This course covers fundamental principles of computer security. The course consists of three parts:
Part 1: Cryptography: We will study and experiment with basic cryptographic primitives (symmetric encryption, asymmetric encryption, MAC, and cryptographic hash functions). We will learn how these primitives are used to achieve certain security properties.
Part 2: Systems: We will study systems that use cryptography, including HTTPS and secure email, to see how cryptographic primitives are used in practice on the Internet.
Part 3: Software Security: We will learn about some of the most common errors that software developers make that attackers then exploit. We will learn how to avoid or prevent these mistakes.
The learning outcomes for this course are:
Have a breadth of knowledge in computer security
Understand basic security terminology and use it accurately in technical discussions
Understand the kinds of threats facing people and systems and the technology to address those threats
Understand the limitations of technology in creating a secure system
Understand the basic principles of cryptography and how cryptographic building blocks can be assembled to provide security services
Build a system: Implement a cryptographic algorithm from a standards specification.
Remove the mystery of cryptography and replace it with knowledge of basic principles
Understand the use of cryptography in existing security protocols
Be able to explain how a protocol meets a given set of security requirements
Understand the basic principles of secure software design
Break and fix a system: Demonstrate how attackers compromise real-world systems, and then show how to prevent these attacks.
Avoid common design and development errors
Understand basic usage of standard cryptographic primitives
Demonstrate leadership skills
Be able to make sound technical decisions in the design and acquisition of security technology
Have technical and communication skills needed for leadership roles
Be ready to conduct security research in industry or graduate school
Promote a code of ethics that is compliant with the law and in accordance with gospel principles
The prerequisite for the course is CS 324 Systems Programming.
There are no required textbooks for this class. We will use a variety of online materials associated with each lecture. I strongly encourage you to review the materials before each lecture.
The assignments for this class will consist of homework, labs, and exams.
Homework is due on Tuesday at the beginning of class. Submit it online in LearningSuite before it is due. Submitted homework must be a PDF.
Each homework is worth 25 points
Late Homework Policy: If it is submitted by the following class period after it is due, you can receive a maximum of 15 points. If it is submitted before the next exam, you can receive a maximum of 10 points.
Each week that a project is assigned, it is due before midnight on Friday. Projects are worth 65 points each. Students are encouraged to meet project deadlines. I want to see all students complete every lab by the end of the semester, as this is by far where the most learning will occur.
Projects each have their own specific passoff instructions, which you should carefully follow. Each and every assignment incluedes a final submission to LearningSuite.
Code can be submitted as .zip or .tar.gz, but please make sure that when files are unzipped or untarred that they are inside of a directory instead of placed in the current directory.
Late Project Policy: As an incentive to help you stay current, we will record late days and early days for each project (university holidays excluded).
Each day a project is late will be deducted from your total, and each day a project is early will be added to your total. You can't get early days for a project if you have not turned in a previous project. You start with a balance of +5 days, and are capped at a maximum postive balance of 10. The initial balance ought to be enough to cover any minor issues that may arise, (e.g. friend's wedding, job interview out of town, pet dental emergency). If this balance will not be sufficient to cover some issue you expect in the future, please work ahead to build up your balance. In extreme circumstances please discuss your scheduling issues with me ahead of time as early as possible. There may be some flexibility.
At the end of the semester, you will receive a penalty if your late/early balance is negative. Your overall project points may be penalized up to 2% for each late day on your final balance. If all projects are completed, the penalty for late days will be capped at 10% so that your grade may be reduced by a maximum of one letter grade.
Project Pass-off Policies: Projects may be written in the language of your choice unless
instructed otherwise. For many of the projects there is an automated passoff system.
Each project has passof instructions that should be followed carefully.
There will be 2 midterm exams (posted schedule) each worth approximately 175 points, and one final exam worth 175 points covering material from the entire course.
Your final grade will be computed by weighting all scores as follows:
Homework 10%
Projects 45%
Exams 45%
We will use the standard university grade distribution formula.
All assignments must be completed individually. You are encouraged to collaborate as much as possible, including discussing solutions and solving problems together. For homeworks, write up your own answer individually (e.g. do not copy someone else's solution directly). For projects, you are encouraged to discuss solving the projects and any programming problems you encounter generally, but you must write your own code, make your own screenshots, etc.
If you have a serious medical or personal issue, please see the instructor to make arrangements for late work. I am happy to make accommodations for a learning disability if you submit an accommodations letter to me through the University Accomodations office. In general, such accomodations are not retroactive. No work can be turned in after the university's last day of instruction.
Exams must be taken on the scheduled day(s). Medical exceptions are available, but please notify the instructor in advance or as soon as possible. Non-medical exceptions (e.g. traveling to a job interview) can possibly be made in advance with sufficient notice.
In keeping with the principles of the BYU Honor Code, students are expected to be honest in all of their academic work. Academic honesty means, most fundamentally, that any work you present as your own must in fact be your own work and not that of another. Violations of this principle may result in a failing grade in the course and additional disciplinary action by the university.
Harassment of any kind is inappropriate at BYU. Specifically, BYU's policy against sexual harassment extends not only to employees of the university but to students as well. If you encounter sexual harassment, gender-based discrimination, or other inappropriate behavior, please talk to your professor, contact the Equal Employment Office at 422-5895 or 367-5689, or contact the Honor Code Office at 422-2847.
BYU is committed to providing reasonable accommodation to qualified persons with disabilities. If you have any disability that may adversely affect your success in this course, please contact the University Accessibility Center at 801-422-2767. Services deemed appropriate will be coordinated with the student and instructor by that office.