Meeting Time: Tuesdays and Thursdays from 8am to 9:15 am
Meeting Location: Sitterson - SN014
The course covers introductory topics in computer security. The goal is to expose students to a broad range of security challenges facing us today. The course examines a wide range of topics in operating systems, software engineering, and network and communications security.
Important: This course is accompanied by a distance learning lab that runs certain Fridays from 8am-9:15am. There may be some capacity for mask-to-mask delivery in SN014. You must be enrolled in CS535 to attend the remote Friday sessions. No exceptions. These labs will leverage infrastructure built specifically for this course, and will expose students to hands-on experimentation of concepts discussed in the lectures. Enrolled students must have their own laptop; we will provide access to virtual machines on our servers. Many of the labs are built around a gamified cybersecurity experience.
The modules used during the lab sessions will be available through the Riposte Framework. You will be required to read and digitally sign an Ethics and Responsible Practices statement before proceeding with the labs.
|Fabian Monrose||FB 336||Remote only. TBD (and by appointment)|
|Jan Werner and Mac Malone||FB 334||Remote only.TBD; (and by appointment); email: firstname.lastname@example.org|
When sending me email about this course, make sure to add the preamble "COMP535:" to the subject line; otherwise, responses will be slower than normal.
Community Standards in Our Course and Mask Use.
This fall semester, while we are in the midst of a global pandemic, all enrolled students are required to wear a mask covering your mouth and nose at all times in our classroom. This requirement is to protect our educational community — your classmates and me – as we learn together. If you choose not to wear a mask, or wear it improperly, I will ask you to leave immediately, and I will submit a report to the Office of Student Conduct. At that point you will be disenrolled from this course for the protection of our educational community. An exemption to the mask wearing community standard will not typically be considered to be a reasonable accommodation. Individuals with a disability or health condition that prevents them from safely wearing a face mask must seek alternative accommodations through the Accessibility Resources and Service. For additional information, see Carolina Together.
Title IX Resources
Any student who is impacted by discrimination, harassment, interpersonal (relationship) violence, sexual violence, sexual exploitation, or stalking is encouraged to seek resources on campus or in the community. Please contact the Director of Title IX Compliance (Adrienne Allison – Adrienne.email@example.com), Report and Response Coordinators in the Equal Opportunity and Compliance Office (firstname.lastname@example.org), Counseling and Psychological Services (confidential), or the Gender Violence Services Coordinators (email@example.com; confidential) to discuss your specific needs. Additional resources are available at safe.unc.edu.
Textbook: None require, but the one(s) listed below offer background material helpful for the lectures.
Please note that many of the lectures will be supplemented by my own notes.
For the labs, no textbook is required. We will handout detailed instructions for each module. However, the list of books below are highly recommended if you want to learn more about topics covered in this course and for mastering the labs:
|Comprehensive Exam (growth-based)||15%||Class participation||5%|
Collaboration on assignments (except where explicitly stated) and exams is strictly forbidden. Remember UNC's Honor code.
|Syllabus (subject to change)|
|A tentative schedule of lectures (subject to change) is provided below. Some of the material that lectures will be based on is provided below. Topics to be covered include:|
|Week 1 :|
Course Overview (Goodrich: Chapter 1)
[Lab: Getting acquainted with our class infrastructure + basic UNIX terminal skills]
|Week 2,3 :|
User Authentication (Goodrich: Chapter 1, 2)
Tools from Applied Cryptography (Goodrich: Chapter 8)|
Authentication Protocols Part 1: With Low Power Comes Low Security|
[Lab Module: Why crytosystems fail (cryptanalysis, WiFi vulnerabilities & protections), part 2]
System Security (Goodrich: Chapter 3)
[Lab Module: Stack-based overflows, enabling and disabling protections]
|Week 9 ||
Software Security (Goodrich: Chapters 3,4) |
[Lab Module: Debugging without source code]
Web Security (Zalewski: Chapter 9)
[Lab Module: Web Exploits]
Authentication Protocols and Authenticated Key Management|
Realtime Protocols for the Internet (Goodrich: Chapter 6)
[Lab Module: Web Exploits and Defenses part 2]
Malicious software (Goodrich: Chapter 4) |
| Week 12:|
Firewalls, Perimeter Security and Network Attacks (Goodrich: Chapter 6,7)
(time permitting) [Lab Module: Firewalls, determining network exposure, defenses]
|Week 13:||Course wrap up