Description

This course is an introduction to the broad field of computer and network security. We will cover software security, network security, some cryptography, and will discuss several secure applications in detail.

Prerequisites

The prerequisites for this course are a C- or better in both CMSC 216 and CMSC 330.

Legality and ethics

Throughout the semester, you will be learning (and implementing and launching) various attacks. This is not an invitation to perform these attacks without the express written consent of all parties involved. To do otherwise would risk a violating University of Maryland policies and Maryland and U.S. laws.

The goal is to foster discovery, experimentation, and exploration, but in a safe, ethical, and respectful fashion, always. If you have an idea and want a safe environment to try it out, then let us know, and I'll try to set something up. If you have any questions or concerns, then do not hesitate to contact me or your TAs directly.


List of topics (tentative)

This course covers a very broad range of topics within computer security, with the goal of instilling a security mindset, and teaching some of the core principles of security that will allow students to pursue research in the field upon completion.

The following list of tentative lecture topics will vary in terms of pace:

  • Security background and definitions
  • Software security (attacks and defenses)
    • Buffer overflows
    • Viruses
    • Secure software development
  • Web security
    • SQL injection
    • XSS and CSRF
    • Clickjacking and phishing
  • Cryptographic primitives
    • Symmetric and public key cryptography
    • Public key infrastructures (certificates, TLS/SSL)

  • Applications of cryptography
    • Digital currency
    • Anonymous communication
  • Human factors in security
    • Privacy
    • Human behavior
  • Network security
    • Networking background
    • Attacks across all layers
    • Network control (firewalls, VPNs)
  • Economic incentives and underground economies


Online resources

Website Various course materials will be made available on the class website, which can be accessed at http://www.cs.umd.edu/class/spring2019/cmsc414/
Piazza Class help and details will also be posted on Piazza. This provides a forum for you to post questions (and answer those from others), as well as share insights and engage on all things security. Keep in mind, however, that even though this is a class-specific forum, cheating or facilitating cheating is not allowed there (or anywhere): do not post project code or pseudocode. The class Piazza page is available at https://piazza.com/umd/spring2019/cmsc414/.

Computing resources

Most of your projects will be done within class-provided Virtual Machines (VMs). Your project submissions must work within the VM as provided: some of our projects will be architecture-specific, so it is critical that you test thoroughly within the VM provided. Thus we strongly recommend that if you develop any project on another system, you should complete it several days early to have time to address any compatibility problems.

Submission instructions will be provided with the projects.


Grading

Grades will be maintained on ELMS. You can always see your current grade here.

You are responsible for all material discussed in lecture and discussion section and posted on the class web page, including announcements, deadlines, policies, etc. During the semester we may provide ungraded practice homework exercises and solutions. While we will not collect these exercises, completing them is essential preparation for exams. You may work together on these ungraded homeworks, and you may of course come to office hours for additional help.

Your final course grade will be determined by the following tentative percentages:

4 Programming projects
(12% projects 1-3, 14% project 4)
50%
2 Midterms
(15% each)
30%
Final exam 20%
Meet your professor +1%

Final course grades will be curved as necessary, based on each student's total numeric score for all coursework at the end of the semester.

Important

Completing the programming assignments is an essential part of the course. Therefore, we may fail any student who does not make a good-faith attempt on all course projects, regardless of the student's performance or scores on the other coursework.


Exam scheduling

The class includes two midterms and a final exam. All of them are in the room where we normally hold class. Likely dates for the exams are:

Midterm #1: March 12, 2018 (in class)

Midterm #2: April 18, 2018 (in class)

Final: TBD (see official schedule)

If these dates need to change for some reason, we will let you know as soon as possible.

Regrading

Any request for reconsideration of any grading on coursework must be submitted within two weeks of when it is returned. Exam regrading requests must be made in writing. Any coursework submitted for reconsideration may be regraded in its entirety, which could result in a lower score if warranted.

Meet your professor

For an extra bonus percentage point, you may come to office hours or another arranged time to meet one of your professors. This must not include class-specific topics: we can talk about research, future plans, whatever you'd like!


Project policies

All projects will be due 11:59:59pm EST of the day given in the project description for full credit.

Projects may be submitted up to 24 hours late for a 10% penalty. (For example, a project that would have earned 90 points for an on-time submission will earn 81, that is, 90 times 0.90.) If you submit both on-time & late, your project will received the maximum of the penalty-adjusted scores.

Project extensions will not be granted due to system problems, network problems, power outages, etc., so do not wait to submit a project until the night it is due. You may submit multiple times up to the deadline, and only your last on-time submission is graded. Similarly, if you submit late, only your last submission before the deadline will be graded. No consideration in grading will be made for errors made in transferring files or submitting the wrong version of your project. Having a working, unsubmitted version will not count; only submitted code will be be counted.

Finally, any "hard coding" in a project assignment may result in a score of zero for that project, and is considered a bad-faith effort. Hard coding refers to attempting to make a program appear as if it works correctly, when in fact it does not. One example of hard coding would be printing the desired output instead of computing it. This is only one example, and if you have any questions as to what constitutes hard coding, be sure to ask ahead of time.


Excused absences

You are not required to come to class. That said, there will be a lot of material taught in class, and I often write on the board (as opposed to using slides). So it is in everyone's best interest to attend and engage during lectures.

You are, however required to attend scheduled exams. There are several excused absences from an exam: illness, religious observation, participation in required university activities, or a family or personal emergency. We will work with you to make sure that you have a fair amount of time to make up for excused absences. The best way that we can help is if we know about absences as well in advance as possible.

  • Provide a request for absence in writing.
  • Provide appropriate documentation that shows the absence qualifies as excused.
  • Provide as much advance notice as is possible, safe, and appropriate.

