Main navigation | Main content
Office: 4-225E Keller Hall
Home page: http://www.cs.umn.edu/~mccamant
Office hours: Mondays 10-11am. Also by appointment, or available for a quick talk when my office door is open
Class Schedule: Tuesdays and Thursdays, 9:45-11:00am, Bruininks Hall 144
Computer Science 8271 is an advanced graduate course on computer security (including privacy). In particular it focuses on security as an area for research, where the goal is elucidate the scientific principles behind attacks and defenses and discover what is or is not possible. Because security is a broad area, the purpose of the course is not primarily to cover a specific body of technical skills. Rather it is to demonstrate the variety of ways in which security and privacy principles interact with the constraints of particular domains. You will learn about what constitutes good research in computer security first by studying examples (research papers, mostly from recent years of the field's most important conferences), and then by applying what you learned in an original research project you devise.
The first listed prerequisite for this course is a previous graduate-level course on a basic aspect of systems, either CSci 5103 (operating systems) or CSci 5211 (networking). Both OS and networking perspectives will come up in some of the application areas we study. But just as important to have learned is a high-level perspective on systems building, and how the practical utility of a system relates to the principles behind its design.
The second listed, recommended, prerequisite is a course on cryptography. CSci 5471 is the closest match our perspective, but Math 5248 covers enough of the same topics to serve as a substitute.
The 5000-level security class CSci 5271 is not required as a prerequisite, though you probably will find parts of it helpful if you've taken it. And 8271 is enough more advanced than 5271 that you should learn a lot new too.
As in any graduate-level course, we also expect students to have a broad familiarity with standard topics in a computer science as you would get from an undergraduate CS major. You should be resourceful: if a topic comes up in lecture that you aren't familiar with, you should have enough of an orientation to know where to look for more information on your own (from a textbook, from a manual, from Wikipedia, etc.).
The primary readings for the course will be in the form of research papers. I'll post links to these papers to the course web site. Some are completely public downloads; others are licensed to the University via the libraries so you can access them directly if you're coming from a campus IP address, or from off campus you can use the library's proxy service and bookmarklet.
Most of the papers we read will cover material that is too new to appear in any textbooks, but you may find some textbooks useful for background reference. Two books that are commonly used in 5271 and 5471 respectively are convenient for this purpose because their online versions are available for viewing free of charge:
15%: Reading questions
10%: Class attendance and discussion
15%: In-class paper presentation(s)
10%: Hands-on demo assignment
50%: Research project (including report and presentation)
Exams: There will be no exams.
Project: A major component of the course is large research project. More details on the project are on a separate page.
Assignments: The assignments for the class include a short writing assignment related to each paper we read, plus presenting papers in class and presenting a hands-on demo of how to use a research system. More details on the assignments are on a separate page.
Most assignments in the class will allow or even encourage the use of resources beyond the course readings and lecture notes, such as you might find in the library or on the Internet. However it is an important academic value, which we enforce rigorously in this class, that it is never acceptable to use another's work without properly acknowledging it. In writing assignments, you should acknowledge any external sources of inspiration or code directly in your answer; in the course project report, you should acknowledge resources and related work in the same was as you would in an academic paper. Failure to do so constitutes plagiarism.
Academic Integrity Policies: By the nature of this class, we will often discuss techniques that could be used to compromise the security of certain computer systems. However, IT IS VERY IMPORTANT THAT YOU NEVER APPLY THESE TECHNIQUES TO A COMPUTER WITHOUT THE PERMISSION OF THE COMPUTER'S OWNER. In particular you should never attempt to attack the security of computers that belong to CSE Labs, the department, the University, or an unsuspecting classmate. If we learn that a student has unethically exploited a vulnerability discussed in class, THAT STUDENT WILL FAIL. This is in addition to any University-level, department-level or legal penalties such an action may be subject to.
More generally, you are expected to do your own academic work and cite sources as appropriate. Failing to do so is scholastic dishonesty. Scholastic dishonesty includes, but is not limited to: plagiarizing; cheating on assignments or examinations; engaging in unauthorized collaboration on academic work; taking, acquiring, or using test materials without faculty permission; submitting false or incomplete records of academic achievement; acting alone or in cooperation with another to falsify records or to obtain dishonestly grades, honors, awards, or professional endorsement; altering, forging, or misusing a University academic record; or fabricating or falsifying data, research procedures, or data analysis. A student found responsible for scholastic dishonesty will at a minimum receive a grade of 0 for the assignment in question and be reported to the campus-wide Office for Community Standards (OCS). More serious offenses will receive a grade of F (or N) for the course and be subject to additional sanctions from the University. You should also read this page about academic conduct in computer science.
Other Applicable Policies: There are a number of other University-wide policies that apply to this course which you should be familiar with. This list is an abridged summary of longer policies which you can find linked from a University-wide page: