Syllabus #

This is the course syllabus for the Fall 2024 offering of Computer & Network Security at the North Carolina State University.

1. Instructor Information #

1.1 Virtual Office hours #

The Zoom link for office hours is listed in Piazza.

Note: Since all office hours are virtual, students in both the regular and DE section may attend any office hours. Additional office hours will be created for DE students if the demand for office hours warrants it.

1.2 Preferred Method of Communication #

Announcements and online class discussion will occur via Piazza. Important announcements may also be sent via the class Google Groups mailing list. General class questions should be conducted via the class Piazza. This will help other students who who have the same question. The discussion forum should only be used for non-sensitive information.

Students may also email the Instructor and TAs. When emailing, use [CSC 574] in the subject. Email the TAs and CC the instructor if a) you have a homework grading issue, or b) you need to ask a question that would reveal a partial/complete solution to a homework problem. Email the instructor or meet during office hours if a) you have an exam grading issue, or b) you have a personal issue that you don’t want to share with the TA.

1.3 Response Time #

Instructors and TAs will do their best to respond to emails within 24 hours.

2. Course Information #

2.1 Catalog Description #

Fundamentals of computer security and privacy, including security models, policies, and mechanisms. Cryptography for secure systems, including symmetric and asymmetric ciphers, hash functions, and integrity mechanisms. Authentication of users and computers. Network attacks and defenses at the network and application layers. Common software vulnerabilities and mitigation strategies. Secure operating systems and seminal access control models and policies. Principles of intrusion detection. Privacy, including considerations of end-user technologies.

2.1 Course Objectives / Goals #

The goal of CSC/ECE 574 is to provide students with a foundation of computer security fundamentals. It is the first of a set of courses security PhD students and MS students who pursue the MS Track in Security will take, and it serves as an introduction to material that will be covered in later security electives in cryptography, network security, software security, systems security, and privacy. It is also suitable as a single elective for MS students and PhD students who wish to enrich their education with an expanded base of computer security experience. After graduation, students can use the material of this course to design, analyze, and critique secure computing designs.

2.3 Course Structure #

This course has two types of sections: in-person and distance education (DE). The majority of the in-person sections are synchronous, delivered through real-time, face-to-face class sessions. The DE sections are asynchronous with content made available via Panopto. Additional materials and activities for both section types are delivered through the Course Website.

Content is primarily delivered via lectures with integrated learning activities. The course will consist of a midterm, a final, and four mini-projects or a research project. Class discussion activities on the course discussion board also contribute the final grade.

A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.

2.4 Meeting Time and Tool Used #

This course meets in-person twice a week. Recordings will be provided via Panopto.

2.5 Prerequisites #

Formal: (CSC 316 or ECE 309) and (CSC 401 or ECE 407) or equivalent

Informal: You need to understand (1) IP networks, (2) modern operating systems (e.g., Windows, Linux), (3) discrete mathematics, (4) basics of systems theory and implementation (e.g., file systems, distributed systems, networking, operating systems, etc.). If you do not have a basic understanding of these areas, you will have difficulty with the course. If you have questions regarding these prerequisites, please contact the instructor.

2.6 Minimum Computer and Digitial Literacy Skills #

This is a graduate-level course in computer science. Students are expected to have basic knowledge of the Unix command line. They should also be able to pick up a new programming language (e.g., Python) with relative ease.

3. Learning Outcomes #

Upon completion of this course, students will be able to:

• Fundamentals: Specify a security model for a given computer system
• Crypto: Explain and apply concepts related to applied cryptography, including plaintext, ciphertext, symmetric cryptography, asymmetric cryptography, digital signatures.
• Authentication: Outline the requirements and mechanisms for identification and authentication of users and computer systems, including authentication protocols and key management. Identify the possible threats to each mechanism and ways to protect against these threats.
• Network: Identify common network and application layer attacks and defense mechanisms.
• Software: Explain and identify instances of common software vulnerabilities and mitigations.
• System: Explain concepts related to access control and operating system security, including access control matrices, ACLs and capabilities, protection, reference monitors, least privilege, discretionary access control, mandatory access control.
• Privacy: Identify and explain common privacy definitions, techniques, and systems that preserve or reduce privacy.
• Research: Read and interpret bleeding-edge academic research papers on computer and network security and privacy, and describe how the results impact real systems and people.

