Table of contents
We increasingly live in a digitally-connected world. More of our personal systems, national infrastructures, automobiles, and smart devices are becoming internet-connected, so the importance of secure systems is more critical than ever. Unfortunately, tracking the trend for internet-connected systems is an increasing prevalence of malicious actors and criminals intent on breaking, subverting, and otherwise sabotaging important systems. Billions of dollars are lost and thousands of lives are affected by such cybercrime, and there is a dearth of trained talent to offset these trends. We must endeavor to train ethical hackers with strong cyber-security techniques, who understand the toolkits and trades employed by cybercriminals, and imbue them with an ethos of using their knowledge for good. This course will be a programming-based, learn-by-doing-oriented course focused on applying foundational principles in security to real systems and networks . You will implement several real attacks and take advantage of several recreated vulnerable systems in order to understand the modern landscape of network and systems security. Other than implementing our own attacks, we will also be looking at various case studies of attacks and defense strategies, including known exploit proofs-of-concept, published papers, and documents from security agencies and cyber-security research firms.
- CS458 (Information Security)
- A reasonably strong CS background in security or networking/systems
- We assume that students are familiar with some programming languages, such as C, C++, Java, or Python.
Exceptions to the above can be made, just come talk to us.
- Explore a range of existing problems and tensions in modern system and network security
- Gain a deep understanding of issues, concepts, threats, operational challenges as well as solutions in securing systems and networks
- Learn real-world security principles through hands-on practice and tools to assess, defend, and investigate systems and networks
The course is organized into multiple cycles and each cycle will focus on one topic in system and network security from theory to practice. We will first study the theory behind various attack vectors as well as countermeasures, and then gain deep insights through hands-on construction and experimentation with real-world implementations. Ideally, we will participate in a capture-the-flag competition at the end of the course. Topics include but are not limited to malware design (e.g., rootkit), web security (e.g., sql injection attacks, cross-site scripting attacks), OS and software security (e.g., shared library, reverse engineering, buffer overflow attacks, vulnerability scanning), network security (e.g., packet sniffing and spoofing, firewalls, protocol-specific attacks) and cryptography.
- Software Security (8 hours)
- Web Security (6 hours)
- Network Security (11 hours)
- Crypto (4 hours)
- System Security (11 hours)
Attendance is required for the lecture sessions. We will meet in SB 113, Mondays and Wednesdays 3:15PM - 4:30PM.
Computer and Internet Security by Wenliang Du
For many lectures, we will be posting required readings on the course webpage, from various sources. Be sure to read them! If a reading is marked as required, you will likely need it to be able to complete a lab.
By far the most important part of this course is the labs. You will learn by doing. Thus, they will comprise the lion’s share of your grade. Unless otherwise noted you will be working individually on projects. You will be graded on your lab reports that you submit when you are finished.
Unless otherwise noted, you will be submitting lab reports when your lab work is done. You will submit them on Blackboard by the due date listed on the course webpage.
For all projects, you can submit up to two days late with penalties. Each day you will be docked 10%. So if I have a perfect project, submitting two days late will give me 80%. After two days, submissions will not be accepted, and you will receive a zero.
If you have an emergency or are ill, it may be possible to excuse you from a project or to get you an extension, but contact me (or have a friend or family member contact me) as soon as you can. Please don’t wait until you get well / get back into town / start worrying about your Final Grade. Overly delayed requests may be denied. Requests made after classes end will be denied.
If you think a lab has been misgraded, then if the TA graded it, discuss it with the TA first. If you still think it’s been misgraded, discuss it with the instructor. Regrade requests must be specific: Don’t just ask us to regrade an entire problem or assignment. Also, you must include your justification for a higher grade: Don’t just say you think you deserve more points. Regrade requests should be timely, else they may be denied. In particular, regrade requests made after classes end will be denied.
There will be no exams for this course.
The grade break-down for the semester is as follows:
- 90%: Labs and reports
- 10%: Attendance and Participation
All values are scaled to 100 before taking the final sum.
For internet and India sessions, the grade break-down is:
- 100%: Labs and reports
Letter Grade Cutoffs
- A: 90-100
- B: 80-89
- C: 70-79
- D: 60-69
- E: 0-59
You are allowed to discuss your work with others in the class, but ultimately what you submit must be solely yours. Cheating, plagiarism, copying from other students, or any other sort of academic dishonesty may result in you getting a zero on the assignment, may impact your grade negatively, and may result in refurral to the Dean.
Please see IIT’s code of Academic Honesty here.
Reasonable accommodations will be made for students with documented disabilities. In order to receive accommodations, students must obtain a letter of accommodation from the Center for Disability Resources. The Center for Disability Resources (CDR) is located in Life Sciences Room 218, telephone (312) 567-5744 or firstname.lastname@example.org.
Sexual Harassment and Discrimination Information
Illinois Tech prohibits all sexual harassment, sexual misconduct, and gender discrimination by any member of our community. This includes harassment among students, staff, or faculty. Sexual harassment of a student by a faculty member or sexual harassment of an employee by a supervisor is particularly serious. Such conduct may easily create an intimidating, hostile, or offensive environment.
Illinois Tech encourages anyone experiencing sexual harassment or sexual misconduct to speak with the Office of Title IX Compliance for information on support options and the resolution process.
You can report sexual harassment electronically here, which may be completed anonymously. You may additionally report by contacting the Title IX Coordinator, Virginia Foster at email@example.com or the Deputy Title IX Coordinator at firstname.lastname@example.org.
For confidential support, you may reach Illinois Tech’s Confidential Advisor at (773) 907-1062. You can also contact a licensed practitioner in Illinois Tech’s Student Health and Wellness Center at email@example.com or (312)567-7550
For a comprehensive list of resources regarding counseling services, medical assistance, legal assistance and visa and immigration services, you can visit the Office of Title IX Compliance website.