A printable PDF is also available.
CSC 481/681 – Spring 2023 – Syllabus
Instructor: Stephen R. Tate (Steve)
Lectures: Tues/Thurs 2:00-3:15, Petty Building, Room 303
Office: Petty 157
Office Hours: Tues/Thurs 3:45-5:15 (or by appointment), in-person or virtual – see below
E-mail:
– I answer most emails within one business day – do not expect responses evenings or weekends
Note regarding Spring 2023: This class is planned as a fully in-person class, and you are expected to attend lectures in the assigned classroom. There will be no video feed or recordings available. This policy will only change if COVID or other emergencies require it for the entire class.
Office hours are available both in-person (in my office, Petty room 157) or online via Zoom teleconferencing software – a link to the Zoom office hours room is in Canvas. Please be aware that my office is a small enclosed space, and if you are uncomfortable with that you can connect via Zoom. Also, due to my small office space, down a short but narrow side-corridor, you are asked to wait in the more open main hallway if I am meeting with someone else (in person or virtually). If I’m talking to someone online when you arrive, make sure I see you and then I will come out to the main hallway to let you know when I’m available after the online session. I can only meet with one person at a time during office hours.
Unless COVID case counts get high, face coverings (masks) are optional in class and during office visits, but please wear a mask if you have any indications that you might be sick, and stay home if you know you have COVID. If you have concerns and would like me to wear a mask when meeting with you, just ask – I’m happy to accommodate. For us to be able to get back to normal, everyone must do their part to protect both their own health and the health of others. More information COVID-specific class protections and policies is in the university COVID statement at the end of the syllabus.
Class Web Page: https://home.uncg.edu/cmp/faculty/srtate/481.s23/
Catalog Description: Core concepts in computer security, including the security goals of confidentiality, integrity, and availability; authentication; access control; secure software development; use of cryptography; and basic network security.
Prerequisites: To take CSC 481, undergraduates must have earned a grade of C or better in CSC 330 and CSC 362. If you are an undergraduate that is following older degree requirements, which did not include CSC 362, talk to me to see if you have the necessary background.
Any graduate student with clear graduate standing can take the graduate-level version of this class (CSC 681).
Longer Description: This class provides an introduction to computer security concepts, techniques for protecting information and computer systems, and practice using a “security mindset.” The course includes coverage of authentication, access control models, operating system security, cryptography, network security, and software security. Topics are covered at an introductory level, with subsequent courses available for more in-depth exploration of cryptography, software security, and network security. Student work will include a mix of written (analytical) work, programming, and hands-on security exercises.
Student Learning Outcomes: Upon successful completion of this course students should be able to
Describe the basic goals of computer security;
Identify appropriate technologies related to different computer security goals;
Describe high-level properties of basic cryptographic mechanisms, including symmetric and public-key encryption, pseudorandom number generators, cryptographic hash functions, and digital signatures;
Explain secure design principles such as isolation and least privilege, and their relation to modern system tools and technologies;
Identify common vulnerabilities in software;
Describe secure software development principles and practices;
Diagram a basic networked system, identifying security-sensitive aspects and appropriate protection techniques;
(Graduate Students) Explain and critique research in computer security.
Textbook and Readings: The required textbook is
Michael T. Goodrich and Roberto Tamassia. Introduction to Computer Security, Pearson, 2011. ISBN-13 978-0-321-51294-9.
Additional readings will be assigned throughout the semester, which include instructor-written materials, current news stories, technical articles, or research papers. All of the additional readings will either be freely available or copies will be provided for students.
Hands-on Exercises and Optional Text: Hands-on exercises will come from the Naval Postgraduate School Labtainers project, many of which are derived from SEED labs developed by Wenliang Du at Syracuse University. While these labs are very well documented online, students looking for more information can consider purchasing Prof. Du’s book:
Wenliang Du. Computer Security: A Hands-on Approach, CreateSpace Independent Publishing, 2017. ISBN-13: 978-1548367947.
Topics: The topics to be covered are shown below, where each topic is a single class meeting unless otherwise specified. For an updated week-by-week schedule, please see the class web site.