4. Course Materials #

The course does not strictly follow a textbook and one is not required. However, background reading from the following textbook is strongly encouraged.

• Paul C. Van Oorschot. Computer Security and the Internet: Tools and Jewels. Springer. 2020. Note: Author’s self-archived version is freely available.

Books that might provide some useful additional information and insights:

• Network Security: Private Communication in a Public World by Kaufman, Perlman, Speciner, and Perlman. 3rd Edition only. ISBN: 978-0136643609.
• Ross Anderson. Security Engineering, 2nd Edition. Wiley. April 2008.
• Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press. October 1996.

Research Papers: Many lectures include research papers for discussion. You should never need to pay to download an article from the reading (e.g., from the ACM Digital Library). If you are on campus, you won’t be prompted to purchase articles. If you are off campus, you can go through the University Library. Alternatively, you can use the library’s EZproxy.

You can define a Chrome bookmark in your bookmark bar to automatically redirect the current page through the EZProxy.

1

javascript:void(location.href='https://proxying.lib.ncsu.edu/index.php?url='+location.href)

5. Technology Requirements #

5.1 Computer #

Linux desktop or laptop is recommended for students taking this course. If this is not available, the ability to run a Linux Virtual Machine (VM) is required. Note that M-series Apple laptops may require special effort to make a Linux VM operate correctly.

NC State’s Online and Distance Education provides technology requirements and recommendations for computer hardware.

5.2 Software and digtially-hosted course components #

• Moodle and Wolfware
  • Moodle Accessibility Statement
  • Moodle Privacy Policy
  • NC State Privacy Policy
• Zoom
  • Zoom Accessibility Statement
  • Zoom Privacy Policy
• Panopto
  • Accessibility Features
  • Privacy Policy

• Piazza
  • Piazza Accessibility Statement - Please use https://piazza.com/lite with assistive technology
  • Piazza Privacy Policy

6. Other Student Expenses #

None.

7. Communication Guidelines #

7.1 Respecting our learning community #

The NC State Code of Student Conduct outlines expectations for behavior in the classroom (whether virtual or physical) and the consequences for students who violate these expectations. Any behavior that impacts other students’ ability to learn and succeed will be addressed, but expressing diverse viewpoints and interpretations of course content is welcome.

Community guidelines for this course include:

• Use a respectful tone in all forms of communication (email, written, oral, visual)
• Maintain professionalism (avoid slang, poor grammar, etc.) in your written communication.
• Respect regional dialects and culturally embedded ways of oral communication.
• Stay home or in your dorm room if you are exhibiting symptoms of a contagious illness (fever, chills, etc.).
• Enter our virtual and/or physical classroom community respectfully by refraining from lewd or indecent speech or behavior, helping to maintain a safe physical environment, not using your cell phone for voice or text communication except when explicitly given leave to do so, and not attending class under the influence of any substance.
• Treat each community member with respect by not recording others without their consent or engaging in any form of hazing, harassment, intimidation, or abuse.
• Respect cultural differences that may influence communication styles and needs.

7.2 Plan for interaction between instructors and students #

Announcements will be made via Piazza and the course Google Groups mailing list. Feedback on exams and assignments will be provided via GradeScope, where students will be able to submit regrade requests. Solutions to midterm questions will be discussed during a lecture period after the exams are graded.

7.3 Expectations for learner participation and interaction. #

Students in in-person sections are expected to attend lecture and participate in class discussion and learning activities. Students in DE sections are expected to perform learning activities while watching lecture recordings.

Students in both in-person and DE sections are expected to participate in the forum discussion on Piazza. Due to the asynchronous nature of the DE section, all students will be given an appropriate grace period for forum discussion.

8. Grading and Feedback #

8.1 Grading criteria, details, and timing of feedback #

The course will consist of four mini-projects or a research project, a midterm, a final, and online discussion activities that contribute the final grade in the following proportions:

Projects: Students may choose either the Research Project track or the Mini-Projects track (Decision due at the first research project milestone: Fri, Sep 6 - 11:59pm ).

• The Research Project will require the student to execute novel research in systems and network security or privacy. The result of the project will be a conference quality paper.
• The Mini-Projects will provide a series of smaller projects that relate more directly to the course material. The projects require a range of programming as well as open-ended investigation.

