A printable PDF is also available.

CSC 481/681 – Spring 2024 – Syllabus

Instructor: Stephen R. Tate (Steve)
Lectures: Tues/Thurs 2:00-3:15, Petty Building, Room 223
Office: Petty 157
Office Hours: Tues/Thurs 3:30-5:00 (or by appointment), in-person or via Teams – see link in Canvas
E-mail: – I answer most emails within one business day – do not expect responses evenings or weekends

Class Web Page: https://home.uncg.edu/cmp/faculty/srtate/481.s24/

Catalog Description: Core concepts in computer security, including the security goals of confidentiality, integrity, and availability; authentication; access control; secure software development; use of cryptography; and basic network security.

Prerequisites: To take CSC 481, undergraduates must have earned a grade of C or better in CSC 330 and CSC 362. Any graduate student with clear graduate standing can take the graduate-level version of this class (CSC 681). If have any questions about expected background or skills, please talk with me.

Longer Description: This class provides an introduction to computer security concepts, techniques for protecting information and computer systems, and practice using a “security mindset.” The course includes coverage of authentication, access control models, operating system security, cryptography, network security, and software security. Topics are covered at an introductory level, with subsequent courses available for more in-depth exploration of cryptography, software security, and network security. Student work will include a mix of written (analytical) work, programming, and hands-on security exercises.

Student Learning Outcomes: Upon successful completion of this course students should be able to

  1. Describe the basic goals of computer security;

  2. Identify appropriate technologies related to different computer security goals;

  3. Describe high-level properties of basic cryptographic mechanisms, including symmetric and public-key encryption, pseudorandom number generators, cryptographic hash functions, and digital signatures;

  4. Explain secure design principles such as isolation and least privilege, and their relation to modern system tools and technologies;

  5. Identify common vulnerabilities in software;

  6. Describe secure software development principles and practices;

  7. Diagram a basic networked system, identifying security-sensitive aspects and appropriate protection techniques;

  8. (Graduate Students) Explain and critique research in computer security.

Textbook and Readings: The required textbook is

Michael T. Goodrich and Roberto Tamassia. Introduction to Computer Security, Pearson, 2011. ISBN-13 978-0-321-51294-9.

Additional readings will be assigned throughout the semester, which include instructor-written materials, current news stories, technical articles, or research papers. All of the additional readings will either be freely available or copies will be provided for students.

Hands-on Exercises and Optional Text: Hands-on exercises will come from the Naval Postgraduate School Labtainers project, many of which are derived from SEED labs developed by Wenliang Du at Syracuse University. While these labs are very well documented online, students looking for more information can consider purchasing Prof. Du’s book:

Wenliang Du. Computer Security: A Hands-on Approach, CreateSpace Independent Publishing, 2017. ISBN-13: 978-1548367947.

Topics: The topics to be covered are shown below, where each topic is a single class meeting unless otherwise specified. For an updated week-by-week schedule, please see the class web site.

Class Overview
Overview of computer security and basic goals (Sections 1.1 and 1.4 and reading) [2 classes]
Access Control Models (Sections 1.2, 9.1, and 9.2) [2 classes]
Cryptography for information protection (Section 1.3, Sections 8.1–8.4, and handouts) [5 classes]
Physical security (Sections 2.1-2.5)
Practical Operating System and Linux Overview (readings)
Operating System Security - Basics (Sections 3.1-3.3)
Operating System Security - Advanced: sandboxes, chroot, and containers (readings)
Software security, vulnerabilities, and testing (Section 3.4 and readings) [4 classes]
Web security (Chapter 7 and readings) [2 classes]
Malware (Chapter 4)
Network security I (Chapter 5) [2 classes]
Network security II (Chapter 6) [2 classes]

Teaching Methods and Assignments: This class will meet for two 75-minute periods per week, and class meetings will consist of a combination of lecture/presentation, discussion, and in-class exercises. Students are expected to be prepared and actively participate in class, having done all required readings in advance. Grades are based on student work done in assignments and exams.

