person semester. In particular, this class is planned as a fully in-person class, and you are expected to attend lectures in the assigned classroom. If the COVID situation worsens and in-person meetings cannot be held safely, then we will revert to on-line meetings. However, this is not a hybrid class, and all students will have the same experience – either all in-person or all online.

Office hours are available both in-person (in my office, Petty room 157) or online via Zoom teleconferencing software – a link to the Zoom office hours room is in Canvas. Please be aware that my office is a small enclosed space, and if you are uncomfortable with that you can connect via Zoom. Also, due to my small office space, down a short but narrow side-corridor, you are asked to wait in the more open main hallway if I am meeting with someone else (in person or virtually). If I’m talking to someone online when you arrive, make sure I see you and then I will come out to the main hallway to let you know when I’m available after the online session. I can only meet with one person at a time during office hours.

For us to be able to get back to normal, everyone must do their part to protect both their own health and the health of others. More information COVID-specific class protections and policies is in the university COVID statement at the end of the syllabus.

Class Web Page: https://www.uncg.edu/cmp/faculty/srtate/481.f21/

Catalog Description: Core concepts in computer security, including the security goals of confidentiality, integrity, and availability; authentication; access control; secure software development; use of cryptography; and basic network security.

Prerequisites: For Fall 2021, undergraduates can take CSC 481 if you satisfy either:

Any graduate student with clear graduate standing can take the graduate-level version of this class (CSC 681).

Longer Description: This class provides an introduction to computer security concepts, techniques for protecting information and computer systems, and practice using a “security mindset.” The course includes coverage of authentication, access control models, operating system security, cryptography, network security, and software security. Topics are covered at an introductory level, with subsequent courses available for more in-depth exploration of cryptography, software security, and network security. Student work will include a mix of written (analytical) work, programming, and hands-on security exercises.

Student Learning Outcomes: Upon successful completion of this course students should be able to

  1. Describe the basic goals of computer security;

  2. Identify appropriate technologies related to different computer security goals;

  3. Describe high-level properties of basic cryptographic mechanisms, including symmetric and public-key encryption, pseudorandom number generators, cryptographic hash functions, and digital signatures;

  4. Explain secure design principles such as isolation and least privilege, and their relation to modern system tools and technologies;

  5. Identify common vulnerabilities in software;

  6. Describe secure software development principles and practices;

  7. Diagram a basic networked system, identifying security-sensitive aspects and appropriate protection techniques;

  8. (Graduate Students) Explain and critique research in computer security.

Textbook and Readings: The required textbook is

Michael T. Goodrich and Roberto Tamassia. Introduction to Computer Security, Pearson, 2011. ISBN-13 978-0-321-51294-9.

Additional readings will be assigned throughout the semester, which might include instructor-written materials, current news stories, technical articles, or research papers. All of the additional readings will either be freely available or copies will be provided for students.

Hands-on Exercises and Optional Text: Hands-on exercises will come from the Naval Postgraduate School Labtainers project, many of which are derived from SEED labs developed by Wenliang Du at Syracuse University. While these labs are very well documented online, students looking for more information can consider purchasing Prof. Du’s book:

Wenliang Du. Computer Security: A Hands-on Approach, CreateSpace Independent Publishing, 2017. ISBN-13: 978-1548367947.

Topics: The topics to be covered are shown below, where each topic is a single class meeting unless otherwise specified. For an updated week-by-week schedule, please see the class web site.

Class Overview
Overview of computer security and basic goals (Sections 1.1 and 1.4 and reading) [2 classes]
Access Control Models (Sections 1.2, 9.1, and 9.2) [2 classes]
Cryptography for information protection (Section 1.3, Sections 8.1–8.4, and handouts) [5 classes]
Physical security (Sections 2.1-2.5)
Practical Operating System and Linux Overview (readings)
Operating System Security - Basics (Sections 3.1-3.3)
Operating System Security - Advanced: sandboxes, chroot, and containers (readings)
Software security, vulnerabilities, and testing (Section 3.4 and readings) [4 classes]
Web security (Chapter 7 and readings) [2 classes]
Malware (Chapter 4)
Network security I (Chapter 5) [2 classes]
Network security II (Chapter 6) [2 classes]

Teaching Methods and Assignments: This class will meet for two 75-minute periods per week, and class meetings will consist of a combination of lecture/presentation, discussion, and in-class exercises. Students are expected to be prepared and actively participate in class, having done all required readings in advance. Grades are based on student work done in assignments and exams.

