Description

This course is an introduction to the broad field of computer and network security. We will cover software security, network security, some cryptography, and will discuss several secure applications in detail.

Prerequisites

The prerequisites for this course are a C- or better in both CMSC 216 and CMSC 330.

Legality and ethics

Throughout the semester, you will be learning (and implementing and launching) various attacks. This is not an invitation to perform these attacks without the express written consent of all parties involved. To do otherwise would risk a violating University of Maryland policies and Maryland and U.S. laws.

The goal is to foster discovery, experimentation, and exploration, but in a safe, ethical, and respectful fashion, always. If you have an idea and want a safe environment to try it out, then let me know, and I'll try to set something up. If you have any questions or concerns, then do not hesitate to contact me or your TAs directly.


List of topics (tentative)

This course covers a very broad range of topics within computer security, with the goal of instilling a security mindset, and teaching some of the core principles of security that will allow students to pursue research in the field upon completion.

The following list of tentative lecture topics will vary in terms of pace:

  • Security background and definitions
  • Software security (attacks and defenses)
    • Buffer overflows
    • Viruses
    • SQL injection
    • Web-based attacks
  • Cryptographic primitives
    • Symmetric and public key cryptography
    • Public key infrastructures (certificates, TLS/SSL)

  • Applications of cryptography
    • Digital currency
    • Anonymous communication
  • Network security
    • Networking background
    • Attacks across all layers
    • Network control (firewalls, VPNs)
    • Censorship and censorship resistance
  • Economic incentives and underground economies


Online resources

Website Various course materials will be made available on the class website, which can be accessed at http://www.cs.umd.edu/class/spring2018/cmsc414-0101/
Piazza Class help and details will also be posted on Piazza. This provides a forum for you to post questions (and answer those from others), as well as share insights and engage on all things security. Keep in mind, however, that even though this is a class-specific forum, cheating or facilitating cheating is not allowed there (or anywhere): do not post project code or pseudocode. The class Piazza page is available at https://piazza.com/umd/spring2018/cmsc4140101/.

Computing resources

Most of your projects will be done within this Virtual Machine (VM) that we will provide. Your project submissions must work within the VM as provided: some of our projects will be architecture-specific, so it is critical that you test thoroughly within the VM provided. Thus we strongly recommend that if you develop any project on another system, you should complete it several days early to have time to address any compatibility problems.

Submission instructions will be provided with the projects.


Grading

Grades will be maintained on the CS Department grades server. You can always see your current grade here.

You are responsible for all material discussed in lecture and discussion section and posted on the class web page, including announcements, deadlines, policies, etc. During the semester we may provide ungraded practice homework exercises and solutions. While we will not collect these exercises, completing them is essential preparation for exams. You may work together on these ungraded homeworks, and you may of course come to office hours for additional help.

Your final course grade will be determined by the following tentative percentages:

4 Programming projects
(10% projects 1-3, 20% project 4)
50%
2 Midterms
(12.5% each)
24%
Final exam 25%
Meet your professor 1%

Final course grades will be curved as necessary, based on each student's total numeric score for all coursework at the end of the semester.

Important

Completing the programming assignments is an essential part of the course. Therefore, we may fail any student who does not make a good-faith attempt on all course projects, regardless of the student's performance or scores on the other coursework.


Exam scheduling

The class includes two midterms and a final exam. All of them are in the room where we normally hold class. Likely dates for the exams are:

Midterm #1: March 8, 2018 (in class)

Midterm #2: April 19, 2018 (in class)

Final: Friday May 18, 10:30am-12:30pm (see official schedule)

If these dates need to change for some reason, we will let you know as soon as possible.

Regrading

Any request for reconsideration of any grading on coursework must be submitted within two weeks of when it is returned. Exam regrading requests must be made in writing. Any coursework submitted for reconsideration may be regraded in its entirety, which could result in a lower score if warranted.

Meet your professor

At least one time during the semester, you must come to office hours or another arranged time to meet me. This does not include for class/project help: we can chat about research, future plans, whatever you'd like!


Project policies

All projects will be due 11:59:59pm EST of the day given in the project description for full credit.

Projects may be submitted up to 24 hours late for a 10% penalty. (For example, a project that would have earned 90 points for an on-time submission will earn 81, that is, 90 times 0.90.) If you submit both on-time & late, your project will received the maximum of the penalty-adjusted scores.

Project extensions will not be granted due to system problems, network problems, power outages, etc., so do not wait to submit a project until the night it is due. You may submit multiple times up to the deadline, and only your last on-time submission is graded. Similarly, if you submit late, only your last submission before the deadline will be graded. No consideration in grading will be made for errors made in transferring files or submitting the wrong version of your project. Having a working, unsubmitted version will not count; only submitted code will be be counted.

Finally, any "hard coding" in a project assignment may result in a score of zero for that project, and is considered a bad-faith effort. Hard coding refers to attempting to make a program appear as if it works correctly, when in fact it does not. One example of hard coding would be printing the desired output instead of computing it. This is only one example, and if you have any questions as to what constitutes hard coding, be sure to ask ahead of time.


Excused absences

You are not required to come to class. That said, there will be a lot of material taught in class, and I often write on the board (as opposed to using slides). So it is in everyone's best interest to attend and engage during lectures.

You are, however required to attend scheduled exams. There are several excused absences from an exam: illness, religious observation, participation in required university activities, or a family or personal emergency. We will work with you to make sure that you have a fair amount of time to make up for excused absences. The best way that we can help is if we know about absences as well in advance as possible.

