Main navigation | Main content
Office: 4-225E Keller Hall
Home page: http://www.cs.umn.edu/~mccamant
Office hours: Fridays 1-2pm, online via Zoom. Also by appointment.
Lecture Schedule: Tuesdays and Thursdays, 9:45-11:00am, 43 Rapson Hall
Section 002: Mondays 9:05-9:55am, 1-262 Keller, also online via Zoom
Section 003: Mondays 10:10-11:00am, 1-262 Keller, also online via Zoom
Computer Science 4271W is an elective-level undergraduate course that introduces concepts of computer security with particular emphasis on the design and implementation of secure software. The course covers techniques to identify and exploit security threats, as well as prevent or mitigate them, during software design, coding, testing, and maintenance. It describes general patterns of vulnerabilities as well specific problems in low-level software, operating system interaction, use of cryptography, networked and web systems, identity and authentication, and usability. As a writing intensive course, students will also learn and practice techniques for effective written communication about software security.
Goals and Objectives:
By the end of this course you should be able to:
These objectives address two student learning outcomes:
Can identify, define, and solve problems: In assignments and exercises you will be given descriptions of software systems and asked to identify potential security vulnerabilities, and methods to mitigate these vulnerabilities.
Can communicate effectively: It is not enough that individual developers understand security when coding. Issues such as the organization of a complex software system, how potentially adversarial inputs and actors can affect the system, and methods to mitigate these threats require communication among developers and between developers and other stakeholders. If a security-conscious developer cannot convey why a threat should be considered, or the way it works, or how to address a threat, the larger organization may still fail to devote enough effort to security improvement. Developing skills to communicate about software and threats is thus just as important as developing skills to find and address these threats. In this class you will regularly practice writing such descriptions in problem sets and project reports.
The prerequisite for this course is CSci 3081W, Software Design and Development, and the course also depends on 3081's own transitive prerequisites. Students should be comfortable reading and writing code; especially in C, but other languages will also be used on occasion such as in labs. Students should also have experience working with the Unix/Linux command line. The portions of the course that deal with low-level attacks and defenses on software (buffer overflows, etc.), depend on some familiarity with assembly language and how C programs are compiled. These are covered in CSci 2021, which is transitively a prerequisite for 3081, but this may be an area you should consider reviewing if a while has passed since you took 2021. EE 2361 covers many of the same relevant topics from CSci 2021, but because it uses a micro-controller architecture, you may want to take some time outside of class to learn about the x86 architecture we'll use. CSci 4061 (Introduction to Operating Systems) and CSci 4211 (Introduction to Computer Networks) are not prerequisites: we will discuss the basic principles of operating systems and networks relevant to security threats against them.
The course web site will have a schedule of the topics that will be covered in each lecture. For some subject areas there will also be relating reading materials covering the same topics. You will get the most out of the lecture by reading the materials before coming to class. The material in the readings and the materials in lectures will not match exactly: while the most important material will appear in both, some points may appear only in the reading or only in the lecture, and they're all fair game to appear on exams. We'll post the slides from lectures on the web site, but reviewing the slides is intended to supplement, not replace, attending lecture.
Because the area of computer security is changing quickly, it is hard to produce a good textbook. I haven't yet found a textbook that I like and which covers most or all of the material in the class, so the course has no required textbooks. We will draw readings from a variety of other public source which are either free of charge to everyone or available via University licensing. However if you would like a to look over books relevant to the course material, here are two optional recommendations:
Ross Anderson's Security Engineering, Third Edition (John Wiley & Sons) is a great book for understanding the adversarial perspective in security; it covers many of the course's main topics at a high level, as well as drawing on examples of security thinking outside strictly computer applications. It's also a lot more fun to read than the average CS textbook. However it doesn't go into as much technical detail as we will in many areas. I use it more heavily in 5271, so you may be able to find it via the campus bookstore, or various places online. The third edition includes some notable improvements since the previous second edition, but the majority of relevant material is also found in that edition. An advantage of the previous edition is that all the chapters are available online from the author's home page. Also, the campus libraries have acquired ebook access to an HTML edition of the book through the publisher's online portal. As the first edition is even older, it isn't recommended.
