Link Search Menu Expand Document

Course Syllabus

Table of contents
  1. Course Overview
  2. Prerequisites
  3. Course Goals
  4. Details
  5. Lecture Sessions
  6. Required Textbook
  7. Readings For many lectures, we will be posting required readings on the
  8. Projects
    1. Submitting Work
    2. Late Work
    3. Regrades
  9. Exams
    1. One Page of Notes
    2. Makeup Exams
    3. No Re-taking Exams
  10. End-of-Semester Score
  11. Letter Grade Cutoffs
  12. Academic Integrity
  13. Disability Accommodations
  14. Sexual Harassment and Discrimination Information

Course Overview

We increasingly live in a digitally-connected world. More of our personal systems, national infrastructures, automobiles, and smart devices are becoming internet-connected, so the importance of secure systems is more critical than ever. Unfortunately, tracking the trend for internet-connected systems is an increasing prevalence of malicious actors and criminals intent on breaking, subverting, and otherwise sabotaging important systems. Billions of dollars are lost and thousands of lives are affected by such cybercrime, and there is a dearth of trained talent to offset these trends. We must endeavor to train ethical hackers with strong cyber-security techniques, who understand the toolkits and trades employed by cybercriminals, and imbue them with an ethos of using their knowledge for good. This course will be a programming-based, learn-by-doing-oriented course focused on applying foundational principles in security to real systems and networks . You will implement several real attacks and take advantage of several recreated vulnerable systems in order to understand the modern landscape of network and systems security. Other than implementing our own attacks, we will also be looking at various case studies of attacks and defense strategies, including known exploit proofs-of-concept, published papers, and documents from security agencies and cyber-security research firms.

Prerequisites

  1. CS458 (Information Security)
  2. A reasonably strong CS background in security or networking/systems
  3. We assume that students are familiar with some programming languages, such as C, C++, Java, or Python.

Exceptions to the above can be made, just come talk to us.

Course Goals

  • Explore a range of existing problems and tensions in modern system and network security
  • Gain a deep understanding of issues, concepts, threats, operational challenges as well as solutions in securing systems and networks
  • Learn real-world security principles through hands-on practice and tools to assess, defend, and investigate systems and networks

Details

The course is organized into multiple cycles and each cycle will focus on one topic in system and network security from theory to practice. We will first study the theory behind various attack vectors as well as countermeasures, and then gain deep insights through hands-on construction and experimentation with real-world implementations. Ideally, we will participate in a capture-the-flag competition at the end of the course. Topics include but are not limited to malware design (e.g., rootkit), web security (e.g., sql injection attacks, cross-site scripting attacks), OS and software security (e.g., shared library, reverse engineering, buffer overflow attacks, vulnerability scanning), network security (e.g., packet sniffing and spoofing, firewalls, protocol-specific attacks) and cryptography.

  • Software Security (8 hours)
  • Web Security (6 hours)
  • Network Security (11 hours)
  • Crypto (4 hours)
  • System Security (11 hours)

Lecture Sessions

For the first two weeks of the semester we will be on Zoom. After that, we’ll meet in SB 113 (unless things change).

Required Textbook

Computer and Internet Security by Wenliang Du

Readings For many lectures, we will be posting required readings on the

course webpage, from various sources. Be sure to read them! If a reading is marked as required, the reading content is fair game for exams. Any readings I post that are required will be freely available either from the web or from me.

Projects

By far the most important part of this course is the labs. You will learn by doing. Thus, they will comprise the lion’s share of your grade. Unless otherwise noted you will be working individually on projects. You will be graded on your lab reports that you submit when you are finished.

Submitting Work

Unless otherwise noted, you will be submitting lab reports when your lab work is done. You will submit them on Blackboard by the due date listed on the course webpage.

Late Work

For all projects, you can submit up to two days late with penalties. Each day you will be docked 10%. So if I have a perfect project, submitting two days late will give me 80%. After two days, submissions will not be accepted, and you will receive a zero.