Assignments: For practice and to demonstrate abilities, students will be given approximately 5 assignments over the course of the semester (approximately every two weeks, adjusted to exclude exam weeks). Assignments can include written problems or hands-on Labtainer exercises. Labtainer exercises vary a lot in length, with shorter ones being assigned as only part of an assignment, and more complex ones being an entire assignment on their own. Hands-on exercises are best performed on a student’s own computer, but this requires a modern system with at least 8GB of RAM. Alternative arrangements can be made, and if this is necessary you should talk to the instructor as soon as possible (before the first assignment is given). All work will be submitted in Canvas. Student-written homework solutions must be PDF documents, but can be either electronically prepared or neatly handwritten and scanned. If you must use a phone camera rather than a scanner, you should use a “scan to PDF” app to produce a proper and readable PDF document. Hands-on exercise solutions will be submitted as ZIP files, which the Labtainer system creates for you. Some Labtainer exercises also require lab reports, using templates provided as part of the exercise.

Exams: There will be one mid-term exam and one final exam, which will assess the student’s mastery of learning outcomes 1-7 in an exam setting. Problems will be similar to written homework problems, but will be somewhat simplified from the homework assignments, due to time limitations of testing.

Graduate Students: Graduate students will be given a handout on security research practices and standards, and three research papers to read and critique during the first half of the semester. For the second half of the semester, graduate students will select a topic from the research literature according to their interests, locate appropriate references, and write a thorough research summary and critique. These requirements address graduate student learning outcome 8.

Evaluation and Grading: Each student work product will be graded, and the student’s final grade will be determined by assigning each category of work a weighted score according to the distribution below, and then the final weighted average is mapped to a letter grade as shown. Note that students have access to their current class average at all times in Canvas.


For undergraduates:

Category
Assignments 56%
Mid-term Exam 20%
Final Exam 24%

 

Letter Grade Assignment
[87.5 , 89.5) = B+ [77.5 , 79.5) = C+ [67.5 , 69.5) = D+ [0 , 59.5) = F
[91.5 , ∞) = A [81.5 , 87.5) = B [71.5 , 77.5) = C [61.5 , 67.5) = D
[89.5 , 91.5) = A- [79.5 , 81.5) = B- [69.5 , 71.5) = C- [59.5 , 61.5) = D-

For graduate students:

Category
Assignments 49%
Mid-term Exam 17.5%
Final Exam 21%
Research Readings/Project 12.5%

 

Letter Grade Assignment
[87.5 , 89.5) = B+ [77.5 , 79.5) = C+ [0 , 71.5) = F
[91.5 , ∞) = A [81.5 , 87.5) = B [71.5 , 77.5) = C
[89.5 , 91.5) = A- [79.5 , 81.5) = B-

Academic Integrity: Students are expected to be familiar with and abide by the UNCG Academic Integrity Policy, which is online at https://academicintegrity.uncg.edu/

Assignments in this class are for individual work, unless explicitly stated otherwise. General concepts and material covered in the class may be discussed with other students or in study groups, but specific assigned problems should not be discussed and all submitted work should be entirely your own. If you use external references (including web sites, books, etc.) in preparing your solutions, you should clearly mark the part(s) of your solution influenced by these references and provide clear citations to the source of information you are using. Sharing your own work is a serious violation of academic integrity, and if homework is copied then both the person who actually did the work and the person who copied it will be punished. Any incidents of academic dishonesty will be handled strictly, resulting in either a zero on the assignment or an F in the class, depending on the severity of the incident, and incidents will be reported to the UNCG Office of Student Rights and Responsibilities. Note that the Department of Computer Science maintains records of all academic integrity incidents, and multiple violations, even in different classes or semesters, will always result in reporting to the university and serious penalties.

Attendance Policy: Attendance will not be taken in class, and is voluntary; however, all students are responsible for everything done or said in class (this can include changes in assignments, due dates, etc.). Note that this is a very dynamic class, with regular in-class activities, so it is highly unlikely that a student who regularly misses classes will be successful in the course. If attendance becomes a problem, then in-class exercises may be collected and included as part of the assignment portion of the grade.

The university allows for a limited number of excused absences for religious observances. Students who plan to take such an absence should notify the instructor at least two weeks in advance so that accommodations can be made (see the late work policy below). It is the student’s responsibility to obtain notes from another student if they miss class.

