University of Minnesota
Security and Privacy in Computing

CSci 8271: Security and Privacy in Computing

Instructor: Stephen McCamant
Office: 4-225E Keller Hall
Home page:
Office hours: Mondays 10-11am. Also by appointment, or available for a quick talk when my office door is open

Class Schedule: Tuesdays and Thursdays, 9:45-11:00am, Bruininks Hall 144

Course Overview:
Computer Science 8271 is an advanced graduate course on computer security (including privacy). In particular it focuses on security as an area for research, where the goal is elucidate the scientific principles behind attacks and defenses and discover what is or is not possible. Because security is a broad area, the purpose of the course is not primarily to cover a specific body of technical skills. Rather it is to demonstrate the variety of ways in which security and privacy principles interact with the constraints of particular domains. You will learn about what constitutes good research in computer security first by studying examples (research papers, mostly from recent years of the field's most important conferences), and then by applying what you learned in an original research project you devise.

The first listed prerequisite for this course is a previous graduate-level course on a basic aspect of systems, either CSci 5103 (operating systems) or CSci 5211 (networking). Both OS and networking perspectives will come up in some of the application areas we study. But just as important to have learned is a high-level perspective on systems building, and how the practical utility of a system relates to the principles behind its design.

The second listed, recommended, prerequisite is a course on cryptography. CSci 5471 is the closest match our perspective, but Math 5248 covers enough of the same topics to serve as a substitute.

The 5000-level security class CSci 5271 is not required as a prerequisite, though you probably will find parts of it helpful if you've taken it. And 8271 is enough more advanced than 5271 that you should learn a lot new too.

As in any graduate-level course, we also expect students to have a broad familiarity with standard topics in a computer science as you would get from an undergraduate CS major. You should be resourceful: if a topic comes up in lecture that you aren't familiar with, you should have enough of an orientation to know where to look for more information on your own (from a textbook, from a manual, from Wikipedia, etc.).

Paper Readings:
The primary readings for the course will be in the form of research papers. I'll post links to these papers to the course web site. Some are completely public downloads; others are licensed to the University via the libraries so you can access them directly if you're coming from a campus IP address, or from off campus you can use the library's proxy service and bookmarklet.

Optional/Reference Textbooks:
Most of the papers we read will cover material that is too new to appear in any textbooks, but you may find some textbooks useful for background reference. Two books that are commonly used in 5271 and 5471 respectively are convenient for this purpose because their online versions are available for viewing free of charge:

Grading breakdown:
15%: Reading questions
10%: Class attendance and discussion
15%: In-class paper presentation(s)
10%: Hands-on demo assignment
50%: Research project (including report and presentation)

Exams: There will be no exams.

Project: A major component of the course is large research project. More details on the project are on a separate page.

Assignments: The assignments for the class include a short writing assignment related to each paper we read, plus presenting papers in class and presenting a hands-on demo of how to use a research system. More details on the assignments are on a separate page.

External Sources:
Most assignments in the class will allow or even encourage the use of resources beyond the course readings and lecture notes, such as you might find in the library or on the Internet. However it is an important academic value, which we enforce rigorously in this class, that it is never acceptable to use another's work without properly acknowledging it. In writing assignments, you should acknowledge any external sources of inspiration or code directly in your answer; in the course project report, you should acknowledge resources and related work in the same was as you would in an academic paper. Failure to do so constitutes plagiarism.

Academic Integrity Policies: By the nature of this class, we will often discuss techniques that could be used to compromise the security of certain computer systems. However, IT IS VERY IMPORTANT THAT YOU NEVER APPLY THESE TECHNIQUES TO A COMPUTER WITHOUT THE PERMISSION OF THE COMPUTER'S OWNER. In particular you should never attempt to attack the security of computers that belong to CSE Labs, the department, the University, or an unsuspecting classmate. If we learn that a student has unethically exploited a vulnerability discussed in class, THAT STUDENT WILL FAIL. This is in addition to any University-level, department-level or legal penalties such an action may be subject to.

More generally, you are expected to do your own academic work and cite sources as appropriate. Failing to do so is scholastic dishonesty. Scholastic dishonesty includes, but is not limited to: plagiarizing; cheating on assignments or examinations; engaging in unauthorized collaboration on academic work; taking, acquiring, or using test materials without faculty permission; submitting false or incomplete records of academic achievement; acting alone or in cooperation with another to falsify records or to obtain dishonestly grades, honors, awards, or professional endorsement; altering, forging, or misusing a University academic record; or fabricating or falsifying data, research procedures, or data analysis. A student found responsible for scholastic dishonesty will at a minimum receive a grade of 0 for the assignment in question and be reported to the campus-wide Office for Community Standards (OCS). More serious offenses will receive a grade of F (or N) for the course and be subject to additional sanctions from the University. You should also read this page about academic conduct in computer science.

Other Applicable Policies: There are a number of other University-wide policies that apply to this course which you should be familiar with. This list is an abridged summary of longer policies which you can find linked from a University-wide page:

  • Students are required to abide by the Student Conduct Code, which among other things prohibits disruptive classroom conduct.
  • Personal electronic devices should be used with caution in the classroom lest they interfere with your or other students' learning.
  • Students will not be penalized for absence during the semester due to unavoidable or legitimate circumstances. Such circumstances include verified illness, participation in intercollegiate athletic events, subpoenas, jury duty, military service, bereavement, and religious observances. The requirement of verification for absences due to illness is waived for a single episode absence that did not require professional treatment, and did not lead to missing an important in-class event such as an exam.
  • The University considers that accepting compensation for taking and distributing classroom notes violates shared norms and standards of the academic community.
  • Sexual harassment is not acceptable in the University setting.
  • The University provides equal access to and opportunity in its programs and facilities, without regard to race, color, creed, religion, national origin, gender, age, marital status, disability, public assistance status, veteran status, sexual orientation, gender identity, or gender expression.
  • The University of Minnesota is committed to providing equitable access to learning opportunities for all students, including making reasonable accommodations. If you have, or think you may have, a disability that might affect your participation in class please contact the Disability Services office. If you are registered with DS and have a current letter requesting reasonable accommodations, please contact your instructor as early in the semester as possible to discuss how the accommodations will be applied in the course.
  • As a student you may experience a range of mental health concerns or stressful events which may interfere with learning. You can learn more about the broad range of confidential mental health services available on campus via the Student Mental Health website.
  • Within the scope and content of the course as defined by the instructor, academic freedom includes the freedom to discuss relevant matters in the classroom and conduct relevant research. Students are free to take reasoned exception to the views offered in any course of study and to reserve judgment about matters of opinion, but they are responsible for learning the content of any course of study for which they are enrolled. (Adapted from The AAUP Joint Statement on Rights and Freedoms of Students.)