Winter 2020

Section 1: TTh 3:00pm - 4:15pm 3106 JKB

Syllabus

This course covers fundamental principles of computer security. The course consists of three parts:

Part 1: Cryptography: We will study and experiment with basic cryptographic primitives (symmetric encryption, asymmetric encryption, MAC, and cryptographic hash functions). We will learn how these primitives are used to achieve certain security properties.

Part 2: Systems: We will study systems that use cryptography, including HTTPS and secure email, to see how cryptographic primitives are used in practice on the Internet.

Part 3: Software Security: We will learn about some of the most common errors that software developers make that attackers then exploit. We will learn how to avoid or prevent these mistakes.

The learning outcomes for this course are:

  • Have a breadth of knowledge in computer security

    • Understand basic security terminology and use it accurately in technical discussions

    • Understand the kinds of threats facing people and systems and the technology to address those threats

    • Understand the limitations of technology in creating a secure system

  • Understand the basic principles of cryptography and how cryptographic building blocks can be assembled to provide security services

    • Build a system: Implement a cryptographic algorithm from a standards specification.

    • Remove the mystery of cryptography and replace it with knowledge of basic principles

    • Understand the use of cryptography in existing security protocols

    • Be able to explain how a protocol meets a given set of security requirements

  • Understand the basic principles of secure software design

    • Break and fix a system: Demonstrate how attackers compromise real-world systems, and then show how to prevent these attacks.

    • Avoid common design and development errors

    • Understand basic usage of standard cryptographic primitives

  • Demonstrate leadership skills

    • Be able to make sound technical decisions in the design and acquisition of security technology

    • Have technical and communication skills needed for leadership roles

    • Be ready to conduct security research in industry or graduate school

  • Promote a code of ethics that is compliant with the law and in accordance with gospel principles

The prerequisite for the course is CS 324 Systems Programming.

Textbooks

There are no required textbooks for this class. We will use a variety of online materials associated with each lecture. I strongly encourage you to review the materials before each lecture.

Assignments and Grading Policy

The assignments for this class will consist of homework, labs, and exams.

Homework

Homework is due on Tuesday at the beginning of class. Submit it online in LearningSuite before it is due. Submitted homework must be a PDF.

Each homework is worth 25 points

Late Homework Policy: If it is submitted by the following class period after it is due, you can receive a maximum of 15 points. If it is submitted before the next exam, you can receive a maximum of 10 points.

Projects

Each week that a project is assigned, it is due before midnight on Friday. Projects are worth 65 points each. Students are encouraged to meet project deadlines. I want to see all students complete every lab by the end of the semester. Code can be submitted as .zip or .tar.gz, but please make sure that when files are unzipped or untarred that they are inside of a directory instead of placed in the current directory.

Late Project Policy: As an incentive to help you stay current, we will record late days and early days for each project (university holidays excluded).

Each day a project is late will be deducted from your total, and each day a project is early will be added to your total. You can't get early days for a project if you have not turned in a previous project. You start with a balance of +5 days, and are capped at a maximum postive balance of 10. The initial balance ought to be enough to cover any minor issues that may arise, (e.g. friend's wedding, job interview out of town, pet dental emergency). If this balance will not be sufficient to cover some issue you expect in the future, please work ahead to build up your balance. In extreme circumstances please discuss your scheduling issues with me ahead of time as early as possible. There may be some flexibility.

At the end of the semester, you will receive a penalty if your late/early balance is negative. Your overall project points may be penalized up to 2% for each late day on your final balance. If all projects are completed, the penalty for late days will be capped at 10% so that your grade may be reduced by a maximum of one letter grade.

Project Pass-off Policies: Projects may be written in the language of your choice unless instructed otherwise. Projects must be passed off by the TA in person, unless instructed otherwise. You may pass off a project after the deadline for full credit, and without using late days, provided you email a SHA-1 checksum of all files associated with your project to the TA before the deadline. You can generate the checksum again at passoff to convince the TA that your assignment was completed on time. You can generate a checksum on linux using openssl (e.g., >openssl dgst -sha1 [filename] ). Search online for how to do this on other systems.

Exams

There will be 2 mid-term exams (posted schedule) each worth 175 points, and one final exam worth 175 points covering material from the entire course.

Final Grades

All points are equal. Your final score will be calculated as a percentage of total/possible points, using the standard university grade distribution formula. Point totals are approximate and may vary by a small amount (e.g. a mid-term exam might be 172 or 179 points etc).

Collaboration Policy

All assignments must be completed individually. You are encouraged to collaborate as much as possible, including discussing solutions and solving problems together. For homeworks, write up your own answer individually (e.g. do not copy someone else's solution directly). For projects, you are encouraged to discuss solving the projects and any programming problems you encounter generally, but you must write your own code.

Exceptions

If you have a serious medical or personal issue, please see the instructor to make arrangements for late work. I am happy to make accommodations for a learning disability if you turn in an accommodations letter to me. No work can be turned in after the university's last day of instruction.

Exams must be taken on the scheduled day(s). Medical exceptions are available, but please notify the instructor in advance or as soon as possible. Non-medical exceptions (e.g. traveling to a job interview) can be made in advance with sufficient notice.

Educational Policies

Honor Code Standards

In keeping with the principles of the BYU Honor Code, students are expected to be honest in all of their academic work. Academic honesty means, most fundamentally, that any work you present as your own must in fact be your own work and not that of another. Violations of this principle may result in a failing grade in the course and additional disciplinary action by the university.

Policy on Harassment

Harassment of any kind is inappropriate at BYU. Specifically, BYU's policy against sexual harassment extends not only to employees of the university but to students as well. If you encounter sexual harassment, gender-based discrimination, or other inappropriate behavior, please talk to your professor, contact the Equal Employment Office at 422-5895 or 367-5689, or contact the Honor Code Office at 422-2847.

Students with Disabilities

BYU is committed to providing reasonable accommodation to qualified persons with disabilities. If you have any disability that may adversely affect your success in this course, please contact the University Accessibility Center at 422-2767. Services deemed appropriate will be coordinated with the student and instructor by that office.