Paper Discussion: The schedule includes a “discussion” section for most lectures (indicated with “Discussion:”). To earn the “paper discussion” portion of the grade, students participate in the discussion for this material.

• Students are encouraged to post their initial thoughts and questions to the course discussion forum before each class. Students are also encouraged to continue the online discussion after class with added insights.
• Distance Education (DE) section students are not required to participate in the in-class discussion, but are expected to participate in pre and post lecture online discussion.
• Students may miss submitting discussion comments for up to two papers without loosing any points.
• Submission Deadline: Initial submissions to the discussion forum are due by 11:59pm ET the night before the associated lecture. The discussion forum for a given paper will close two weeks after the associated lecture.
• Unannounced Quizzes: If overall class attendance is consistently low, the instructor reserves the right to give unannounced quizzes based on the papers. Students reading papers at even a high-level should do well on the quizzes. Students in DE sections are excused from all such quizzes.

Timing of Feedback: Due to the large class size, it may take 2-3 weeks to grade mini-projects. The midterm typically takes 1-2 weeks to grade.

8.2 Grading Scale #

The final letter grade will be based on the final percentage as outlined in the table below. REG 02.50.03 describes the grade point interpretation of letter grades.

Incomplete Grades: Extensions may be given for assignments due to exceptional circumstances. Assignments not completed by the end of the course will receive a grade of zero unless the student requests an Incomplete (IN) grade and a reasonable plan of completion is agreed upon with the instructor.

8.3 Requirements for earning a grade of “Satisfactory” #

If you are taking this course for credit only (S/U), your grade will be reported as S (Satisfactory) when coursework is equivalent to a C- or better or U (Unsatisfactory) when coursework is equivalent to less than a C-. For more information, see the Credit Only Courses regulation..

9. Course Schedule #

See course schedule for a detailed listing of topics and dates. Note that the schedule is subject to change as the semester evolves.

The following are initial dates for exams and project due dates (subject to change):

• Exams
  • Midterm exam: Wed, Oct 9 - 11:45am Midterm
  • Final exam: Mon, Dec 9 - 12:00pm Final
• Intro Assignment: Fri, Aug 30 - 11:59pm Intro
• Mini Projects
  • Mini-Project 1: Fri, Sep 13 - 11:59pm MP1
  • Mini-Project 2: Fri, Oct 4 - 11:59pm MP2
  • Mini-Project 3: Fri, Nov 8 - 11:59pm MP3
  • Mini-Project 4: Tue, Dec 3 - 11:59pm MP4
• Research Project
  • Milestone 1 (Idea Proposals): Fri, Sep 6 - 11:59pm RM1
  • Milestone 2 (Related Work): Fri, Sep 27 - 11:59pm RM2
  • Milestone 3 (Research Plan): Fri, Oct 18 - 11:59pm RM3
  • Milestone 4 (Abstract / Intro): Fri, Nov 8 - 11:59pm RM4
  • Milestone 5 (Presentation): Mon, Dec 2 - 11:45am RM5
  • Milestone 6 (Final Paper): Tue, Dec 3 - 11:59pm RM6

10. Course Policies #

10.1 Proctored Exams #

The course includes a midterm and a final exam. Exams will be taken in-person. Students in DE sections must arrange exam proctoring with Engineering Online.

Students will be allowed one sheet of 8.5-inch x 11-inch (letter paper) handwritten notes for the midterm. Two sheets will be allowed for the final, with the expectation that the sheet used for the midterm will be one of the two sheets. Students will be allowed a calculator. The calculator must not have the ability to connect to the Internet.

10.2 Late Assignments #

Out of class assignments may be submitted up to 48 hours after the deadline without penalty. After 48 hours, each additional 24 hour period will result in a final score reduction of 25%. Students with legitimate reasons (university excused absence, illness, major research deadline) may request an additional extension from the instructor before the original deadline.

10.3 Incomplete Grades, Withdrawals #

Information on incomplete grades can be found at REG 02.50.03 – Grades and Grade Point Average. If you encounter a serious disruption to your work not caused by you and you would have otherwise successfully completed the course, contact your instructor as soon as you can to discuss the possibility of earning an incomplete in the course for the semester, including an agreement on when the remaining work must be done in order to change the grade to the appropriate letter grade.

