Instructor Information

Role Name Office Phone Email Office Location
Instructor Prof. William Enck 919.513.7905 whenck@ncsu.edu 2240M EB2 / Virtual
TA Alex Ross - ajross6@ncsu.edu -
TA Zahra Shiraz - zshiraz@ncsu.edu -

Virtual Office Hours

Prof. William Enck Mondays 3-4pm and by appointment
Alex Ross Thursdays 4-5pm
Zahra Shiraz Wednesdays 3-4pm

The Zoom link for office hours is listed in Moodle.

Note: Since all office hours are virtual, students in both the regular and DE section may attend any office hours. Additional office hours will be created for DE students if needed.

Preferred Method of Communication

Announcements and online class discussion will occur via Piazza. Important announcements may also be sent via the class Google Groups mailing list. General class questions should be conducted via the class Piazza. This will help other students who who have the same question. The discussion forum should only be used for non-sensitive information.

Students may also email the Instructor and TAs. When emailing, use “[CSC/ECE 574]” in the subject. Email the TAs and CC the instructor if a) you have a homework grading issue, or b) you need to ask a question that would reveal a partial/complete solution to a homework problem. Email the instructor or meet during office hours if a) you have an exam grading issue, or b) you have a personal issue that you don’t want to share with the TA.

Response Time

Instructors and TAs will do their best to respond to emails within 24 hours.

Course Information

Course CSC/ECE 574 - Computer and Network Security, Fall 2022
Credits 3
Meeting Location 2207 EB3
Meeting Times Tu/Th 10:15-11:30am
Course Website https://people.engr.ncsu.edu/whenck/csc574/f22
Class Forum Class discussion will take place via Piazza

Prerequisites/Corequisites

Formal: (CSC 316 or ECE309) and (CSC 401 or ECE407) or equivalent

Informal: You need to understand (1) IP networks, (2) modern operating systems (e.g., Windows, Linux), (3) discrete mathematics, (4) basics of systems theory and implementation (e.g., file systems, distributed systems, networking, operating systems, etc.). If you do not have a basic understanding of these areas, you will have difficulty with the course. If you have questions regarding these prerequisites, please contact the instructor.

General Education Program (GEP) Information

None

Course Overview

Catalog Description

Fundamentals of computer security and privacy, including security models, policies, and mechanisms. Cryptography for secure systems, including symmetric and asymmetric ciphers, hash functions, and integrity mechanisms. Authentication of users and computers. Network attacks and defenses at the network and application layers. Common software vulnerabilities and mitigation strategies. Secure operating systems and seminal access control models and policies. Principles of intrusion detection. Privacy, including considerations of end-user technologies.

Course Description

This course provides a graduate-level introduction to computer and network security and privacy. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course covers four key topic areas: basics of cryptography and crypto protocols, network security, systems security, and privacy. Readings primarily come from seminal papers in the field. A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.

Course Objectives / Goals

The goal of CSC/ECE 574 is to provide students with a foundation of computer security fundamentals. It is the first of a set of courses security PhD students and MS students who pursue the MS Track in Security will take, and it serves as an introduction to material that will be covered in later security electives in cryptography, network security, software security, systems security, and privacy. It is also suitable as a single elective for MS students and PhD students who wish to enrich their education with an expanded base of computer security experience. After graduation, students can use the material of this course to design, analyze, and critique secure computing designs.

Structure

This course meets in-person twice a week. Content is primarily delivered via lectures with integrated learning activities. The course will consist of a midterm, a final, and four mini-projects or a research project. Class discussion activities also contribute the the final grade. A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.

Student Learning Outcomes

By the end of this course, students will be able to:

  • Fundamentals: Specify a security model for a given computer system
  • Crypto: Explain and apply concepts related to applied cryptography, including plaintext, ciphertext, symmetric cryptography, asymmetric cryptography, digital signatures.
  • Authentication: Outline the requirements and mechanisms for identification and authentication of users and computer systems, including authentication protocols and key management. Identify the possible threats to each mechanism and ways to protect against these threats.
  • Network: Identify common network and application layer attacks and defense mechanisms.
  • Software: Explain and identify instances of common software vulnerabilities and mitigations.
  • System: Explain concepts related to access control and operating system security, including access control matrices, ACLs and capabilities, protection, reference monitors, least privilege, discretionary access control, mandatory access control.
  • Privacy: Identify and explain common privacy definitions, techniques, and systems that preserve or reduce privacy.
  • Research: Read and interpret bleeding-edge academic research papers on computer and network security and privacy, and describe how the results impact real systems and people.