Late Policy and Makeup Exams: Assignments are due at 11:59PM on the due date, and may be turned in up to 7 calendar days late with a 25% late penalty. Students with planned absences, whether for university events, religious observance, or other reasons, are expected to make arrangements with the instructor to turn in assignments or take exams before the scheduled date of the assignment or test. No assignment will be accepted more than 7 calendar days after the original due date! The final project report may not be submitted late.

Exam/test dates will be announced at least two weeks in advance, and may be made up only if it was missed due to an extreme emergency and arrangements are made before the exam date. Exams may not be taken early or late due to personal travel plans.

Given the COVID-19 situation, I will be flexible and accommodating within reason, but students must inform me of any complications in advance of due dates.

In-class Behavior: When you are in class you should be focused on the class, and you should act in a professional and mature manner. During class there should be no eating, drinking, e-cigarettes, cellphone use, non-class related laptop use, or anything else that does not pertain to the class activities. Any distracting items may be confiscated at the discretion of the instructor. Students are required to abide by UNCG COVID policies (see below), and will be asked to leave if there is an issue.

ADA Statement: UNCG seeks to comply fully with the Americans with Disabilities Act (ADA). Students requesting accommodations based on a disability must be registered with the Office of Accessibility Resources and Services located in 215 Elliott University Center: (336) 334-5440 (or on the web at https://oars.uncg.edu).

University COVID-19 Policy: As we return for fall 2021, the campus community must recognize and address continuing concerns about physical and emotional safety, especially as we will have many more students, faculty, and staff on campus than in the last academic year. As such, all students, faculty, and staff are required to uphold UNCG’s culture of care by actively engaging in behaviors that limit the spread of COVID-19. Such actions include, but are not limited to, the following:

Instructors will have seating charts for their classes. These are important for facilitating contact tracing should there be a confirmed case of COVID-19. Students must sit in their assigned seats at every class meeting and must not move furniture. Students should not eat or drink during class time.

To make it easier for students to hear their instructor and/or read lips, and if conditions permit, instructors who are fully vaccinated and who can maintain at least six feet of distance from students may remove their masks while actively teaching if they choose, but will wear a mask at all other times while in the classroom, including during the periods before and after class. [Note: After this statement was approved by UNCG, the COVID situation worsened and the “if conditions permit” part no longer holds. The instructor will wear a mask while teaching until UNCG drops this requirement and all students in the class are comfortable with it.]

A limited number of disposable masks will be available in classrooms for students who have forgotten theirs. Face coverings will also be available for purchase in the UNCG Campus Bookstore. Students who do not follow masking requirements will be asked to put on a face covering or leave the classroom to retrieve one and only return when they follow the basic requirements to uphold standards of safety and care for the UNCG community. Once students have a face covering, they are permitted to re-enter a class already in progress. Repeated issues may result in conduct action. The course policies regarding attendance and academics remain in effect for partial or full absence from class due to lack of adherence with face covering and other requirements.

For instances where the Office of Accessibility Resources and Services (OARS) has granted accommodations regarding wearing face coverings, students should contact their instructors to develop appropriate alternatives to class participation and/or activities as needed. Instructors or the student may also contact OARS (336-334-5440) who, in consultation with Student Health Services, will review requests for accommodations.

Health and well-Being: Health and well-being impact learning and academic success. Throughout your time in the university, you may experience a range of concerns that can cause barriers to your academic success. These might include illnesses, strained relationships, anxiety, high levels of stress, alcohol or drug problems, feeling down, or loss of motivation. Student Health Services and the Counseling Center can help with these or other issues you may experience. You can learn about the free, confidential mental health services available on campus by calling 336-334-5874​, visiting the website at https://shs.uncg.edu/ or visiting the Anna M. Gove Student Health Center at 107 Gray Drive. For undergraduate or graduate students in recovery from alcohol and other drug addiction, the Spartan Recovery Program (SRP) offers recovery support services. You can learn more about recovery and recovery support services by visiting https://shs.uncg.edu/srp or reaching out to recovery@uncg.edu

Elasticity Statement: It is the intention of the instructor that this syllabus and course calendar will be followed as outlined; however, as the need arises there may be adjustments to the syllabus and calendar. In such cases, the instructor will notify the students in class and via e-mail with an updated syllabus and calendar within a reasonable timeframe to allow students to adjust as needed.