If you must withdraw from a course or from the University due to hardship beyond their control, see Withdrawal Process and Timeline | Student Services Center for information and instructions.

10.4 Attendance #

Students in in-person sections are expected to attend lecture. The instructor will not take any formal attendance for class meetings. If overall class attendance is low, the instructure reserves the right to give unannounced quizzes based on paper discussion material. Students in DE sections are execused from such quizzes. Note: exam material includes anything in the readings, slides, and topics discussed in class. Students missing class should consult the recordings or classmates on missed material.

The university policy on excused absences will be observed (see REG 02.20.03). The students are responsible for discussing makeup exams if they miss exams due to excused absence. The instructor will choose a mutually agreed date and time for the makeup exam. Late submission of homework assignments due to excused absences is not subject to the policies on late assignments.

10.5 Ethics in Security Statement #

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services.

Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class. This is a very serious issue – violations may not just be immoral, they may violate federal laws.

When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.

10.6 Course-Specific Academic Integrity Policy #

You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct. Students are also strongly encouraged to review the ACM Code of Ethics and Professional Conduct. For additional information, visit studentconduct.ncsu.edu.

• Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or project. Also, students are forbidden from collaborating on any assignment except were explicitly allowed in writing by the instructor.
• Content generated by an Artificial Intelligence third-party service or site (AI-generated content) without proper attribution or authorization is considered a form of plagiarism. Use an AI text generator only if the assignment explicitly calls for it or allows it, and follow specific assignment guidelines to disclose which text or code comes from the AI.
• Students are welcome and encouraged to discuss project activities (unless otherwise directed by the assignment). However, this discussion should be at a high-level and code or text should not be shared.
• Exam content (questions OR answers) may not be discussed with other students.
• Students are explicitly forbidden from copying the work of others (with or without superficial modification). This includes Internet or text sources for code or prose. One exception is snippets of code (up to 5 lines) from reference sources (like man pages or library documentation). Snippets copied from references should be cited with a code comment.

Use of AI Tools: This course recognizes the potential of artificial intelligence (AI) tools, such as chatbots, text generators, paraphrasers, summarizers, or solvers, to enhance your learning and creativity. You are welcome to use AI tools as supplementary resources to assist you with your assignments, as long as you do so in an ethical and responsible manner. We may also integrate AI Tools into some of our assignments. This means that you must:

• Use AI tools only for tasks that are appropriate for your level of learning and understanding. Do not use AI tools to replace your own thinking or analysis, or to avoid engaging with the course content.
• Cite any AI tools you use properly, following the citation style specified by the instructor. If no citation style is specified, provide the name of the AI tool, the date of access, the URL of the interface, and the specific prompt or query you used to generate the output. For example:

Bing. Prompt: “Recent high quality instructional materials for teaching algebra to college students.”
Accessed August 1, 2023. https://www.bing.com/chat.

• Provide evidence of how you used the AI tool and how it contributed to your assignment. Explain what you learned from the AI tool, how you verified its accuracy and reliability, how you integrated its output with your own work, and how you acknowledged its limitations and biases.
• Take full responsibility for any mistakes or errors made by the AI tool. Do not rely on the AI tool to produce flawless or correct results. Always check and edit the output before submitting your work. If you discover any inaccuracies or inconsistencies in the output after submission, notify the instructor immediately and correct them as soon as possible.
• If you are working on a group assignment, disuss the use of AI tools with your group members and agree to how you plan to use them and how you will be transparent with the instructor regarding their use.
• Using AI tools in an unethical or irresponsible manner, such as copying or paraphrasing the output without citation or evidence, using the output as your own work without verification or integration, or using the output to misrepresent your knowledge or skills, is considered a form of academic dishonesty and will result in a zero grade for the assignment and possible disciplinary action. If you have any questions about what constitutes ethical and responsible use of AI tools, please consult with the instructor before submitting your work.

Violations: The instructor expects honesty in the completion of test and assignments. For everyone’s sake, the instructor has a zero tolerance policy for violations of academic integrity, which include but are not limited to plagiarism and unapproved collaboration. The instructor may use automated techniques, including services like TurnItIn, on student submissions.

In case of an incident, university, college, and department policies against academic dishonesty will be strictly enforced. The penalties for academic misconduct will include assigning at least a negative grade and referring the student to the appropriate University bodies for possible further action.

