CSI 424/524: Information Security (Fall 2018)

Friday 2:45pm–5:35pm (ED 125)
Amir Masoumzadeh (amasoumzadeh@albany.edu)
  • Office Hours: Tuesday 3pm–5pm (UAB 422), or by appointment
Teaching Assistant
Muralidhar Gopinath (mgopinath@albany.edu)
  • Ask questions on GitHub
  • Email for appointments

Course Overview

This course covers fundamental issues surrounding computer security. You will learn about security policies, models, and mechanisms. You will also learn about details of several system and web attacks by implementing them yourselves.

Learning Goals for Students

Students who successfully complete this course will be able to


The prerequisite course for CSI 424 is CSI/CEN 400 or CSI 402. The prerequisite course for CSI 524 is CSI 500.

You are expected to have a good understanding of operating systems and systems programming. You need to be familiar with Linux command line interface and be able to code in C. Also, general knowledge of discrete math and networking can be helpful.


Required Textbook: Wenliang Du, “Computer Security: A Hands-on Approach,” ISBN: 978-1548367947, 2017.

We also rely on multiple other references (book chapters, articles, and tutorials) which are available publicly or via the University’s network.

You are required to read each session’s readings listed on the schedule before attending the class.

Communications and Submissions

The course syllabus and schedule is available on the course webpage. Most of the tasks in this class will be handled via GitHub including distribution of notes and homework assignments, assignment submission, and feedback. We will also use Blackboard for announcements and your grades.

Assessment and Grading

Lab Assignments
These will be 11 take-home lab assignments (the lowest grade will be dropped).
In-Class Activities and Performance
A major component of your participation in the course will be involvement in class activities and discussions (both individually and in teams.) There will be also occasional quizzes on materials covered in the previous class session.
There will be a midterm and a final exam. Final exam is cumulative.
Final Grade
It will be a weighted combination depending on which section of the class you are taking:
Course Labs Project In-Class Midterm Exam Final Exam
CSI 424 45% Optional (+5%) 5% 15% 35%
CSI 524 30% 15% 5% 15% 35%


The following schedule is tentative and will be regularly updated. It is your responsibility to check the schedule regularly.

means required reading. means optional reading.

  Date   Topic/Reading Assignment Due
Module #1: Introduction
Aug 31 - Course Overview - Basic Security Concepts - Access Control
Module #2: Software/System Security
Sep 07 SET-UID Programs lab00 (setup)
Sep 14 Environment Variables & Attacks
Sep 21 Buffer Overflow Attack lab01 (setuid)
Sep 28 Return-to-libc Attack lab02 (buffer-overflow)
Oct 05 Race Condition Vulnerability lab03 (return-to-libc)
Oct 12 Shellshock Attack lab04 (race)
Module #3: Web Security
Oct 19 - Midterm exam - Cross Site Request Forgery Attack lab05 (shellshock)
Oct 26 Cross Site Scripting Attack lab06 (csrf)
Nov 02 SQL Injection Attack lab07 (xss)
Module #4: Network Security
Nov 09 Packet Sniffing and Spoofing lab08 (sqli)
Nov 16 Attacks on TCP Protocol lab09 (sniff)
Nov 23 Thanksgiving Break (No Class)
Nov 30 Firewalls lab10 (tcp)
Module #5: Misc./Advanced Topics
Dec 07 Information Privacy lab11 (firewall)
Dec 14 Final Exam (5:45pm-7:45pm in same classroom)


Assignments are due at 2pm before the class. Submissions after due time will receive no points. But your lowest assignment grade will be dropped from calculation. This means you can choose not to submit one of your assignments and you are still able to receive full mark on your assignment total.
Academic Integrity
It is every student’s responsibility to become familiar with the standards of academic integrity at the University. Claims of ignorance, of unintentional error, or of academic or personal pressures are not sufficient reasons for violations of academic integrity. Any incident of academic dishonesty can result in (i) no credit for the affected assignment, (ii) report to the appropriate University authorities (e.g., Dean of Undergraduate Education or Graduate Studies), and/or (iii) a failing grade (E) for the course.

For all assignments and papers, make sure to do your own work, except where collaboration is explicitly permitted or required. Also, make sure that you properly cite any resource from which you borrow ideas and that you clearly distinguish them from your contributions.

Use of Electronic Devices
Computers or other electronic devices may be only used during class for note-taking or other class-related activities. You are not allowed to perform any unrelated task during class.
Students with Disabilities
Reasonable accommodation will be provided for students with documented disabilities. If you believe you have a disability requiring accommodation in this class, please notify the Disability Resource Center (Campus Center 130, 518-442-5490). That office will provide me with verification of your disability, and will recommend appropriate accommodations. In general, it is your responsibility to contact me at least one week before the relevant activity to make arrangements.