Adam Shostack's Threat Modeling: Designing for Security (Wiley), as the title suggests, focuses on threat modeling and security design concerns. The approach to threat modeling and dataflow diagrams we follow is based on Shostack's, so you can read this book if you are interested in a lot more detail on these topics than we'll have time for in class.
Including chapters from Anderson's second edition as discussed above all the class readings are available to download and/or read online. Many are public downloads; a few, such as some academic papers, are licensed to the University via the libraries so you can access them directly if you're coming from a campus IP address, or from off campus you can use the library's proxy service and bookmarklet. Some other online resources will be mentioned in lecture notes, assignments, or on the class forum, and of course there's lots of information, some of it good, available online that you can find yourself.
Grading for this course will be based on the following components:
Letter grades will be assigned using the following scale:
Collaboration and External Sources:
Discussing the course content with other students can be a very useful part of your learning experience: that is part of why we encourage/require you to collaborate in the labs, for instance. However it is up to you to structure that collaboration for the best results and to maximize everyone's learning.
On the other hand, we ask that you be more circumspect in discussing problem sets and projects with other students, so that everyone has the chance to grapple with the challenges on their own. The class isn't graded on a curve, so you aren't competing with other students: their failure will not improve your grade, and we'd like to maintain a generally friendly atmosphere. For instance it's okay to discuss ideas from the course at a general level that might apply to a homework (e.g., the concept of a buffer-overflow attack), or to help another group with a technical problem unrelated to the project itself ("I can't get my VM to boot"). But you should avoid giving specific suggestions that another student could use in place of figuring something out on their own ("you can overflow buffer foo by passing a 200-byte string to function bar"). And sharing code or prose that would be given as an answer to an assignment question is of course never okay.
Many assignments in the class will allow or even encourage the use of resources beyond the course readings and lecture notes, such as you might find in the library or on the Internet. However it is an important academic value, which we enforce rigorously in this class, that it is never acceptable to use another's work without properly acknowledging it. In problem sets and projects, you should acknowledge any external sources of inspiration or code directly in your answer. Failure to do so constitutes plagiarism.
Academic Integrity Policies: By the nature of this class, we will often discuss techniques that could be used to compromise the security of certain computer systems. However, IT IS VERY IMPORTANT THAT YOU NEVER APPLY THESE TECHNIQUES TO A COMPUTER WITHOUT THE PERMISSION OF THE COMPUTER'S OWNER. In particular you should never attempt to attack the security of computers that belong to CSE Labs, the department, the University, or an unsuspecting classmate. If we learn that a student has unethically exploited a vulnerability discussed in class, THAT STUDENT WILL FAIL. This is in addition to any University-level, department-level or legal penalties such an action may be subject to.
You are also expected to do your own academic work and cite sources as appropriate. Failing to do so is scholastic dishonesty. Scholastic dishonesty includes, but is not limited to: plagiarizing; cheating on assignments or examinations; engaging in unauthorized collaboration on academic work; taking, acquiring, or using test materials without faculty permission; submitting false or incomplete records of academic achievement; acting alone or in cooperation with another to falsify records or to obtain dishonestly grades, honors, awards, or professional endorsement; altering, forging, or misusing a University academic record; or fabricating or falsifying data, research procedures, or data analysis. A student found responsible for scholastic dishonesty will at a minimum receive a grade of 0 for the assignment in question and be reported to the campus-wide Office for Community Standards (OCS). More serious offenses will receive a grade of F (or N) for the course and be subject to additional sanctions from the University. You should also read this page about academic conduct in computer science.
Other Applicable Policies: There are a number of other University-wide policies that apply to this course which you should be familiar with. This list is an abridged summary of longer policies which you can find linked from a University-wide page:
(This syllabus is based in part on documents used in previous editions of 4271 and 5271 written by the instructor and by Prof. Nick Hopper.)