If a student is in doubt about the conduct of themselves or others, the instructor welcomes questions about this policy. In this case, it is far better to ask permission, as there will not be forgiveness of academic misconduct. It is the understanding and expectation of instructor that the student’s signature on any test or assignment means that the student neither gave nor received unauthorized aid.

11. University Policies #

11.1 Academic Integrity and Honesty #

Students are required to comply with the university policy on academic integrity found in the Code of Student Conduct 11.35.01 sections 8 and 9. Therefore, students are required to uphold the Pack Pledge: “I have neither given nor received unauthorized aid on this test or assignment.” Violations of academic integrity will be handled in accordance with the Student Discipline Procedures.

Please refer to the Academic Integrity web page for a detailed explanation of the University’s policies on academic integrity and some of the common understandings related to those policies.

11.2 Student Privacy #

11.2.1 Originality Checking Software #

The instructor may use automated techniques, including services like TurnItIn, on student submissions.

11.2.2 Class Recording Statement #

In-class sessions are recorded in such a way that might also record students in this course. These recordings MAY be used beyond the current semester or in any other setting outside of the course. Contact your instructor if you have concerns.

11.2.3 Class Privacy Statement #

This course requires online exchanges among students and the instructor, but NOT with persons outside the course. Students may be required to disclose personally identifiable information to other students in the course, via electronic tools like email or web postings, where relevant to the course. Examples include online discussions of class topics and posting of student coursework. All students are expected to respect the privacy of each other by not sharing or using such information outside the course.

11.3 Other Policies #

Students are responsible for reviewing the NC State University PRR’s which pertains to their course rights and responsibilities:

• Equal Opportunity and Non-Discrimination Policy Statement (POL04.25.05) and additional references
• Code of Student Conduct (POL11.35.01)
• Grades and Grade Point Average (REG02.50.03)
• Credit-Only Courses (REG02.20.15)
• Audits (REG02.20.04)

12. Student Resources #

Academic and Student Affairs maintains a website with links for student support on campus, including academic support, community support, health and wellness, financial hardship or insecurity, and more. Find Help on Campus.

12.1 Disability Resources #

Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with the Disability Resource Office (DRO). For more information on NC State’s policy on working with students with disabilities, please see the Policies, Rules and Regulations page maintained by the DRO and REG 02.20.01 Academic Accommodations for Students with Disabilities.

12.2 Safe at NC State #

At NC State, we take the health and safety of students, faculty and staff seriously. The Office for Institutional Equity and Diversity supports the university community by providing services and resources to support and guide individuals in obtaining the help they need. See the Safe at NC State webpage for resources.

12.3 Supporting Fellow Students in Distress #

As members of the NC State Wolfpack community, we each share a personal responsibility to express concern for one another and to ensure that this classroom and the campus as a whole remain a healthy and safe environment for learning. Occasionally, you may come across a fellow classmate whose personal behavior concerns or worries you, either for the classmate’s well-being or yours. If you feel this way, I would encourage you to report this behavior to the NC State CARES website. Although you can report anonymously, it is preferred that you share your contact information so they can follow up with you personally.

13. Course Evaluations #

ClassEval is the end-of-semester survey for students to evaluate the instruction of all university classes. The current survey is administered online and includes 12 closed-ended questions and 3 open-ended questions. Deans, department heads, and instructors may add a limited number of their own questions to these 15 common-core questions.

Each semester students’ responses are compiled into a ClassEval report for every instructor and class. Instructors use the evaluations to improve instruction and include them in their promotion and tenure dossiers, while department heads use them in annual reviews. The reports are included in instructors’ personnel files and are considered confidential.

Online class evaluations will be available for students to complete during the last two weeks of the semester for full-semester courses and the last week of shorter sessions. Students will receive an email directing them to a website to complete class evaluations. These become unavailable at 8 am on the first day of finals.

• Contact ClassEval Help Desk: classeval@ncsu.edu
• ClassEval website
• More information about ClassEval

14. Syllabus Modification Statement #

Our syllabus represents a flexible agreement. It outlines the topics we will cover and the order in which we will cover them. Dates for assignments represent the earliest possible time they would be due. The pace of the class depends on student mastery and interests. Thus minor changes in the syllabus can occur if we need to slow down or speed up the pace of instruction.