For course schedule, click here .

Course Logistics

Tuesday, Thursday 3:05 PM - 4:20 PM
Location: Reid 102

Instructor

      Reese Pearsall
      Email: reesepearsall@montana.edu
      Office Hours: Monday, Wednesday, Friday 10:00-10:50, Thursdays 1:00-2:30
      Office: Barnard Hall 361
     

      I can also meet via Zoom if needed. Email me to arrange a time

Teaching Assistant and Grader

• Karishma Rahman
• Email: karishma.rahman.bd@gmail.com
• Office Hours: Tuesdays 11:00 am to 12:00 pm and 1:10 - 2:00 in Barnard Hall 259

Textbook

• Computer & Internet Security: A Hands-on Approach by Wenliang Du (2nd Edition)


• Make sure you get the 2nd edition and not the 3rd edition. The 3rd edition is missing some topics that we cover in this course.

Other Required Materials

• You will need access to a machine that can load a SEED Labs VM

Class Communication

• Discord server link
• I will be using Discord to make announcements, answer any questions, discuss course material, and help debug issues. Please do not overshare answers or solutions in the public channels
• I am literally always on Discord, so you always shoot me a DM whenever.

CSCI 476 Code Github Repository

• Link (Coming Soon)

Other Resources

• SEED Labs Website
• Linux man Pages
• VirtualBox

Catalog Description

• Credits: 3


• Prerequisite: CSCI 232- Data Structures and Algorithms (Required)
• Prerequisite: CSCI 366- Computer Systems (Recommended)
• Prerequisite: CSCI 112- Programming in C (STRONGLY STRONGLY STRONGLY Recommended)


• Description: Introduction to computer security. Covers security issues in software design and development from technical, social and legal viewpoints. Topics include cryptography, security models, software security, authentication, authorization, and system security

Note from Reese: The prerequisite list is pretty beefy, but I will cover all the relevant background information from those classes during before starting each section. We will be tinkering around with memory (stack and heap, processes, etc) and working very closely with C programs. If you have not taken C programming, I would highly recommend withdrawing and taking this class at a later time. Please email or chat with me if you have any concerns about prereqs for this course

Before taking this class, I expect you to be comfortable with basic programming in C and Python. You should be comfortable with basic Linux command line navigation. You should also be familiar with some of the fundamental concepts of a computer system (CPU, Assembly & Hexademical, Memory, Networks and HTTP)

Course Outcomes

By the end of this course, students should be be able to:

• Understand important principles of security and threats to the CIA triad
• Understand a variety of relevant vulnerabilities and defenses in software security (SETUID, Shellshock, Buffer Overflow)
• Understand a variety of relevant vulnerabilities and defenses in network security (SQL Injection, XSS, TCP/IP attacks)
• Understand a variety of relevant vulnerabilities and defenses in cryptography (Asymmetric, symmetric, One Way Hashing)
• Given a system, develop a threat model, assess potential security weaknesses, and be able to think from the perspective of a threat actor
• Make technical decisions during development of software with security in mind

Grading

70% - Labs (10 @ 7% each)
15% - Research Project and Paper
15% - Final Exam

Grading Breakdown

Labs (70%) (10 labs @ 7% each)- The labs are the primary assignments and focus in this class. These are hands-on activities where you get to experience exploiting the vulnerabilities that we discuss in lecture using the SEED labs VM. These are generally due every week and you have about 1 week to complete the labs. You will follow lab instructions and record your findings/output in a word document and then submit it to D2L as a PDF. Labs are to be done individually.

Research Project and Paper (15%)- Because security covers such a large breadth of topics, we cannot discuss every interesting topic in this 16-week course. The research project will allow you to explore a security-related topic of your choice and write a short report and presentation about your topic. You can choose any security-related topic that we do not cover in this course, but you must get it approved by Reese first. You can generally submit your project anytime to D2L during semester before the final week.

Final Exam (15%)- The final exam will take place during finals week. This is a cumulative exam that will ask you conceptual questions about topics we've talked about. A note sheet is allowed and the exam will consist of free response questions.

Extra Credit (?%)- There will probably be extra credit opportunities at certain times during the semester.

Grading Scale

• 93+: A
• 90+: A-
• 87+: B+
• 83+: B
• 80+: B-
• 77+: C+
• 73+: C
• 70+: C-
• 67+: D+
• 63: D
• 60: D-

Q: Do you curve exams or final grades?
A: Maybe, but probably not. If exams or final grades are lower than I anticipated, then I may apply a curve. For final grades, if you are within 1% of the next letter grade, I will bump you up.

Late Assignment Policy

You will be given 1 virtual late passes. Late passes allow you to submit a lab up to 48 hours late with NO penalty-- no excuse required.

To use a late pass, you must indicate in your submission that you are electing to use a late pass (e.g. at the top of your lab report and in the comment box on your submission in D2L).

Note that you cannot change this decision later.

If you do not use a late pass, the penalties for late submissions are as follows:

• < 24 hours: 25%
• < 48 Hours 50%
• > 48 hours: no credit.

Getting Help and Succeeding

Like with many CS assignments, you should not attempt to do an entire lab the night before it is due. Make sure you give yourself plenty of time to complete each assignment.

Collaboration Policy

All students should read the MSU Student Conduct Code.

All labs will be individual submissions.

When it comes to labs, you may

• Share ideas with other students in the class.
• Help other students troubleshoot problems.
• Give hints or provide textbook page numbers/slide numbers to students seeking help

You may NOT

• Share your code and solutions with other students.
• Submit solutions that you did not write.
• Modify another student's solution and claim it as your own.
• Share your report or solutions directly on Discord

Failure to abide by these rules will result in an "F" for the course and being reported to the Dean of Students.

Plagiarism

You may not copy or modify solutions that are not your own (e.g. from the Internet, classmate, ...) for any graded material. Copying and pasting very small snippets of code is acceptable, however copying/pasting or stealing entire solutions from an external source is prohibited. I know how to use the Google and I have a Chegg membership, so If you find something, I will too! It is easy for me to tell if you copy and pasted code from the Internet, so please do not engage in such academic misconduct. If I find a student engaging in plagiarism, I will have to report you to the Dean of Students.

More Helpful MSU Resources

---