Textbooks and Reading Material

Required Textbook and/or Software

Optional Materials

The following online books provide additional information.

Technology Requirements

Hardware

NC State’s Online and Distance Education provides technology requirements and recommendations for computer hardware.

Software

Minimum Computer and Digital Literacy Skills

This is an graduate-level course in computer science. Students are expected to have basic knowledge of the Unix command line. They should also be able to pick up a new programming language (e.g., Python) with relative ease.

Netiquette

Students should be aware that their behavior impacts other people, even online. I hope that we will all strive to develop a positive and supportive environment and will be courteous to fellow students and your instructor. Due to the nature of the online environment, there are some things to remember when taking an online course and engaging with others.

Tips for Success:

  • Do: Follow the same standards of behavior that you subscribe to offline. Keep in mind that all online communication is documented and therefore permanent.

  • Don’t: Flame others in discussion forums. Flaming is the act of responding in a highly critical, sarcastic, or ridiculing manner – especially if done on a personal level. Remember that these discussions are meant for constructive exchanges and learning!

  • Do: Ensure you are responding to forums by the due date, in order to leave time for peers to comment on your response.

  • Don’t: Go for long periods of time without communicating to your instructors or classmates. It is important to stay a part of the online community!

  • Do: Remember to read over your posts before selecting “Submit.”
  • Don’t: Use slang, poor grammar, and other informal language in discussion forums or email messages to instructors or classmates.

Grading

The course will consist of four mini-projects or a research project, a midterm, a final, and class discussion activities that contribute the the final grade in the following proportions:

  • 40% – Project (Research Project track or the Mini-Projects track)
  • 25% – Midterm Exam
  • 25% – Final Exam
  • 10% – Paper Discussion / Class Participation

The final letter grade will be based on the final percentage as follows:

A+ <= 97% < A <= 93% < A- <= 90% < B+ <= 87% < B <= 83% < B- <= 80% < C+ <= 77% < C <= 73% < C- <= 70% < D+ <= 67% < D <= 63% < D- <= 60% < F

REG 02.50.03 describes the grade point interpretation of letter grades.

Project: Students may choose either the Research Project track or the Mini-Projects track. The Research Project track will require the student to execute novel research in systems and network security or privacy. The result of the project will be a conference quality paper. The Mini-Projects track will provide a series of smaller projects that relate more directly to the course material. The projects require a range of programing as well as open-ended investigation.

Paper Discussion: The schedule includes a “discussion” paper for most lectures (indicated with “[DISC]”). To earn the “paper discussion” portion of the grade, students participate in the discussion for this paper. There will be two types of discussion: in-class and Moodle. By 11:59pm ET the night before each class, students are expected to post thoughts to Moodle. Regular section students are then expected to partipate in the discussion during the lecture. Students are encouraged to continue the online discussion after the lecture. Distance Education (DE) section students are not required to participate in the in-class discussion, but are expected to participate in pre and post lecture online discussion. Students may miss submitting discussion comments for up to two papers without loosing any points.

Course Schedule

See the course schedule. Note that the schedule is subject to change as the semester evolves.

The following are initial dates for exams and project due dates (subject to change):

  • Exams
    • Midterm: Thu Oct 13 (in class)
    • Final: Thu Dec 08 (8:30-11:00am)
  • Mini Project Track
    • Mini-Project 1: Tue Sep 20
    • Mini-Project 2: Thu Oct 20
    • Mini-Project 3: Fri Nov 11
    • Mini-Project 4: Thu Dec 01
  • Research Project Track
    • Milestone 1 (idea proposals): Fri Sep 16
    • Milestone 2 (related work): Fri Oct 07
    • Milestone 3 (research plan): Fri Oct 28
    • Milestone 4 (abstract/intro): Fri Nov 11
    • Milestone 5 (presentation): Thu Dec 01
    • Milestone 6 (final paper): Mon Dec 05

Course Policies

Late Assignments

Project deadlines will be hard. Late homework will be accepted within 24 hours with a 25% reduction in grade. Homeworks submitted after 24 hours will have a 100% penalty. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

Incomplete Grades

Extensions may be given for assignments due to exceptional circumstances. Assignments not completed by the end of the course will receive a grade of zero unless the student requests a Incomplete (IN) grade and a reasonable plan of completion is agreed upon with the instructor.