If you have an emergency or are ill, it may be possible to excuse you from a project or to get you an extension, but contact me (or have a friend or family member contact me) as soon as you can. Please don’t wait until you get well / get back into town / start worrying about your Final Grade. Overly delayed requests may be denied. Requests made after classes end will be denied.

Regrades

If you think a test or project has been misgraded, then if the TA graded it, discuss it with the TA first. If you still think it’s been misgraded, discuss it with me. Regrade requests must be specific: Don’t just ask us to regrade an entire problem or assignment. Also, you must include your justification for a higher grade: Don’t just say you think you deserve more points. Regrade requests should be timely, else they may be denied. In particular, regrade requests made after classes end will be denied.

Exams

There will be only a final, comprehensive exam during the last week of classes (not during finals week). There will be no midterm.

One Page of Notes

For the final exam, you can bring one 8.5” x 11” or A4 page of notes (both sides; doesn’t matter if it’s hand-written or printed, etc.) No other notes, no sharing notes, no books; no phones, no calculators or other aids or devices.

Makeup Exams

If you can’t make it to an exam because you’re sick or have an emergency, it may be possible to get you a makeup exam, but contact me (or have a friend or family member contact the instructor) as soon as you can. Overly delayed requests may be denied, so don’t wait until you get well / get back into town / start worrying about your Final Grade. Requests made after classes end will be denied (so be on top of things, since the only exam for this course is during the final week!)

Make-up exams are not a guaranteed right, especially if you ask after the exam. Barring some urgent reason, you must take tests at the scheduled time (Getting a cheaper airline ticket is not considered to be an urgent reason).

No Re-taking Exams

If during the test, you feel too ill to finish it, stop and come up and talk to me so we can work on rescheduling it — don’t turn in the test and then come to me later. Similarly, don’t turn in the Final if you want a grade of Incomplete.

End-of-Semester Score

The grade break-down for the semester is as follows:

  • 70%: Labs and reports
  • 20%: Participation
  • 10%: Final Exam

All values are scaled to 100 before taking the final sum.

For internet and India sessions, the grade break-down is:

  • 80%: Labs and reports
  • 20%: Final Exam

Letter Grade Cutoffs

  • A: 90-100
  • B: 80-89
  • C: 70-79
  • D: 60-69
  • E: 0-59

Academic Integrity

You are allowed to discuss your work with others in the class, but ultimately what you submit must be solely yours. Cheating, plagiarism, copying from other students, or any other sort of academic dishonesty may result in you getting a zero on the assignment, may impact your grade negatively, and may result in refurral to the Dean.

Please see IIT’s code of Academic Honesty here.

Disability Accommodations

Reasonable accommodations will be made for students with documented disabilities. In order to receive accommodations, students must obtain a letter of accommodation from the Center for Disability Resources. The Center for Disability Resources (CDR) is located in Life Sciences Room 218, telephone (312) 567-5744 or disabilities@iit.edu.

Sexual Harassment and Discrimination Information

Illinois Tech prohibits all sexual harassment, sexual misconduct, and gender discrimination by any member of our community. This includes harassment among students, staff, or faculty. Sexual harassment of a student by a faculty member or sexual harassment of an employee by a supervisor is particularly serious. Such conduct may easily create an intimidating, hostile, or offensive environment.

Illinois Tech encourages anyone experiencing sexual harassment or sexual misconduct to speak with the Office of Title IX Compliance for information on support options and the resolution process.

You can report sexual harassment electronically here, which may be completed anonymously. You may additionally report by contacting the Title IX Coordinator, Virginia Foster at foster@iit.edu or the Deputy Title IX Coordinator at eespeland@iit.edu.

For confidential support, you may reach Illinois Tech’s Confidential Advisor at (773) 907-1062. You can also contact a licensed practitioner in Illinois Tech’s Student Health and Wellness Center at student.health@iit.edu or (312)567-7550

For a comprehensive list of resources regarding counseling services, medical assistance, legal assistance and visa and immigration services, you can visit the Office of Title IX Compliance website.