Thanks to Lockheed Martin for a generous gift in support of this class.

CMSC 498L/ENEE 459L, Fall 2012

Cybersecurity Lab


Important announcements related to the course will be posted here. Please check this page daily.

  • None yet


Name Office E-mail Office Hours
Michel Cukier EGR 0151E mcukier at TBA
Jeff Foster AVW 4129 jfoster at MW 3:15-4:30pm, or by appointment
Mike Hicks AVW 4131 mwh at By appointment
Jonathan Katz AVW 3225 jkatz at By appointment
Gang Qu AVW 1417 gangqu at Tuesday 9-11, Friday 3:30-4:30

Teaching assistant: Joshua Kamdjou (jkamdjou AT Office hours TBA.

Course Description

In this course, we will study contemporary issues in computer security, with a focus on key security challenges and software tools to help discover and remediate potential security vulnerabilities. The course will be held in a computer lab, and 30-50% of class time will be spent doing hands-on lab exercises. Four main topics will be covered during the semester: software security, cryptography and network security, intrusion-detection systems, and hardware security.

The following is a tentative list of topics that may be explored in this class
  • Cryptography and network security
    • Padding oracle attacks on CBC-mode encryption
    • Rainbow tables for password cracking
    • Cryptanalysis of encryption based on stream ciphers with IV re-use
    • Wireless security; WEP cracking
    • Wireshark
    • The SSL protocol
    • Host exploitation using nmap and Metasploit
  • Software security
    • Finding security vulnerabilities in C and Java using static analysis
    • Buffer-overflow attacks
    • Symbolic execution
    • Dataflow anaysis
    • Web security
  • Hardware security
    • Hardware trojans
    • Security and trust in sequential circuit design
    • Hardware implementation of security primitives
    • Side-channel attacks
  • Intrusion detection systems (IDS)
    • Signature and anomaly-based IDS
    • Network and host-based IDS
    • Honeypots
    • IDS validation

General Information

  • The class meets Tuesday and Thursday from 3:30-4:45 in 2446 AV Williams.
  • A large portion of the class will involve hands-on lab exercises. Although there are Windows desktops in the classrooms, it is recommended that students bring their own laptops to every lecture (including the first) unless told otherwise, in advance, by the instructor.
  • Grading will be based on regular homeworks and in-class exercises (40%), a midterm (30%), and a final (30%). Class participation will be taken into account for borderline grades. Note that homeworks/exercises will constitute a significant portion of the final grade.


In this course you will learn techniques for both defending and exploiting computer systems, software, and networks. The goal of learning about these exploits is to provide context and understanding for the design of secure systems.

You should never attempt to penetrate or exploit any computer network or system, or adversely affect the operation of a computer network or system, without explicit written authorization from the owner/operator of that network/system. Such actions may be in violation of University of Maryland, State, and/or Federal law.

We expect all students in this class to follow these guidelines. If you are in doubt about the legality, appropriateness, or ethicality of any activities related to this course, please consult one of the course instructors.

Please also read the Office of Information Technology's policy regarding acceptable use of computer accounts.

Academic Integrity

Programming projects are to be written individually, therefore cooperation or use of unauthorized materials on projects is a violation of the University's Code of Academic Integrity. Any evidence of this, or of unacceptable use of computer accounts, use of unauthorized materials or cooperation on exams or quizzes, or other possible violations of the Honor Code, will be submitted to the Student Honor Council, which could result in an XF for the course, suspension, or expulsion.
  • For learning the course concepts, students are welcome to study together or to receive help from anyone else. You may discuss with others the project requirements, what was discussed in class and in the class web forum, and general syntax errors.
  • When it comes to actually writing a project assignment, other than help from the instructional staff a project must solely and entirely be your own work. Working with another student or individual, or using anyone else's work in any way except as noted in this paragraph, is a violation of the code of academic integrity and will be reported to the Honor Council. You may not discuss design of any part of a project with anyone except the instructor or teaching assistants. Examples of questions you may not ask others might be "How did you implement this part of the project?" or "Please look at my code and help me find my error!". You may not use any disallowed source of information in creating either their project design or code. When writing projects you are free to use ideas or short fragments of code from published textbooks or publicly available information, but the specific source must be cited in a comment in the relevant section of the program.

Violations of the Code of Academic Integrity may include, but are not limited to:

  1. Failing to do all or any of the work on a project by yourself, other than assistance from the instructional staff.
  2. Using any ideas or any part of another person's project, or copying any other individual's work in any way.
  3. Giving any parts or ideas from your project, including test data, to another student.
  4. Allowing any other students access to your program on any computer system.
  5. Transferring any part of a project to or from another student or individual by any means, electronic or otherwise.

If you have any question about a particular situation or source then consult with the instructors in advance. Should you have difficulty with a programming assignment you should contact the instructional staff, and not solicit help from anyone else in violation of these rules.

It is the responsibility, under the honor policy, of anyone who suspects an incident of academic dishonesty has occurred to report it to their instructor, or directly to the Honor Council.

Every semester the department has discovered a number of students attempting to cheat on project assignments, in violation of academic integrity requirements. Students' academic careers have been significantly affected by a decision to cheat. Think about whether you want to join them before contemplating cheating, or before helping a friend to cheat.

You are welcome and encouraged to study, compare, or discuss implementations of the programming projects after they have been graded, provided that all the students in question have received nonzero scores for that project assignment, and the project will not be extended in a later project assignment.