Attendance and Participation

The instructor will not take any formal attendance for class meetings. Participation will be assessed via the paper discussion in Moodle. Note: exam material includes anything in the readings, slides, and topics discussed in class. Students missing class should consult classmates on missed material.

The university policy on excused absences will be observed (see REG 02.20.03). The students are responsible for discussing makeup exams if they miss exams due to excused absence. The instructor will choose a mutually agreed date and time for the makeup exam. Late submission of homework assignments due to excused absences is not subject to the policies on late assignments.

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class. This is a very serious issue – violations may not just be immoral, they may violate federal laws.

When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.

Course-Specific Academic Integrity Policy

The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct. Students are also strongly encouraged to review the ACM Code of Ethics and Professional Conduct.

The instructor expects honesty in the completion of test and assignments. The instructor has a zero tolerance policy for violations of academic integrity. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign a negative grade and refer the student to the appropriate University bodies for possible further action. It is the understanding and expectation of instructor that the student’s signature on any test or assignment means that the student neither gave nor received unauthorized aid. For additional information, visit studentconduct.ncsu.edu.

Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.

University Policies

Academic Integrity and Honesty

Students are required to comply with the university policy on academic integrity found in the Code of Student Conduct. Therefore, students are required to uphold the university pledge of honor and exercise honesty in completing any assignment.

Please refer to the Academic Integrity web page for a detailed explanation of the University’s policies on academic integrity and some of the common understandings related to those policies.

Students may be required to disclose personally identifiable information to other students in the course, via electronic tools like email or web-postings, where relevant to the course. Examples include online discussions of class topics and posting of student coursework. All students are expected to respect the privacy of each other by not sharing or using such information outside the course.

Students are responsible for reviewing the NC State University PRR’s which pertains to their course rights and responsibilities:

Students with Disabilities

Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with the Disability Resource Office at Holmes Hall, Suite 304,Campus Box 7509, 919-515-7653 . For more information on NC State’s policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG02.20.01)

Trans-Inclusive Statement

In an effort to affirm and respect the identities of transgender students in the classroom and beyond, please contact me if you wish to be referred to using a name and/or pronouns other than what is listed in the student directory.

Basic Needs Security

Any student who faces challenges securing their food or housing or has other severe adverse experiences and believes this may affect their performance in the course is encouraged to notify the professor if you are comfortable in doing so. Alternatively, you can contact the Division of Academic and Student Affairs to learn more about the Pack Essentials program https://dasa.ncsu.edu/pack-essentials/

Course Evaluations

ClassEval is the end-of-semester survey for students to evaluate instruction of all university classes. The current survey is administered online and includes 12 closed-ended questions and 3 open-ended questions. Deans, department heads, and instructors may add a limited number of their own questions to these 15 common-core questions.

Each semester students’ responses are compiled into a ClassEval report for every instructor and class. Instructors use the evaluations to improve instruction and include them in their promotion and tenure dossiers, while department heads use them in annual reviews. The reports are included in instructors’ personnel files and are considered confidential.

Online class evaluations will be available for students to complete during the last two weeks of the semester for full semester courses and the last week of shorter sessions. Students will receive an email directing them to a website to complete class evaluations. These become unavailable at 8am on the first day of finals.

Syllabus Modification Statement

Our syllabus represents a flexible agreement. It outlines the topics we will cover and the order we will cover them in. Dates for assignments represent the earliest possible time they would be due. The pace of the class depends on student mastery and interests. Thus minor changes in the syllabus can occur if we need to slow down or speed up the pace of instruction.