For course schedule, click here .

Course Logistics

Monday, Wednesday, and Friday 4:10 PM - 5:00 PM
Location: Barnard Hall 103
(Note: Due to my class schedule, class may start a couple minutes late on most days)

All lectures will be recorded, but I still highly encourage you to come to class. People that attend lecture do better in the class.

Instructor

      Reese Pearsall
      Email: reese.pearsall@montana.edu
      Office Hours: Monday, Wednesday, Friday 1:00 - 2:00 PM, Tuesdays 11:00 AM -12:00 PM and 1:00 - 2:00 PM
      Office: Barnard Hall 361
     

      If my door is ever open, you can stop by. You can also email me to arrange a time to meet outside of office hours.
      I can also meet via Zoom/Webex if needed. Email me to arrange a time

Teaching Assistant and Grader

• Gerard Fuhnwi
• Email: gerardfuhnwi@yahoo.com
• Office Hours: Tuesday at 2:10 - 4:10 PM in Barnard Hall 259

Textbook

• Computer & Internet Security: A Hands-on Approach by Wenliang Du (3rd Edition)


• I will not require you to purchase this textbook. If you do decide to purchase it, make sure you get the 3rd edition and not the 2nd edition. The 2nd edition does not include support for docker (a tool that we will heavily utilize in this course).

Other Required Materials

• You will need access to a machine that can load a SEED Labs VM. We will be using the VM for all the assignments in this course

Class Communication

• Discord server link
• I will be using Discord to make announcements, answer any questions, discuss course material, and help debug issues. Please do not overshare answers or solutions in the public channels
• I am literally always on Discord, so you always shoot me a DM whenever.

CSCI 476 Code Github Repository

• Link (Coming Soon)

Other Resources

• SEED Labs Website
• Linux man Pages
• VirtualBox
• Docker (already installed on our VM)

Catalog Description

• Credits: 3


• Prerequisite: CSCI 232- Data Structures and Algorithms (Required)
• Prerequisite: CSCI 366- Computer Systems (Recommended)
• Prerequisite: CSCI 112- Programming in C (STRONGLY STRONGLY STRONGLY Recommended)


• Description: Introduction to computer security. Covers security issues in software design and development from technical, social and legal viewpoints. Topics include cryptography, security models, software security, authentication, authorization, and system security

Note from Reese: The prerequisite list is pretty beefy, but I will cover all the relevant background information from those classes during before starting each section. We will be tinkering around with memory (stack and heap, processes, etc) and working very closely with C programs. If you have not taken C programming, I would highly recommend withdrawing and taking this class at a later time. Please email or chat with me if you have any concerns about prereqs for this course

Before taking this class, I expect you to be comfortable with basic programming in C and Python. You should be comfortable with basic Linux command line navigation. You should also be familiar with some of the fundamental concepts of a computer system (CPU, Assembly & Hexademical, Memory, Networks and HTTP)

You will be totally fine if you have not taken CSCI 460 (Operating Systems) or CSCI 466 (Networks)

Course Outcomes

By the end of this course, students should be be able to:

• Understand important principles of security and threats to the CIA triad
• Understand a variety of relevant vulnerabilities and defenses in software security (SETUID, Shellshock, Buffer Overflow, Format Strings)
• Understand a variety of relevant vulnerabilities and defenses in network security (SQL Injection, XSS, DNS Cache Poisoning, Firewalls, TCP/IP attacks)
• Understand a variety of relevant vulnerabilities and defenses in cryptography (Asymmetric, symmetric, One Way Hashing, RSA)
• Given a system, develop a threat model, assess potential security weaknesses, and be able to think from the perspective of a threat actor
• Make technical decisions during development of software with security in mind

Grading

70% - Labs (12 @ ~6% each) (this will likely only be 11 labs)
15% - Research Project/Paper
15% - Final Lab

Grading Breakdown

Labs (70%) (12 labs @ ~6% each)- The labs are the primary assignments and focus in this class. These are hands-on activities where you get to experience exploiting the vulnerabilities that we discuss in lecture using the SEED labs VM. These are generally due every week and you have about 1 week to complete the labs. You will follow lab instructions and record your findings/output in a word document and then submit it to D2L as a PDF. Labs are to be done individually.

Research Project/Paper (15%)- Because security covers such a large breadth of topics, we cannot discuss every interesting topic in this 16-week course. The research project will allow you to explore a security-related topic of your choice and write a short report OR presentation about your topic. You can choose any security-related topic that we do not cover in this course, but you must get it approved by Reese first. You can generally submit your project anytime to D2L during semester before the final week.

Final Lab (15%)- The final lab will be a cumulative lab that covers all the content from the semester. This will take about 2-3x longer than a typical lab to complete and will be due during finals week.

Extra Credit (?%)- There will be extra credit opportunities at certain times during the semester. This extra credit is applied to your final grade, or your final lab grade

Grading Scale

• 93+: A
• 90+: A-
• 87+: B+
• 83+: B
• 80+: B-
• 77+: C+
• 73+: C
• 70+: C-
• 67+: D+
• 63: D
• 60: D-

Q: Do you curve exams or final grades?
A: Maybe, but probably not. If exams or final grades are lower than I anticipated, then I may apply a curve. For final grades, if you are within 1% of the next letter grade, I will bump you up.

Late Assignment Policy

You will be given 1 virtual late passes. Late passes allow you to submit a lab up to 48 hours late with NO penalty-- no excuse required.

To use a late pass, you must indicate in your submission that you are electing to use a late pass (e.g. at the top of your lab report and in the comment box on your submission in D2L).

Note that you cannot change this decision later.

If you do not use a late pass, the penalties for late submissions are as follows:

• < 24 hours: 25%
• < 48 Hours 50%
• > 48 hours: no credit.

Getting Help and Succeeding

Like with many CS assignments, you should not attempt to do an entire lab the night before it is due. Make sure you give yourself plenty of time to complete each assignment. The SeedLabs can crash unexpectedly,

Collaboration Policy

All students should read the MSU Student Conduct Code.

All labs will be individual submissions.

When it comes to labs, you may

• Share ideas with other students in the class.
• Work together on labs in the same physical location.
• Help other students troubleshoot problems.
• Give hints or provide textbook page numbers/slide numbers to students seeking help

You may NOT

• Share your code and solutions with other students.
• Submit solutions that you did not write.
• Modify another student's solution and claim it as your own.
• Share your report or solutions directly on Discord

Failure to abide by these rules will result in an "F" for the course and being reported to the Dean of Students.

Plagiarism

You may not copy or modify solutions that are not your own (e.g. from the Internet, classmate, ...) for any graded material. Copying and pasting very small snippets of code is acceptable, however copying/pasting or stealing entire solutions from an external source is prohibited. I know how to use the Google and I have a Chegg membership, so If you find something, I will too! It is easy for me to tell if you copy and pasted code from the Internet, so please do not engage in such academic misconduct. If I find a student engaging in plagiarism, I will have to report you to the Dean of Students.

More Helpful MSU Resources

---