- Time/Location
- Tuesday/Thursday 12:00pm - 1:20pm (Online)
- Instructor
- Amir Masoumzadeh (amasoumzadeh@albany.edu)
- Office Hours: Friday 10am–12pm, or by appointment (Online)
- Teaching Assistant
- Ayse Arslan (aarslan@albany.edu)
- Office Hours: By appointment (Online)
Course Overview
This course introduces students to the fundamental and technical problems surrounding computer security. The course reviews basic security concepts, design principles, and mechanisms. Throughout the course and based on hands-on exercises, students will develop an in-depth understanding of several vulnerabilities and corresponding countermeasures in system security, web security, and network security areas. Topics include privilege escalation, buffer overflow, race condition, SQL injection, cross-site scripting, packet spoofing, TCP attacks, and firewalls.
Learning Goals for Students
Students who successfully complete this course will be able to
- understand the threats and countermeasure techniques at network and system levels
- analyze and inspect security and privacy requirements for systems
- apply basic cryptographic and network security techniques to achieve basic security goals of a system
- employ mechanisms and technologies to design and build secure systems
Prerequisites
CSI 333 or ECE 233 (formerly ECE 333).
Additional Notes: You are expected to have a good understanding of operating systems and systems programming. You need to be familiar with Linux command line interface and be able to code in C. Also, general knowledge of discrete math and networking can be helpful.
Textbook
Required Textbook: Wenliang Du, “Computer & Internet Security: A Hands-on Approach (2nd Edition),” ISBN-13: 978-1733003933, 2019.
Communication and Submissions
The course syllabus and schedule is available on the course webpage. Most of the tasks in this class will be handled via course GitHub organization including the distribution of notes and homework assignments, assignment submission, and feedback. You will be invited to join the organization in the first week of classes. We will also use Blackboard for communication and for your grades.
- Lectures
- will be delivered online at the scheduled class time via Zoom. Instructions to connect to the class Zoom meeting will be available on Blackboard. Lectures will be also recorded and posted (only accessible to class).
- Lecture Slides/Notes
- will be posted in the lectures repository in the course GitHub organization.
- Assignment Questions/Submission/Feedback
- will be handled via the course GitHub organization. If you have general questions about an assignment, you should post it as an issue in the repository corresponding to the assignment. If you have a question about your current solution and want us to take a look, you should create an issue in your individual assignment repository instead. Include a screenshot of your runtime environment as well as references to places in your code that you want us to check. Your assignments will be automatically collected from your GitHub repositories at the time of the deadline. This helps you keep working and improving your submissions up until the deadline. Just make sure that you continuously keep your GitHub repository synced with your local version.
- Announcements/Grades
- will be posted on Blackboard.
- Exams
- will be delivered and submitted via Blackboard.
Assessment and Grading
You will be assessed based on the following categories:
- Homework/Lab Assignments
- There will be about 11 take-home lab assignments (the lowest grade will be dropped).
- Exams
- There will be two exams taken during regular class sessions.
- Final Project
- A final project is required for students taking CSI 524 and optional for students taking CSI 424. The requirements for the final project will be described in the corresponding GitHub repository.
- Final Numerical Grade
- It will be a weighted combination depending on which section of the class you are taking:
Course | Labs | Project | Exam 1 | Exam 2 |
---|---|---|---|---|
CSI 424 | 50% | Optional (+10%) | 25% | 25% |
CSI 524 | 30% | 20% | 25% | 25% |
The course is A-E graded. Conversion from the final numerical grade to the letter grade is based on cutoffs determined according to the grade distribution in the class. This results in more flexible and favorable grades compared to using a fixed conversion scale.
Schedule
The following schedule is tentative and will be regularly updated. It is your responsibility to check the schedule regularly.
Date | Topic/Reading | Assignment |
---|---|---|
Module 1: Introduction | ||
Aug25 | Course Overview, Setup | lab00 due Aug31 |
Aug27 | Basic Security Concepts | |
Sep01 |
Security Policies
|
|
Sep03 | Security Policies (cont.) | |
Sep08 |
Cryptography Basics
|
|
Module 2: Software Security | ||
Sep10 |
SET-UID Programs
|
lab01 due Sep18 |
Sep15 |
SET-UID Programs (cont.), Environment Variables & Attacks
|
|
Sep17 |
Environment Variables & Attacks
|
|
Sep22 | Buffer Overflow Attack | lab02 due Sep30 |
Sep24 |
Buffer Overflow Attack (cont.)
|
lab03 due Oct02 |
Sep29 |
Return-to-libc Attack
|
|
Oct01 |
Race Condition Vulnerability
|
lab04 due Oct15 |
Oct06 |
Reverse Shell Attack
|
|
Oct08 | Exam 1 (Modules 1 & 2) | |
Module 3: Web Security | ||
Oct13 | Web Systems & Policies | |
Oct15 |
Cross Site Request Forgery Attack
|
lab05 due Oct23 |
Oct20 |
Cross Site Scripting Attack
|
lab06 due Oct26 |
Oct22 |
SQL Injection Attack
|
lab07 due Oct30 |
Oct27 | SQL Injection Attack (cont.), and review | |
Module 4: Network Security | ||
Oct29 |
Packet Sniffing and Spoofing
|
lab08 due Nov09 |
Nov03 | Packet Sniffing and Spoofing (cont.) | |
Nov05 |
Attacks on TCP Protocol
|
lab09 due Nov13 |
Nov10 |
Attacks on TCP Protocol (cont.), Firewalls
|
lab10 due Nov20 |
Nov12 |
Domain Name System (DNS) and Attacks
|
|
Nov17 | Domain Name System (DNS) and Attacks (cont.); Review | lab11 due Nov23 |
Module 5: Misc. Topics | ||
Nov19 | Exam 2 (Modules 3 & 4) | |
Nov24 | Project Presentations |
Policies
- No Late Submission
- Assignments will be released about a week before their due date. You are highly recommended to study an assignment as soon as it becomes available. There will be ample opportunities to benefit from office hours and communication with me and the TA before the due date. Assignments are due 11:59pm on the day specified in the homework. Submissions after due time will receive no points.
- Review of Grades
- Any issue regarding your grade in a specific assignment must be communicated to us no later than 5 business days after the posting day of the grades. There will be no re-grading after the 5-day period has passed.
- Academic Integrity
- It is every student’s responsibility to become familiar with the standards of academic integrity at the University. Claims of ignorance, of unintentional error, or of academic or personal pressures are not sufficient reasons for violations of academic integrity. Any incident of academic dishonesty can result in (i) no credit for the affected assignment, (ii) report to the appropriate University authorities (e.g., Dean of Undergraduate Education or Graduate Studies), and/or (iii) a failing grade for the course.
For all assignments and papers, you must submit your own work, except where collaboration is explicitly permitted or required. Also, you must properly cite any resources from which you borrow ideas and clearly distinguish them from your contributions.
- Use of Electronic Devices
- Computers or other electronic devices may be only used during class for note-taking, in-class exercises, or other class-related activities. You are not allowed to perform any unrelated tasks during class.
- Students with Disabilities
- Reasonable accommodation will be provided for students with documented disabilities. If you believe you have a disability requiring accommodation in this class, please notify the Disability Resource Center (Campus Center 130, 518-442-5490). That office will provide me with verification of your disability, and will recommend appropriate accommodations. In general, it is your responsibility to contact me at least one week before the relevant activity to make arrangements.