Assignments and Labtainer Requirements: For practice and to demonstrate abilities, students will be given 5 or 6 assignments over the course of the semester (approximately every two weeks, adjusted to exclude exam weeks). Assignments can include written problems or hands-on Labtainer exercises. Labtainer exercises vary a lot in length, with shorter ones being assigned as only part of an assignment, and more complex ones being an entire assignment on their own. Hands-on exercises are best performed on a student’s own computer, and require an x86 (Intel/AMD) processor with at least 8GB of RAM and 40GB of free disk space. Using a recent Apple system with and “Apple Silicon” CPU will not work natively, but might work using UTM and CPU emulation – I haven’t tested this, and it would certainly be slower than using a system that natively supports the labtainers, but you can try (and let me know)!

Alternative arrangements for performing labtainer exercises can be made, and if this is necessary you should talk to the instructor as soon as possible (before the first assignment is given). All work will be submitted in Canvas. Student-written homework solutions must be PDF documents, but can be either electronically prepared or neatly handwritten and scanned. If you must use a phone camera rather than a scanner, you should use a “scan to PDF” app to produce a proper and readable PDF document. Hands-on exercise solutions will be submitted as special “.lab” files, which the Labtainer system creates for you. Some Labtainer exercises also require lab reports, using templates provided as part of the exercise. I will grade what is submitted, and you are responsible for submitting with enough time to check and make sure you successfully submitted the right thing. “I submitted the wrong file” or “the file was corrupted” or “Canvas was slow at 11:58” will not be accepted as excuses for late submissions.

Exams: There will be one mid-term exam and one final exam, which will assess the student’s mastery of learning outcomes 1-7 in an exam setting. Problems will be similar to written homework problems, but will be somewhat simplified from the homework assignments, due to time limitations of testing.

Graduate and Honors Students: Graduate students and undergraduates taking this course for “contract honors” credit will be given a handout on security research practices and standards, and three research papers to read and critique during the first half of the semester. For the second half of the semester, graduate students will select a topic from the research literature according to their interests, locate appropriate references, and write a thorough research summary and critique. These requirements address graduate student learning outcome 8.

Evaluation and Grading: Each student work product will be graded, and the student’s final grade will be determined by assigning each category of work a weighted score according to the distribution below, and then the final weighted average is mapped to a letter grade as shown. Note that students have access to their current class average at all times in Canvas.


For undergraduates:

Category
Assignments 50%
Mid-term Exam 20%
Final Exam 30%

 

Letter Grade Assignment
[87.5 , 89.5) = B+ [77.5 , 79.5) = C+ [67.5 , 69.5) = D+ [0 , 59.5) = F
[91.5 , ∞) = A [81.5 , 87.5) = B [71.5 , 77.5) = C [61.5 , 67.5) = D
[89.5 , 91.5) = A- [79.5 , 81.5) = B- [69.5 , 71.5) = C- [59.5 , 61.5) = D-

For graduate students:

Category
Assignments 45%
Mid-term Exam 18%
Final Exam 27%
Research Readings/Project 10%

 

Letter Grade Assignment
[87.5 , 89.5) = B+ [77.5 , 79.5) = C+ [0 , 71.5) = F
[91.5 , ∞) = A [81.5 , 87.5) = B [71.5 , 77.5) = C
[89.5 , 91.5) = A- [79.5 , 81.5) = B-

Note that sanctions for violations of academic integrity or disruptive/unprofessional behavior apply to the overall grade and do not follow this percentage breakdown.

Academic Integrity: Students are expected to be familiar with and abide by the UNCG Academic Integrity Policy, which is online at https://academicintegrity.uncg.edu/

Assignments in this class are for individual work, unless explicitly stated otherwise. Note that ``individual work’’ means work by you, reported in your own words, and use of AI tools like ChatGPT is not allowed. General concepts covered in the class may be discussed with other students or in study groups, but specific assigned problems should not be discussed and all submitted work should be entirely your own. If you use external references (including web sites, books, etc.) in preparing your solutions, you should clearly mark the part(s) of your solution influenced by these references and provide clear citations to the source of information you are using. Doing a Google search for solutions to assigned problems is a violation of academic integrity, whether or not you use what you find in your answer. Sharing your own work is a serious violation of academic integrity, and if homework is copied then both the person who actually did the work and the person who copied it will be punished. Any incidents of academic dishonesty will be handled strictly, resulting in either a zero on the assignment or an F in the class, depending on the severity of the incident, and incidents may be reported to the UNCG Office of Student Rights and Responsibilities. Note that the Department of Computer Science maintains records of all incidents, and multiple violations, even in different classes or semesters, will always result in reporting to the university and serious penalties.