Class Overview
Overview of computer security and basic goals (Sections 1.1 and 1.4 and reading) [2 classes]
Access Control Models (Sections 1.2, 9.1, and 9.2) [2 classes]
Cryptography for information protection (Section 1.3, Sections 8.1–8.4, and handouts) [5 classes]
Physical security (Sections 2.1-2.5)
Practical Operating System and Linux Overview (readings)
Operating System Security - Basics (Sections 3.1-3.3)
Operating System Security - Advanced: sandboxes, chroot, and containers (readings)
Software security, vulnerabilities, and testing (Section 3.4 and readings) [4 classes]
Web security (Chapter 7 and readings) [2 classes]
Malware (Chapter 4)
Network security I (Chapter 5) [2 classes]
Network security II (Chapter 6) [2 classes]
Teaching Methods and Assignments: This class will meet for two 75-minute periods per week, and class meetings will consist of a combination of lecture/presentation, discussion, and in-class exercises. Students are expected to be prepared and actively participate in class, having done all required readings in advance. Grades are based on student work done in assignments and exams.
Assignments: For practice and to demonstrate abilities, students will be given 5 or 6 assignments over the course of the semester (approximately every two weeks, adjusted to exclude exam weeks). Assignments can include written problems or hands-on Labtainer exercises. Labtainer exercises vary a lot in length, with shorter ones being assigned as only part of an assignment, and more complex ones being an entire assignment on their own. Hands-on exercises are best performed on a student’s own computer, which requires a relatively modern system with at least 8GB of RAM and 40GB of free disk space. Alternative arrangements can be made, and if this is necessary you should talk to the instructor as soon as possible (before the first assignment is given). All work will be submitted in Canvas. Student-written homework solutions must be PDF documents, but can be either electronically prepared or neatly handwritten and scanned. If you must use a phone camera rather than a scanner, you should use a “scan to PDF” app to produce a proper and readable PDF document. Hands-on exercise solutions will be submitted as special “.lab” files, which the Labtainer system creates for you. Some Labtainer exercises also require lab reports, using templates provided as part of the exercise. I will grade what is submitted, and you are responsible for submitting with enough time to check and make sure you successfully submitted the right thing. “I submitted the wrong file” or “the file was corrupted” or “Canvas was slow at 11:58” will not be accepted as excuses for late submissions.
Exams: There will be one mid-term exam and one final exam, which will assess the student’s mastery of learning outcomes 1-7 in an exam setting. Problems will be similar to written homework problems, but will be somewhat simplified from the homework assignments, due to time limitations of testing.
Graduate Students: Graduate students will be given a handout on security research practices and standards, and three research papers to read and critique during the first half of the semester. For the second half of the semester, graduate students will select a topic from the research literature according to their interests, locate appropriate references, and write a thorough research summary and critique. These requirements address graduate student learning outcome 8.
Evaluation and Grading: Each student work product will be graded, and the student’s final grade will be determined by assigning each category of work a weighted score according to the distribution below, and then the final weighted average is mapped to a letter grade as shown. Note that students have access to their current class average at all times in Canvas.
For undergraduates:
| Category | |
|---|---|
| Assignments | 56% |
| Mid-term Exam | 20% |
| Final Exam | 24% |
| Letter Grade Assignment | ||||
|---|---|---|---|---|
| [87.5 , 89.5) = B+ | [77.5 , 79.5) = C+ | [67.5 , 69.5) = D+ | [0 , 59.5) = F | |
| [91.5 , ∞) = A | [81.5 , 87.5) = B | [71.5 , 77.5) = C | [61.5 , 67.5) = D | |
| [89.5 , 91.5) = A- | [79.5 , 81.5) = B- | [69.5 , 71.5) = C- | [59.5 , 61.5) = D- |
For graduate students:
| Category | |
|---|---|
| Assignments | 49% |
| Mid-term Exam | 17.5% |
| Final Exam | 21% |
| Research Readings/Project | 12.5% |
| Letter Grade Assignment | |||
|---|---|---|---|
| [87.5 , 89.5) = B+ | [77.5 , 79.5) = C+ | [0 , 71.5) = F | |
| [91.5 , ∞) = A | [81.5 , 87.5) = B | [71.5 , 77.5) = C | |
| [89.5 , 91.5) = A- | [79.5 , 81.5) = B- |
Note that sanctions for violations of academic integrity or disruptive/unprofessional behavior apply to the overall grade and do not follow this percentage breakdown.
