motivation

Hardly a day goes by when the news doesn’t touch upon some aspect of computer security: stolen passwords, compromised bank accounts, phishing attacks, or private communications. The security landscape is getting broader with the inclusion of autonomous and semi-autonomous vehicles, microprocessor-controlled medical implants, and home security systems.

the course

As its name - 01:198:419 - implies, this course is about Computer Security.

This course provides a foundational understanding of computer security, focusing on cryptographic systems, authentication, and authorization. Students will learn the basics of symmetric and asymmetric encryption, digital signatures, and hash functions, and explore how these cryptographic methods secure data and communications. The course will also cover key aspects of network security, including firewalls, intrusion detection systems, and VPNs, along with an overview of common security threats such as code injection attacks and containment strategies.

The topic of computer security is too broad for one course but we will cover a lot of the big areas: operating system security models and where they fail, programmer errors, sandboxing, network defenses, and particular issues related to commerce and mobility.

A tentative syllabus can be found at syllabus.html. The course content will likely change a bit throughout the semester as I try to group topics into sensible categories, into lecture-sized chunks, and into an order that does not require forward dependencies. I will update the web pages as the course progresses.

Course information can be found on my main course web page http://www.cs.rutgers.edu/~pxk/419. The links on that page will take you to prerequisites, homework assignments, exam info, and course policy. Be sure to check out the policy and prerequisites at the start of the course to avoid problems. The link at the bottom will take you to a news page (the link text will state when it was updated). This contains a running list of announcements such as homework assignments, exam announcements, corrections, and random comments. Please make a point of checking this page.

lecture notes

The course will use on-line reading material. We will make much use of Ross Anderson’s Security Engineering, second edition, which is available online or in print form. We will also make use of published papers and other contet. I will post lecture notes that summarize lecture content, particularly information that may not be available in the text. While the lecture notes attempt to cover most material that will be presented, I cannot guarantee that they will cover all of the material. The course is not a correspondence course. You are responsible for attending class and for all the material presented in class.

exams and assignments

In order for me to be able to give you a grade in this course, you will have a number of homework assignments, programming projects, exams, and quizzes. My goal is not to torture you but to give you an opportunity to play with some of the material presented and for me to get enough material from you so that I can give you a fair grade without your performance being determined by a single exam.

I expect that you have reasonable proficiency in programming in C and/or Java and/or Python. You cannot pass the course without completing the programming assignments. There will be an exam given roughly every third lecture for half a lecture along with a final exam. All exams will be weighted equally and the lowest grade will be dropped. My hope is that enough of you will do well in the course that you will not have to take the final exam. Largely to reward attendance and to ensure that you’re not completely asleep (since it is a late class), I will gived a few quizzes throughout the semester. These will be intended to be quite easy and you will be able to complete them during the lecture using information obtained from the lecture.