Tuesday/Thursday 12:00pm - 1:20pm (Online)
Amir Masoumzadeh (amasoumzadeh@albany.edu)
  • Office Hours: Friday 10am–12pm, or by appointment (Online)
Teaching Assistant
Ayse Arslan (aarslan@albany.edu)
  • Office Hours: By appointment (Online)

Course Overview

This course introduces students to the fundamental and technical problems surrounding computer security. The course reviews basic security concepts, design principles, and mechanisms. Throughout the course and based on hands-on exercises, students will develop an in-depth understanding of several vulnerabilities and corresponding countermeasures in system security, web security, and network security areas. Topics include privilege escalation, buffer overflow, race condition, SQL injection, cross-site scripting, packet spoofing, TCP attacks, and firewalls.

Learning Goals for Students

Students who successfully complete this course will be able to


CSI 333 or ECE 233 (formerly ECE 333).

Additional Notes: You are expected to have a good understanding of operating systems and systems programming. You need to be familiar with Linux command line interface and be able to code in C. Also, general knowledge of discrete math and networking can be helpful.


Required Textbook: Wenliang Du, “Computer & Internet Security: A Hands-on Approach (2nd Edition),” ISBN-13: 978-1733003933, 2019.

Communication and Submissions

The course syllabus and schedule is available on the course webpage. Most of the tasks in this class will be handled via course GitHub organization including the distribution of notes and homework assignments, assignment submission, and feedback. You will be invited to join the organization in the first week of classes. We will also use Blackboard for communication and for your grades.

will be delivered online at the scheduled class time via Zoom. Instructions to connect to the class Zoom meeting will be available on Blackboard. Lectures will be also recorded and posted (only accessible to class).
Lecture Slides/Notes
will be posted in the lectures repository in the course GitHub organization.
Assignment Questions/Submission/Feedback
will be handled via the course GitHub organization. If you have general questions about an assignment, you should post it as an issue in the repository corresponding to the assignment. If you have a question about your current solution and want us to take a look, you should create an issue in your individual assignment repository instead. Include a screenshot of your runtime environment as well as references to places in your code that you want us to check. Your assignments will be automatically collected from your GitHub repositories at the time of the deadline. This helps you keep working and improving your submissions up until the deadline. Just make sure that you continuously keep your GitHub repository synced with your local version.
will be posted on Blackboard.
will be delivered and submitted via Blackboard.

Assessment and Grading

You will be assessed based on the following categories:

Homework/Lab Assignments
There will be about 11 take-home lab assignments (the lowest grade will be dropped).
There will be two exams taken during regular class sessions.
Final Project
A final project is required for students taking CSI 524 and optional for students taking CSI 424. The requirements for the final project will be described in the corresponding GitHub repository.
Final Numerical Grade
It will be a weighted combination depending on which section of the class you are taking:
Course Labs Project Exam 1 Exam 2
CSI 424 50% Optional (+10%) 25% 25%
CSI 524 30% 20% 25% 25%

The course is A-E graded. Conversion from the final numerical grade to the letter grade is based on cutoffs determined according to the grade distribution in the class. This results in more flexible and favorable grades compared to using a fixed conversion scale.


The following schedule is tentative and will be regularly updated. It is your responsibility to check the schedule regularly.

Date Topic/Reading Assignment
Module 1: Introduction
Aug25 Course Overview, Setup lab00 due Aug31
Aug27 Basic Security Concepts
Sep01 Security Policies
Sep03 Security Policies (cont.)
Sep08 Cryptography Basics
  • Textbook: Chapters 21.1-21.3, 23.1-23.3
Module 2: Software Security
Sep10 SET-UID Programs lab01 due Sep18
Sep15 SET-UID Programs (cont.), Environment Variables & Attacks
Sep17 Environment Variables & Attacks
Sep22 Buffer Overflow Attack lab02 due Sep30
Sep24 Buffer Overflow Attack (cont.) lab03 due Oct02
Sep29 Return-to-libc Attack
Oct01 Race Condition Vulnerability lab04 due Oct15
Oct06 Reverse Shell Attack
Oct08 Exam 1 (Modules 1 & 2)
Module 3: Web Security
Oct13 Web Systems & Policies
Oct15 Cross Site Request Forgery Attack lab05 due Oct23
Oct20 Cross Site Scripting Attack lab06 due Oct26
Oct22 SQL Injection Attack lab07 due Oct30
Oct27 SQL Injection Attack (cont.), and review
Module 4: Network Security
Oct29 Packet Sniffing and Spoofing lab08 due Nov09
Nov03 Packet Sniffing and Spoofing (cont.)
Nov05 Attacks on TCP Protocol lab09 due Nov13
Nov10 Attacks on TCP Protocol (cont.), Firewalls lab10 due Nov20
Nov12 Domain Name System (DNS) and Attacks
Nov17 Domain Name System (DNS) and Attacks (cont.); Review lab11 due Nov23
Module 5: Misc. Topics
Nov19 Exam 2 (Modules 3 & 4)
Nov24 Project Presentations


No Late Submission
Assignments will be released about a week before their due date. You are highly recommended to study an assignment as soon as it becomes available. There will be ample opportunities to benefit from office hours and communication with me and the TA before the due date. Assignments are due 11:59pm on the day specified in the homework. Submissions after due time will receive no points.
Review of Grades
Any issue regarding your grade in a specific assignment must be communicated to us no later than 5 business days after the posting day of the grades. There will be no re-grading after the 5-day period has passed.
Academic Integrity
It is every student’s responsibility to become familiar with the standards of academic integrity at the University. Claims of ignorance, of unintentional error, or of academic or personal pressures are not sufficient reasons for violations of academic integrity. Any incident of academic dishonesty can result in (i) no credit for the affected assignment, (ii) report to the appropriate University authorities (e.g., Dean of Undergraduate Education or Graduate Studies), and/or (iii) a failing grade for the course.

For all assignments and papers, you must submit your own work, except where collaboration is explicitly permitted or required. Also, you must properly cite any resources from which you borrow ideas and clearly distinguish them from your contributions.

Use of Electronic Devices
Computers or other electronic devices may be only used during class for note-taking, in-class exercises, or other class-related activities. You are not allowed to perform any unrelated tasks during class.
Students with Disabilities
Reasonable accommodation will be provided for students with documented disabilities. If you believe you have a disability requiring accommodation in this class, please notify the Disability Resource Center (Campus Center 130, 518-442-5490). That office will provide me with verification of your disability, and will recommend appropriate accommodations. In general, it is your responsibility to contact me at least one week before the relevant activity to make arrangements.