General Information¶
Administrivia¶
Instructor: Marco Canini
Time: MW 1:00PM - 4:00PM, online
Credits: 3
Office Hours: By appointment, online.
The class is open to CS MS and Ph.D. students. Others may be admitted by permission of the instructor.
Course Description¶
Security is now a core requirement when creating computer and software systems. This class is an introductory course to the fundamentals of computer and network security, and applied cryptography. Topics include software vulnerabilities, malware, security in web applications, networking and wireless security, security of ML systems and applied cryptography.
Sign up on the Piazza forum for this class.
Objectives¶
The course covers a broad view of computer system security that provides a general knowledge of the field for non-specialists and a base for future specialists. At the end of the course, students will know the most important theoretical concepts in computer security (cryptography, access control, security principles), as well as applied techniques to achieve system (program, operating systems, network, etc.) security.
About the course¶
Prerequisites¶
Background in computer systems, networks and basic knowledges in programming are expected. Familiarity with Linux operating system. Students who have passed CS240 or CS244, or demonstrate adequate systems knowledge.
Textbook¶
The class does not have a required textbook. That said, we particularly recommend Introduction to Computer Security by Goodrich & Tamassia. Another book optionally recommended as a partial resource is Security Engineering, 2nd ed. by Ross Anderson. This book is available online at Ross Anderson’s web site. Also recommended is Introduction to Modern Cryptography, CRC Press by Jonathan Katz and Yehuda Lindell.
Organization and workload¶
The format of this course will be a mix of lectures, seminar-style discussions, and student presentations of selected papers on contemporary advanced topics.
Two written/coding assignments will be provided throughout the class, with a submission deadline of about two weeks. In addition, the students will also work on a project to replicate some recent research in the field of computer security. This will be done throughout the entire class and will be submitted one week before the end of the class.
Grading¶
10% Attendance and Participation
40% Final exam
30% Assignments
20% Project
Participation¶
Is class participation based solely on attendance? No. Attendance is a necessary but not sufficient condition for good class participation. You are expected to attend all lectures (you may skip up to 2 lectures due to legitimate reasons), and more importantly, participate in class discussions. If you have any concerns about not being able to regularly attend class (e.g., you will have to miss several classes during the quarter) please discuss this as soon as possible with the instructor. Beyond attendance, we evaluate class participation by observing how prepared students are to discuss based on the preparatory readings, which need to be made before corresponding lectures.
Exam¶
This class has a final 2-hour exam. The exam is closed book.
Late work¶
There is no policy on late work. If you cannot submit your work by the deadline, it will not be accepted.
Exceptional circumstances¶
If you have a medical emergency, then email the instructor to request an extension. At times, there may be system problems with the computer infrastructure which may prevent you from submitting your reviews on time. In these cases an extension will be granted to the entire class.
Misconduct policy¶
We will have zero tolerance for academic misconduct. Cheating, plagiarism, and any form of dishonesty will be handled with maximum severity, according to university regulations. If you are ever in doubt about whether an action on your part may constitute unacceptable behavior, please ask the instructor before proceeding—doing so afterward is too late.
You are encouraged to discuss the assignments with your classmates. However, any work you turn in must be your own and is to be done individually, and the usual code of conduct applies. You must acknowledge any sources of your words, ideas, and software when they are not your own, and you must disclose in advance, without any specific request, any sources you used. Do not use code from a student who took the course in a previous term.
Ethics¶
This is a course on computer systems and network security. Although the course is primarily concerned with techniques that are designed to ensure security of such systems, a proper understanding of those systems requires that you be versed in their vulnerabilities and failings as well. Nevertheless, unless you have explicit written authorization from the owner and operators of a computer network or system, you should never attempt to penetrate that system or adversely affect that system’s operation. Such actions are a violation of the law and KAUST’s policy. Students are required to read and understand the University’s Acceptable Use Policy (available from KAUST’s policy web site). Students who would not be able to read or understand these rules must contact the course staff.