Attendance Policy: Attendance will not be taken in class, and is voluntary; however, all students are responsible for everything done or said in class (this can include changes in assignments, due dates, etc.). Note that this is a very dynamic class, with regular in-class activities, so it is highly unlikely that a student who regularly misses classes will be successful in the course. If attendance becomes a problem, then in-class exercises may be collected and included as part of the assignment portion of the grade.

The university allows for a limited number of excused absences for religious observances. Students who plan to take such an absence should notify the instructor at least two weeks in advance so that accommodations can be made (see the late work policy below). It is the student’s responsibility to obtain notes from another student if they miss class. Office hours are for answering questions about class material, and I will not re-teach a topic during office hours because you missed class.

Late Policy and Makeup Exams: Assignments are due at 11:59PM on the due date, and may be turned in up to 7 calendar days late with a 25% late penalty. Students with planned absences, whether for university events, religious observance, or other reasons, are expected to make arrangements with the instructor to turn in assignments or take exams before the scheduled date of the assignment or test. No assignment will be accepted more than 7 calendar days after the original due date! The final project report may not be submitted late.

Exam/test dates will be announced at least two weeks in advance, and may be made up only if it was missed due to an extreme emergency and arrangements are made before the exam date. Exams may not be taken early or late due to personal travel plans.

In-class Behavior: When you are in class you should be focused on the class, and you should act in a professional and mature manner. During class there should be no eating, drinking, e-cigarettes, cellphone use, non-class related laptop use, or anything else that does not pertain to the class activities. Any distracting items may be confiscated at the discretion of the instructor. Significant violations or disruptive behavior will result in points subtracted from a student’s final grade, and possible reporting to the UNCG Office of Student Rights and Responsibilities.

ADA Statement: UNCG seeks to comply fully with the Americans with Disabilities Act (ADA). Students requesting accommodations based on a disability must be registered with the Office of Accessibility Resources and Services located in 215 Elliott University Center: (336) 334-5440 (or on the web at https://oars.uncg.edu).

COVID-19 and Communicable Disease: We have been living with COVID for over 3 years now, and at this point it’s “just another communicable disease,” albeit one with a nasty combination of being highly contagious and very dangerous for vulnerable people (people are still dying every day). As far as this class is concerned, COVID and any other communicable disease should be treated with the following rule: be considerate of others. If you are sick, isolate until you are no longer contagious. If you must be around others and have recently been contagious, take measures to limit risks to others (maintain distance, wear a mask, etc.). The attendance policy above has information about what to do if you must miss class due to illness.

Health and Wellness: Health and well-being impact learning and academic success. Throughout your time in the university, you may experience a range of concerns that can cause barriers to your academic success. These might include illnesses, strained relationships, anxiety, high levels of stress, alcohol or drug problems, feeling down, or loss of motivation. Student Health Services and the Counseling Center can help with these or other issues you may experience. You can learn about the free, confidential mental health services available on campus by calling 336-334-5874​, visiting the website at https://shs.uncg.edu/ or visiting the Anna M. Gove Student Health Center at 107 Gray Drive.

For undergraduate or graduate students in recovery from alcohol and other drug addiction, the Spartan Recovery Program (SRP) offers recovery support services. You can learn more about recovery and recovery support services by visiting https://shs.uncg.edu/srp or reaching out to recovery@uncg.edu

Elasticity Statement: It is the intention of the instructor that this syllabus and course calendar will be followed as outlined; however, as the need arises there may be adjustments to the syllabus and calendar. In such cases, the instructor will notify students in class and via e-mail with an updated syllabus and calendar within a reasonable timeframe to allow students to adjust as needed.