Any student who needs to be excused for an absence from a single lecture, recitation, or lab due to a medically necessitated absence shall make a reasonable attempt to inform the instructor of his/her illness prior to the class. Upon returning to the class, present their instructor with a self-signed note attesting to the date of their illness. Each note must contain an acknowledgment by the student that the information provided is true and correct. Providing false information to University officials is prohibited under Part 9(i) of the Code of Student Conduct (V-1.00(B) University of Maryland Code of Student Conduct) and may result in disciplinary action.

Self-documentation may not be used for the Major Scheduled Grading Events (midterm and final exams) and it may only be used for only one class meeting during the semester. Any student who needs to be excused for a prolonged absence (two or more consecutive class meetings), or for a Major Scheduled Grading Event, must provide written documentation of the illness from the Health Center or from an outside health care provider. This documentation must verify dates of treatment and indicate the timeframe that the student was unable to meet academic responsibilities. In addition, it must contain the name and phone number of the medical service provider to be used if verification is needed. No diagnostic information will ever be requested.

For missed exams due to excused absences, the instructor will arrange a makeup exam. If you might miss an exam for any other reason other than those above, you must contact the instructor in advance to discuss the circumstances. We are not obligated to offer a substitute assignment or to provide a makeup exam unless the failure to perform was due to an excused absence.

The policies for excused absences do not apply to project assignments. Projects will be assigned with sufficient time to be completed by students who have a reasonable understanding of the necessary material and begin promptly. In cases of extremely serious documented illness of lengthy duration or other protracted, severe emergency situations, the instructor may consider extensions on project assignments, depending upon the specific circumstances.

Besides the policies in this syllabus, the University's policies apply during the semester. Various policies that may be relevant appear in the Undergraduate Catalog.


Academic integrity

The Campus Senate has adopted a policy asking students to include the following statement on each examination or assignment in every course: "I pledge on my honor that I have not given or received any unauthorized assistance on this examination (or assignment)." Consequently, you will be requested to include this pledge on each exam and project. Please also carefully read the Office of Information Technology's policy regarding acceptable use of computer accounts.

Programming projects are to be written individually, therefore cooperation or use of unauthorized materials on projects is a violation of the University's Code of Academic Integrity. Any evidence of this, or of unacceptable use of computer accounts, use of unauthorized materials or cooperation on exams or quizzes, or other possible violations of the Honor Code, will be submitted to the Student Honor Council, which could result in an XF for the course, suspension, or expulsion.

For learning the course concepts, students are welcome to study together or to receive help from anyone else. You may discuss with others the project requirements, the natures of the attacks covered, what was discussed in class and in the class web forum, and general syntax errors.

When it comes to actually writing a project assignment, other than help from the instructional staff a project must solely and entirely be your own work. Working with another student or individual, or using anyone else's work in any way except as noted in this paragraph, is a violation of the code of academic integrity and will be reported to the Honor Council. You may not discuss design of any part of a project with anyone except the instructor or teaching assistants.

Examples of questions that would be allowed are "Does a Java class definition end in a semicolon?" or "What does a 'class not found' error indicate?", because they convey no information about the contents of a project.

Examples of questions you may not ask others might be "How did you implement this part of the project?" or "Please look at my code and help me find my stupid syntax error!".

You may not use any disallowed source of information in creating either their project design or code. When writing projects you are free to use ideas or short fragments of code from published textbooks or publicly available information, but the specific source must be cited in a comment in the relevant section of the program.

Violations of the Code of Academic Integrity may include, but are not limited to:

  1. Failing to do all or any of the work on a project by yourself, other than assistance from the instructional staff.
  2. Using any ideas or any part of another person's project, or copying any other individual's work in any way.
  3. Giving any parts or ideas from your project, including test data, to another student.
  4. Allowing any other students access to your program on any computer system.
  5. Transferring any part of a project to or from another student or individual by any means, electronic or otherwise.

If you have any question about a particular situation or source then consult with the instructors in advance. Should you have difficulty with a programming assignment you should see the instructional staff in office hours, and not solicit help from anyone else in violation of these rules.

It is the responsibility, under the honor policy, of anyone who suspects an incident of academic dishonesty has occurred to report it to their instructor, or directly to the Honor Council.

Every semester the department has discovered a number of students attempting to cheat on project assignments, in violation of academic integrity requirements. Students' academic careers have been significantly affected by a decision to cheat. Think about whether you want to join them before contemplating cheating, or before helping a friend to cheat.

Students are welcome and encouraged to study and compare or discuss their implementations of the programming projects with any others after they are graded, provided that all of the students in question have received nonzero scores for that project assignment, and if that project will not be extended upon in a later project assignment.


Academic accommodations (Accessibility and Disability Service, ADS)

Any student eligible for and requesting reasonable academic accommodations due to a disability is requested to provide, to one of the professors in office hours, a letter of accommodation from the Office of Accessibility and Disability Services (ADS) within the first two weeks of the semester.

All arrangements for exam accommodations as a result of disability must be made and arranged with the instructor at least three business days prior to the exam date; later requests (including retroactive ones) will be refused.

Course evaluations

If you have a suggestion for improving this class, don't hesitate to tell us or TAs dring the semester! At the end of the semester, please don't forget to provide your feedback using the campus-wide CourseEvalUM system. Your comments will help make this class better. CourseEvalUM is generally open the first couple weeks of December, but this is subject to change by campus.

Right to change information

Although every effort has been made to be complete and accurate, unforeseen circumstances arising during the semester could require the adjustment of any material given here. Consequently, given due notice to students, the instructor reserves the right to change any information on this syllabus or in other course materials.

Web Accessibility