CSC 481/681 - Spring 2025

The following gives a day-by-day breakdown of topics covered, readings assigned, and assignment handouts/due dates. Each topic includes several required readings that students should read before the topic is discussed in class – always look ahead a few days to see what readings you should be doing. Some topics also have supplemental (non-required) readings that students can look into if they want to delve more deeply into that topic.

The schedule in this class is flexible, and past dates will be updated to reflect what was actually covered. Future dates are always tentative and subject to change.

Day 1: Monday, January 13

UNCG classes cancelled before noon due to snow and road conditions.

Day 2: Wednesday, January 15

Reading: Textbook sections 1.1 and 1.4
Topic 1: Abbrieviated class introduction [Slides]
Topic 2: verview of computer security – basic goals and terminology – day 1 [Slides]
Class examples will use voting/elections as an on-going example - info on voting in the U.S.
Optional reading on threat modeling: OWASP Threat Modeling Cheat Sheet

No class on Monday, January 20 – Dr. Martin Luther King Jr. Holiday

Day 3: Wednesday, January 22

Topics: Overview of computer security – basic goals and terminology – day 2 (slides continued from last time)

Day 4: Monday, January 27

Reading: Textbook, sections 1.2, 9.1–9.2
Topics: Security (access control) models – day 1 [Slides]

Day 5: Wednesday, January 29

Graduate/Honors students: Research Reading Summary 1 due
Topics: Security (access control) models – day 2

Day 6: Monday, February 3

Due: Assignment 1
Reading: Textbook section 1.3 and Section 1 of Randomness, Entropy, Keys, and Powers of Two Estimation
Topics: Cryptography: Basic cryptographic threat model, key sizes, brute force attacks, and estimation techniques [Slides]

Day 7: Wednesday, February 5

Reading: Sections 2–3 of Randomness, Entropy, Keys, and Powers of Two Estimation
Topics: Randomization, probability theory review, entropy, and effect on brute force search (slides continued from last time)

Day 8: Monday, February 10

Reading: Textbook, sections 8.1–8.2
Topics: Fundamental cryptographic services - encryption (symmetric and public key) and hash functions [Slides]

Day 9: Wednesday, February 12

Graduate/Honors students: Research Reading Summary 2 due
Reading: Textbook, sections 8.3–8.4
Topics: Cryptography for integrity - MACs, digital signatures, certificates (slides continued)

Day 10: Monday, February 17

Due: Assignment 2
Topics: Some specific cryptographic techniques [Slides]

Day 11: Wednesday, February 19

Reading: Formal Models for Cryptography
Topics: Cryptography: Theory and Practice (models, breakdowns in practice, and programming) [Slides]

Day 12: Monday, February 24

Reading: Textbook, sections 2.1–2.5
Topics: Physical security [Slides]

Day 13: Wednesday, February 26

Graduate/Honors students: Research Reading Summary 3 due
Reading: Textbook Sections 3.1–3.3
Topics: Operating System Security – Basics and Linux demos - day 1 [Slides]

Day 14: Monday, March 3

Due: Assignment 3
Topics: Operating System Security – Basics and Linux demos - day 2

Day 15: Wednesday, March 5

Midterm Exam

No class on March 10 – March 14 (Spring break)

Day 16: Monday, March 17

Topics: Midterm Information/Review; Advanced OS Security (sandboxes, chroot, and containers) [Slides]

Required reading: Linux Virtualization – Chroot Jail, from the “GeeksforGeeks” website.
Required reading: What is a Container?, from the Docker web site.
Required reading: The Evolution of Linux Containers and Their Future, from the DZone web site.

Day 17: Wednesday, March 19

Reading: Textbook, Section 3.4
Topics: Software security and vulnerabilities, Part 1 [Slides]

Day 18: Monday, March 24

Topics: Software security and vulnerabilities, Part 1 – continued
Graduate/Honors Students Topic: Overview and discussion of final project

Day 19: Wednesday, March 26

Topics: Software security and vulnerabilities, Part 2 – Day 1 [Slides]
Required reading:

Return-oriented programming. Yes, this is a Wikipedia page, but it gives a good high-level overview of return-oriented programming.
Static analysis for security, by Gary McGraw. This is a little old (written in 2004), but it’s one of the best high-level “what is static analysis?” write-ups I could find.
Fuzzing. Wikipedia again. This is pretty light, but gives a good overview. For more information on fuzz testing, see the last item in the supplemental reading list below.

Supplemental reading: Good information for students who want to dig deeper.

StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, by Crispin Cowan. This is the original (1998) paper on StackGuard, the canary technique for detecting stack-smashing buffer overflow attacks. In addition to the content being relevant, this is a really good example of an applied security research paper.
What is soundness (in static analysis)?, by Michael Hicks. A very nice writeup about trade-offs that have to be considered in creating a static analysis tool, and measures or concepts of “goodness” such as soundness, completeness, precision, and recall.
Lessons from Building Static Analysis Tools at Google, by Sadowski, Aftandilian, Eagle, Miller-Cushon, and Jaspan (Communications of the ACM, April 2018). Experience with static analysis in a really large software organization is very different from examples in a classroom. This article talks about experiences with static analysis at Google.
SAGE: Whitebox Fuzzing for Security Testing by Godefroid, Levin, and Molnar. Really nice article talking about fuzz testing.
Evaluating Empirical Evaluations (for Fuzz Testing), by Michael Hicks. This is a blog post about research that the author did on the (ahem) fuzziness of evaluating fuzz testing (no, he didn’t put it that way, I did – sorry).

Day 20: Monday, March 31

Due: Assignment 4
Graduate/Honors Students: Project topic selection due
No class/lecture this day

Day 21: Wednesday, April 2

Reading: Textbook, Chapter 4
Topics: Finish Software Security (part 2) and Malware [Slides]

Day 22: Monday, April 7

Reading: Textbook, Chapter 7 and OWASP Top 10
Topics: Web Security – day 1 [Slides]

Day 23: Wednesday, April 9

Topics: Web Security – day 2

Day 24: Monday, April 14

Due: Assignment 5
Reading: Textbook, Chapter 5
Topics: Web Security – day 3

Day 25: Wednesday, April 16

Topics: Network Security I – day 1 [Slides]

Day 26: Monday, April 21

Graduate/Honors Students: Progress report due
Reading: Textbook, Sections 6.1–6.4
Topics: Network Security I – day 2

Day 27: Wednesday, April 23

Topics: Network Security II – day 1 [Slides]

Day 28: Monday, April 28

Topics: Network Security II – day 2

Day 29: Wednesday, April 30

Due: Assignment 6
Topics: Class wrap-up and review

Wednesday, May 7, 8:00 AM

All students: Final Exam
Graduate/Honors Students: Final report due