  • Provide a request for absence in writing.
  • Provide appropriate documentation that shows the absence qualifies as excused.
  • Provide as much advance notice as is possible, safe, and appropriate.

Please note that, because exams are considered "Major Scheduled Grading Events," a self-signed note may not be sufficient: For medical absences, you must furnish documentation from the health care professional who treated you, which must verify the timeframe that the student was unable to meet academic responsibilities. In addition, it must contain the name and phone number of the medical service provider to be used if verification is needed. No diagnostic information will ever be requested.

It is the University's policy to provide accommodations for students with religious observances conflicting with exams. You must inform the instructor prior to the end of the first two weeks of the class if you have a religious observation that conflicts with an exam,

For missed exams due to excused absences, the instructor will arrange a makeup exam. If you might miss an exam for any other reason other than those above, you must contact the instructor in advance to discuss the circumstances. We are not obligated to offer a substitute assignment or to provide a makeup exam unless the failure to perform was due to an excused absence.

The policies for excused absences do not apply to project assignments. Projects will be assigned with sufficient time to be completed by students who have a reasonable understanding of the necessary material and begin promptly. In cases of extremely serious documented illness of lengthy duration or other protracted, severe emergency situations, the instructor may consider extensions on project assignments, depending upon the specific circumstances.

Besides the policies in this syllabus, the University's policies apply during the semester. Various policies that may be relevant appear in the Undergraduate Catalog.


Academic integrity

The Campus Senate has adopted a policy asking students to include the following statement on each examination or assignment in every course: "I pledge on my honor that I have not given or received any unauthorized assistance on this examination (or assignment)." Consequently, you will be requested to include this pledge on each exam and project. Please also carefully read the Office of Information Technology's policy regarding acceptable use of computer accounts.

Programming projects are to be written individually, therefore cooperation or use of unauthorized materials on projects is a violation of the University's Code of Academic Integrity. Any evidence of this, or of unacceptable use of computer accounts, use of unauthorized materials or cooperation on exams or quizzes, or other possible violations of the Honor Code, will be submitted to the Student Honor Council, which could result in an XF for the course, suspension, or expulsion.

For learning the course concepts, students are welcome to study together or to receive help from anyone else. You may discuss with others the project requirements, the natures of the attacks covered, what was discussed in class and in the class web forum, and general syntax errors.

When it comes to actually writing a project assignment, other than help from the instructional staff a project must solely and entirely be your own work. Working with another student or individual, or using anyone else's work in any way except as noted in this paragraph, is a violation of the code of academic integrity and will be reported to the Honor Council. You may not discuss design of any part of a project with anyone except the instructor or teaching assistants.

Examples of questions that would be allowed are "Does a Java class definition end in a semicolon?" or "What does a 'class not found' error indicate?", because they convey no information about the contents of a project.

Examples of questions you may not ask others might be "How did you implement this part of the project?" or "Please look at my code and help me find my stupid syntax error!".

You may not use any disallowed source of information in creating either their project design or code. When writing projects you are free to use ideas or short fragments of code from published textbooks or publicly available information, but the specific source must be cited in a comment in the relevant section of the program.

Violations of the Code of Academic Integrity may include, but are not limited to:

  1. Failing to do all or any of the work on a project by yourself, other than assistance from the instructional staff.
  2. Using any ideas or any part of another person's project, or copying any other individual's work in any way.
  3. Giving any parts or ideas from your project, including test data, to another student.
  4. Allowing any other students access to your program on any computer system.
  5. Transferring any part of a project to or from another student or individual by any means, electronic or otherwise.

If you have any question about a particular situation or source then consult with the instructors in advance. Should you have difficulty with a programming assignment you should see the instructional staff in office hours, and not solicit help from anyone else in violation of these rules.

It is the responsibility, under the honor policy, of anyone who suspects an incident of academic dishonesty has occurred to report it to their instructor, or directly to the Honor Council.

Every semester the department has discovered a number of students attempting to cheat on project assignments, in violation of academic integrity requirements. Students' academic careers have been significantly affected by a decision to cheat. Think about whether you want to join them before contemplating cheating, or before helping a friend to cheat.

Students are welcome and encouraged to study and compare or discuss their implementations of the programming projects with any others after they are graded, provided that all of the students in question have received nonzero scores for that project assignment, and if that project will not be extended upon in a later project assignment.


Students with disabilities

Students with disabilities who have been certified by Disability Support Services as needing any type of special accommodations should see the instructor as soon as possible during the schedule adjustment period (the first two weeks of class). Please provide DSS's letter of accommodation to the instructor at that time.

All arrangements for exam accommodations as a result of disability must be made and arranged with the instructor at least three business days prior to the exam date; later requests (including retroactive ones) will be refused.

Course evaluations

If you have a suggestion for improving this class, don't hesitate to tell me or TAs dring the semester! At the end of the semester, please don't forget to provide your feedback using the campus-wide CourseEvalUM system. Your comments will help make this class better. CourseEvalUM is generally open the first couple weeks of December, but this is subject to change by campus.

Right to change information

Although every effort has been made to be complete and accurate, unforeseen circumstances arising during the semester could require the adjustment of any material given here. Consequently, given due notice to students, the instructor reserves the right to change any information on this syllabus or in other course materials.

Web Accessibility