About the course

motivation

Hardly a day goes by when the news doesn't touch upon some aspect of computer security: stolen passwords, compromised bank accounts, phishing attacks, or private communications. The security landscape is getting broader with the inclusion of autonomous and semi-autonomous vehicles, microprocessor-controlled medical implants, and home security systems.

the course

As its name - 01:198:419 - implies, this course is about Computer Security. The topic of computer security is too broad for one course but we will cover a lot of the big areas: operating system security models and where they fail, programmer errors, sandboxing, network defenses, and particular issues related to commerce and mobility.

A tentative syllabus can be found at http://www.cs.rutgers.edu/~pxk/419/syllabus.html. The course content will likely change throughout the semester. This is my first time teaching this course and I am trying to group topics into sensible categories and into an order that does not require forward dependencies. However, I don't yet have a good idea of how much time some topics may take, so I may stretch some out or add new topics in. I will update the web pages as the course progresses.

Course information can be found on my main course web page http://www.cs.rutgers.edu/~pxk/419. The links on that page will take you to prerequisites, homework assignments, exam info, and course policy. Be sure to check out the policy and prerequisites at the start of the course to avoid problems. The link at the bottom will take you to a news page (the link text will state when it was updated). This page will contain a running list of announcements such as homework assignments, exam announcements, corrections, and random comments. Please make a point of checking this page.

lecture notes

The course will use on-line reading material. We will make much use of Ross Anderson's Security Engineering, second edition, which is available online or in print form. We will also make use of published papers and other contet. I will post lecture notes that summarize lecture content, particularly information that may not be available in the text. While the lecture notes attempt to cover most material that will be presented, I cannot guarantee that they will cover all of the material. The course is not a correspondence course. You are responsible for attending class and for all the material presented in class.

exams and assignments

In order for me to be able to give you a grade in this course, you will have a number of homework assignments, programming projects, exams, and quizzes. My goal is not to torture you but to give you an opportunity to play with some of the material presented and for me to get enough material from you so that I can give you a fair grade without your performance being determined by a single exam.

I expect that you have reasonable proficiency in programming in C and/or Java and/or Python. You cannot pass the course without completing the programming assignments. There will be an exam given roughly every third lecture for half a lecture along with a final exam. All exams will be weighted equally and the lowest grade will be dropped. My hope is that enough of you will do well in the course that you will not have to take the final exam. Largely to reward attendance and to ensure that you're not completely asleep (since it is a late class), I will gived a few quizzes throughout the semester. These will be intended to be quite easy and you will be able to complete them during the lecture using information obtained from the lecture.