CS 4440: Introduction to Computer Security

This course teaches the security mindset and introduces the principles and practices of computer security as applied to software, systems, and networks. It covers the foundations of building, using, and managing secure systems. Topics include standard cryptographic functions and protocols, and threats and defenses for real-world systems.

This class is open to undergraduates. It is recommended that you have familiarity with topics like software engineering, software debugging, basic networking, computer organization, the web and databases, and the command-line terminal; and with languages such as Python, SQL, HTML, and C/C++. This course is weighted 3 credit hours.

Learning Outcomes: At the end of the course, students will be able to:

Explain the objectives and functions of common communication, network, and software defenses.
Understand how common vulnerabilities and implementation flaws weaken the security of a system.
Apply the attacker and defender mindsets to model the threats faced by an arbitrary computer system.
Identify attack surfaces of system layers and their impacts on confidentiality, integrity, and availability.
Replicate real-world attacks to exploit flaws in basic communication, network, and software defenses.
Judge the security of a system based on its access control policies, defense measures, and software.

Professor	Stefan Nagy
Teaching Assistants	Mandy Mieu Porter Smith Trace Engel
Prerequisites	CS 3500, with a grade of C- or better.
Lectures	WEB L105, Tuesdays and Thursdays, 2:00–3:20PM Slides will be posted on the Schedule.
Office Hours	See calendar below. Visit any TA’s office hours for assignment help or grading concerns. Please sign up on the TA Queue when you arrive. Visit the Professor’s office hours for questions about lecture material.
Communication	We use Piazza for announcements and discussion about assignments and other course material. Assignments will be posted on this site, and collected and graded via Canvas or Gradescope (as specified in the assignment's instructions). For administrative issues, email snagy@cs.utah.edu.
Recommended Reading	Introduction to Computer Security by Goodrich and Tamassia Security Engineering by Ross Anderson Cryptography Engineering by Ferguson, Schneier, and Kohno
UofU Cyber Resources	The UtahSec Cyber Security Club The Utah Software Security Group Professor Nagy's FuTURES³ Lab Professor Xu's research group Professor Garcia's research group Professor Soni's research group Professor Zhang's research group Professor Patil's research group Professor Kasera's research group

Office Hours Calendar

For TA hours, please sign up on the TA Queue when you arrive. TAs will answer student questions in first-come, first-serve order.

Grading

Lecture Quizzes	10%	Weekly solo quizzes to check your understanding of lectures (lowest score dropped).
Programming Projects	50%	Four programming projects (worth 12.5% each), completed in teams of up to two.
Participation	5%	Lecture attendance, and intellectual contributions made on Piazza and in class.
Final Exam	35%	One exam covering all course material (date: 1-3PM on Monday, December 11th).

Late Assignments Policy

Lecture Quiz due dates are strict, and no late submissions will be accepted. Programming Project submissions will be accepted for a penalty of 10% of the potential score on late assignments (e.g. 10 points on a 100 point assignment); and late submissions will not be accepted after 48 hours past the deadline. Please note there is no guarantee of support from the teaching staff (office hours, Piazza answers, etc.) during the late submission period. The instructor may grant individual extensions, but only under extraordinary circumstances. We strongly recommend that you get started and attend office hours early.

Collaboration and Academic Integrity

We are here to provide a nurturing environment for everyone enrolled in the course. However, violations of Utah's Standards of Academic Integrity, such as cheating or unacceptable collaboration, will result in appropriate disciplinary action such as a failing grade on the assignment, failure in the course, probation, suspension, or dismissal from the University. Cheating is when you copy, with or without modification, someone else’s work that is not meant to be publicly accessible. Unacceptable collaboration is the knowing exposure of your own exam answers, project solutions, or homework solutions, or the use of someone else’s answers or solutions.

At the same time, we encourage students to help each other learn the course material. As in most courses, there is a boundary separating these two situations. You may give or receive help on any of the concepts covered in lecture. You are allowed to consult with other students about the conceptualization of a project, or the general approach for solving problems. However, all work, whether in scrap or final form, must be done by you (or your project partners, where applicable).

If you have any questions as to what constitutes unacceptable collaboration or exploitation of prior work, please talk to a member of the course staff right away. You are expected to exercise reasonable precautions to protect your own work, including not posting solutions publicly (e.g., public GitHub repos) and not sharing code outside of your group.

Ethical and Lawful Use of Technology

To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in CS 4440 is that you must respect the privacy and property rights of others at all times, or else you will fail the course.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), one of several federal laws that broadly criminalizes computer intrusion (i.e., "hacking"). Understand what the law prohibits—you dont want to end up like this guy. If in doubt, we can refer you to an attorney.

Please review the University's Acceptable Use Policy concerning proper use of information technology, as well as the Student Code. As members of the university, you are required to abide by these (and all other) policies.

University Policies

1. The Americans with Disabilities Act. The University of Utah seeks to provide equal access to its programs, services, and activities for people with disabilities. If you will need accommodations in this class, reasonable prior notice needs to be given to the Center for Disability & Access, 162 Olpin Union Building, 801-581-5020. CDS will work with you and the instructor to make arrangements for accommodations. All written information in this course can be made available in an alternative format with prior notification to the Center for Disability & Access. Given the nature of this course, attendance is required and adjustments cannot be granted to allow non-attendance. However, if you need to seek an ADA accommodation to request an exception to this attendance policy due to a disability, please contact the Center for Disability and Access (CDA). CDA will work with us to determine what, if any, ADA accommodations are reasonable and appropriate.

2. University Safety Statement. The University of Utah values the safety of all campus community members. To report suspicious activity or to request a courtesy escort, call campus police at 801-585-COPS (801-585-2677). You will receive important emergency alerts and safety messages regarding campus safety via text message. For more information regarding safety and to view available training resources, including helpful videos, visit safeu.utah.edu.

3. Addressing Sexual Misconduct. Title IX makes it clear that violence and harassment based on sex and gender (which Includes sexual orientation and gender identity/expression) is a civil rights offense subject to the same kinds of accountability and the same kinds of support applied to offenses against other protected categories such as race, national origin, color, religion, age, status as a person with a disability, veteran’s status or genetic information. If you or someone you know has been harassed or assaulted, you are encouraged to report it to the Title IX Coordinator in the Office of Equal Opportunity and Affirmative Action, 135 Park Building, 801-581-8365, or the Office of the Dean of Students, 270 Union Building, 801-581-7066. For support and confidential consultation, contact the Center for Student Wellness, 426 SSB, 801-581-7776. To report to the police, contact the Department of Public Safety, 801-585-COPS (801-585-2677).