Winter 2022

Section 1: MWF, 11:00am - 11:50am, TMCB 120

Syllabus

This course covers fundamental principles of computer security. The course consists of three parts:

Part 1: Cryptography: We will study and experiment with basic cryptographic primitives (symmetric encryption, asymmetric encryption, MAC, and cryptographic hash functions). We will learn how these primitives are used to achieve certain security properties.

Part 2: Systems: We will study systems that use cryptography, including HTTPS and secure email, to see how cryptographic primitives are used in practice on the Internet.

Part 3: Software Security: We will learn about some of the most common errors that software developers make that attackers then exploit. We will learn how to avoid or prevent these mistakes.

The learning outcomes for this course are:

  • Have a breadth of knowledge in computer security

    • Understand basic security terminology and use it accurately in technical discussions

    • Understand the kinds of threats facing people and systems and the technology to address those threats

    • Understand the limitations of technology in creating a secure system

  • Understand the basic principles of cryptography and how cryptographic building blocks can be assembled to provide security services

    • Build a system: Implement a cryptographic algorithm from a standards specification.

    • Remove the mystery of cryptography and replace it with knowledge of basic principles

    • Understand the use of cryptography in existing security protocols

    • Be able to explain how a protocol meets a given set of security requirements

  • Understand the basic principles of secure software design

    • Break and fix a system: Demonstrate how attackers compromise real-world systems, and then show how to prevent these attacks.

    • Avoid common design and development errors

    • Understand basic usage of standard cryptographic primitives

  • Demonstrate leadership skills

    • Be able to make sound technical decisions in the design and acquisition of security technology

    • Have technical and communication skills needed for leadership roles

    • Be ready to conduct security research in industry or graduate school

  • Promote a code of ethics that is compliant with the law and in accordance with gospel principles

The prerequisite for the course is CS 324 Systems Programming.

Textbooks

There are no required textbooks for this class. We will use a variety of online materials associated with each lecture. I strongly encourage you to review the materials before each lecture.

Assignments and Grading Policy

The assignments for this class will consist of homework, labs, and exams.

Homework

Homework is due at 11:59 PM of the date in the Schedule. Submit it online in LearningSuite before it is due. Submitted homework must be a PDF.

Late Homework Policy: Each homework is worth 4 points. There are a total of 13 homework assignments. Your total homework score will be out of 40 points. This gives you three homework assignments you can miss but still get full points in this category. Any homework that you do past the required ten will count as extra credit. Because of this, no late homework will be accepted.

Projects

Each project is is due at 11:59 PM of the date in the Schedule. Students are encouraged to meet project deadlines. I want to see all students complete every lab by the end of the semester. Code can be submitted as .zip or .tar.gz, but please make sure that when files are unzipped or untarred that they are inside of a directory instead of placed in the current directory.

Projects may be written in the language of your choice unless instructed otherwise. For many of the projects there is an automated passoff system.

Late Project Policy: As an incentive to help you stay current, we will record late days and early days (maximum of 5) for each project (weekends and university holidays excluded). You will get a total of five (5) free early days for the semester. At the end of the semester, you will receive a penalty if your late day balance exceeds your early day balance. Your overall project points may be penalized up to 2% for each late day on your final balance. If all projects are completed, the penalty for late days will be capped at 10% so that your grade is reduced by a maximum of one letter grade.

Exams

There will be two midterm exams (see posted Schedule) and the final exam will cover material from the entire course.

Final Grade

Your final grade will be computed by weighting all scores as follows:

Homework 10%

Projects 45%

Exams 45%

  • Midterm 1: 10%

  • Midterm 2: 15%

  • Final: 20%

Collaboration Policy

All assignments must be completed individually. You are encouraged to collaborate as much as possible, including discussing solutions and solving problems together. For homeworks, write up your own answer individually (e.g. do not copy someone else's solution directly). For projects, you are encouraged to discuss solving the projects and any programming problems you encounter generally, but you must write your own code.

Exceptions

If you have a serious medical or personal issue, please see the instructor to make arrangements for late work. I am happy to make accommodations for a learning disability if you turn in an accommodations letter to me. No work can be turned in after the university's last day of instruction (even with accommodations).

Exams must be taken on the scheduled day(s). Medical exceptions are available, but please notify the instructor in advance or as soon as possible. Non-medical exceptions (e.g. traveling to a job interview) can possibly be made in advance with sufficient notice.

Educational Policies

Honor Code Standards

In keeping with the principles of the BYU Honor Code, students are expected to be honest in all of their academic work. Academic honesty means, most fundamentally, that any work you present as your own must in fact be your own work and not that of another. Violations of this principle may result in a failing grade in the course and additional disciplinary action by the university.

Policy on Harassment

Harassment of any kind is inappropriate at BYU. Specifically, BYU's policy against sexual harassment extends not only to employees of the university but to students as well. If you encounter sexual harassment, gender-based discrimination, or other inappropriate behavior, please talk to your professor, contact the Equal Employment Office at 422-5895 or 367-5689, or contact the Honor Code Office at 422-2847.

Students with Disabilities

BYU is committed to providing reasonable accommodation to qualified persons with disabilities. If you have any disability that may adversely affect your success in this course, please contact the University Accessibility Center at 422-2767. Services deemed appropriate will be coordinated with the student and instructor by that office.