Academic Integrity: Students are expected to be familiar with and abide by the UNCG Academic Integrity Policy, which is online at https://academicintegrity.uncg.edu/
Assignments in this class are for individual work, unless explicitly stated otherwise. General concepts and material covered in the class may be discussed with other students or in study groups, but specific assigned problems should not be discussed and all submitted work should be entirely your own. If you use external references (including web sites, books, etc.) in preparing your solutions, you should clearly mark the part(s) of your solution influenced by these references and provide clear citations to the source of information you are using. Just doing a Google search for solutions to assigned problems is a violation of academic integrity, whether or not you use what you find in your answer. Sharing your own work is a serious violation of academic integrity, and if homework is copied then both the person who actually did the work and the person who copied it will be punished. Any incidents of academic dishonesty will be handled strictly, resulting in either a zero on the assignment or an F in the class, depending on the severity of the incident, and incidents will be reported to the UNCG Office of Student Rights and Responsibilities. Note that the Department of Computer Science maintains records of all academic integrity incidents, and multiple violations, even in different classes or semesters, will always result in reporting to the university and serious penalties.
Attendance Policy: Attendance will not be taken in class, and is voluntary; however, all students are responsible for everything done or said in class (this can include changes in assignments, due dates, etc.). Note that this is a very dynamic class, with regular in-class activities, so it is highly unlikely that a student who regularly misses classes will be successful in the course. If attendance becomes a problem, then in-class exercises may be collected and included as part of the assignment portion of the grade.
The university allows for a limited number of excused absences for religious observances. Students who plan to take such an absence should notify the instructor at least two weeks in advance so that accommodations can be made (see the late work policy below). It is the student’s responsibility to obtain notes from another student if they miss class. Office hours are for answering questions about class material, and I will not re-teach a topic during office hours because you missed class.
Late Policy and Makeup Exams: Assignments are due at 11:59PM on the due date, and may be turned in up to 7 calendar days late with a 25% late penalty. Students with planned absences, whether for university events, religious observance, or other reasons, are expected to make arrangements with the instructor to turn in assignments or take exams before the scheduled date of the assignment or test. No assignment will be accepted more than 7 calendar days after the original due date! The final project report may not be submitted late.
Exam/test dates will be announced at least two weeks in advance, and may be made up only if it was missed due to an extreme emergency and arrangements are made before the exam date. Exams may not be taken early or late due to personal travel plans.
In-class Behavior: When you are in class you should be focused on the class, and you should act in a professional and mature manner. During class there should be no eating, drinking, e-cigarettes, cellphone use, non-class related laptop use, or anything else that does not pertain to the class activities. Any distracting items may be confiscated at the discretion of the instructor. Students are required to abide by UNCG COVID policies (see below), and will be asked to leave if there is an issue. Significant violations or disruptive behavior will result in points subtracted from a student’s final grade.
ADA Statement: UNCG seeks to comply fully with the Americans with Disabilities Act (ADA). Students requesting accommodations based on a disability must be registered with the Office of Accessibility Resources and Services located in 215 Elliott University Center: (336) 334-5440 (or on the web at https://oars.uncg.edu).
University COVID-19 Policy: As we return for Spring 2023, please uphold UNCG’s culture of care to limit the spread of COVID-19 and other airborne illnesses. These actions include, but are not limited to:
- Engaging in proper hand-washing hygiene
- Self-monitoring for symptoms of COVID-19
- Staying home when ill
- Complying with directions from health care providers or public health officials to isolate if ill
- Completing a self-report when experiencing COVID-19 symptoms or testing positive for COVID-19
- Following the CDC’s exposure guidelines when exposed to someone who has tested positive for COVID-19
- Staying informed about the University’s policies and announcements via the COVID-19 website.
Health and well-Being: Health and well-being impact learning and academic success. Throughout your time in the university, you may experience a range of concerns that can cause barriers to your academic success. These might include illnesses, strained relationships, anxiety, high levels of stress, alcohol or drug problems, feeling down, or loss of motivation. Student Health Services and the Counseling Center can help with these or other issues you may experience. You can learn about the free, confidential mental health services available on campus by calling 336-334-5874, visiting the website at https://shs.uncg.edu/ or visiting the Anna M. Gove Student Health Center at 107 Gray Drive. For undergraduate or graduate students in recovery from alcohol and other drug addiction, the Spartan Recovery Program (SRP) offers recovery support services. You can learn more about recovery and recovery support services by visiting https://shs.uncg.edu/srp or reaching out to recovery@uncg.edu
Elasticity Statement: It is the intention of the instructor that this syllabus and course calendar will be followed as outlined; however, as the need arises there may be adjustments to the syllabus and calendar. In such cases, the instructor will notify the students in class and via e-mail with an updated syllabus and calendar within a reasonable timeframe to allow students to adjust as needed.