Introduction to Computer Security Winter 2023
This course introduces the principles and practice of computer security. It aims to teach you how to model threats to computer systems and how to think like an attacker and a defender. It presents standard cryptographic functions and protocols and gives an overview of threats and defenses for software, host systems, networks, and the web. It also touches on some of the legal, policy, and ethical issues surrounding computer security in areas such as privacy, surveillance, and the disclosure of security vulnerabilities. The goal of this course is to provide a foundation for further study in computer security and to help you better understand how to design, build, and use computer systems more securely. See the schedule for details.
Instructors
TAs
Course Information
| Prerequisites | CMSC 15400 or equivalent |
| Lectures | Lectures will be held from 11:30p - 12:20p (Section 1) or 1:30p - 2:20p (Section 2) on Mondays, Wednesdays, and Fridays. Typically, lectures will be held in Stuart Hall 105. |
| Office Hours | All office hours will be held in the class Zoom room. See our Canvas page for the Zoom link.
|
| Textbook | We will be using the second edition of Computer Security and the Internet: Tools and Jewels by Paul van Oorschot. While the book is available in print, we will be referencing the PDFs of the chapters available for free from that link. |
| Coursework | The coursework for all students consists of eight assignments, eight short responses to readings (about 2 or 3 paragraphs each), a closed-book midterm exam (in class), and a closed-book final exam (during exam period). In addition, students enrolled in CMSC 33250 must complete a research project and submit eight weekly reactions to assigned reseach papers. All assignments, reading responses, exams, and projects must be done individually. |
| Communication |
We will update the course schedule regularly throughout the course.
All assignments and reading response prompts will be distributed on Canvas. We'll use Campuswire for discussion and questions about course material, assignments, and logistics. Please keep all course-related communication to Campuswire; please don't email any members of the course staff (except if you can't access Campuswire). |
| Campuswire Guidelines |
If you are posting general questions about an assignment (e.g., clarification questions, broad questions about an error you encountered), please post publicly (visible to everyone in the class) on Campuswire. If you are asking a question about your specific approach to an assignment (especially if you are including any code) or if you are reaching out to the instructors about a personal or logistical matter (e.g., pertaining to an illness or other events that might be impacting your performance in class), please make a post on Campuswire visible only to the instructors. Campuswire is typically used heavily in this class; the 2022 class had 2,168 threads on Campuswire. Our whole staff is always very happy to help. Following these guidelines greatly helps us answer your questions most productively. Before You Post:
|
| Submission of work |
Assignments will be collected in two places: you will turn in your code on Canvas and turn in your prose write-ups on Gradescope. Coursework that only involves prose write-ups (e.g., reading responses) will only be collected on Gradescope.
Reactions to research papers (only for 33250 students) will typically be due at 11:59pm on Monday evenings. Reading responses (for all students) will typically be due at 11:59pm on Tuesday evenings. Assignments (for all students) will typically be due at 11:59pm on Thursday evenings. Please see the course schedule for exceptions. |
| Late policy |
We will accept the nine assignments and nine reading responses up to 24 hours late with a 15 point grade penalty. Assignments more than a day late will not be accepted without a previously approved extension. We will not accept late submissions of reactions to research papers or project-related deliverables (both applicable only to CMSC 33250 students). In exceptional circumstances related to personal emergencies, illness, wellness concerns, family emergencies, and similar, you may request an extension. To request an extension, make a private Campuswire post briefly explaining your circumstance and noting the assignment/reading response for which you are requesting an extension. Use the "extension request" tag on Campuswire for that post. An extension will only be granted with an affirmative reply from a member of the course staff. At the top of your prose (PDF) write-up, you must reference the Campuswire post number on which your extension was granted so that the graders don't inadvertently deduct points for lateness. Note that we do not consider job interviews, work from other courses, or non-emergency travel to be exceptional circumstances. |
Grading
Your course grade will be calculated as follows:| Undergraduate (CMSC 23200) | Graduate (CMSC 33250) | |
|---|---|---|
| Assignments (8) | 60% (7.5% each) | 48% (6% each) |
| Reading Responses (8) | 8% (1% each) | 4% (0.5% each) |
| Midterm Exam | 14% | 10% |
| Final Exam | 18% | 12% |
| Research Project | --- | 22% |
| Research Paper Reactions | --- | 4% |
P/F Grade Policies
As outlined in UChicago's policy, this course may be taken pass/fail (P/F). Students who wish to take the course pass/fail, instead of for a letter grade, must make a Campuswire post with that request by the end of Week 9. A grade of P will be given to students who would have earned a C- or better in the course if it were taken for a letter grade. Note that classes taken pass/fail are unlikely to count toward the computer science major or other majors, so please only make a P/F request if you understand (in consultation with your advisor) how doing so will impact your ability to count this course toward your major.Academic Integrity Policies
The University of Chicago has formal policies related to academic honesty and plagiarism, as described by the university broadly and the college specifically. We abide by these standards in this course. Depending on the severity of the offense, you risk being dismissed altogether from the course. All cases will be referred to the Dean of Students office, which may impose further penalties, including suspension and expulsion. If you have any question about whether some activity would constitute cheating, please ask. In addition, we expect all students to treat everyone else in the course with respect, following the norms of proper behavior by members of the University of Chicago community.Student interactions are an important and useful means to master course material. We encourage you to discuss the material in this class with other students and to form study groups. It is totally acceptable to discuss assignments in general terms, such as discussing and sketching out the general approach to an assignment on a whiteboard (or the virtual equivalent thereof). However, it is not acceptable to show someone else your code, nor to look at someone else's code, even over screensharing. Similarly, it is not acceptable to turn in someone else's writing or code (or fragments thereof) as your own, with exceptions for properly cited (see below) instances of reusing a few lines (four or fewer, as a rule of thumb) of code. When the time comes to write down your answer, you should write it down yourself from your own understanding.
Moreover, you must cite any material discussions you had with another student in the course or any written sources you relied on in non-trivial ways when working on an assignment. That is, at the top of each assigment write-up (prose PDF) submission, you must include a list of all other students with whom you discussed the assignment and all resources (e.g., URLs of webpages) that materially influenced your solution. For each non-human resource, you must briefly explain how you used that resource. Typically, you will use a resource in acceptable ways for one of the following reasons: (i) to better understand some aspect of a programming language or security concept; (ii) for some assistance on coding, such as consulting a Stack Overflow post. Note that taking code from a particular resource to solve the majority of any sub-part of the assignment is not an acceptable use of a resource. For each human resource, either note which parts of the assignment you discussed with them or say that you discussed the whole assignment with them.
The disclosure at the top of your write-up should be descriptive. For example, "I discussed the whole assignment with Jane Smith, and we also discussed Part 3 with John Doe. I consulted https://www.helpfuldomain.com/helpfulpage.html to understand the JavaScript fetch() API and I used two lines of code from https://www.otherhelpfuldomain.com/otherhelpfulpage.html in Part 3."
You do not need to cite discussions with the instructors or TAs, nor do you need to cite anything from our course Campuswire page. You also do not need to cite the course textbook, slides, or any other readings/materials we provide to you. If one student "helps" another by giving them a copy of their assignment, only to have that other student copy it and turn it in, both students are culpable.
In general, for any specific questions you have about why your specific approach to a problem isn't working (and definitely for any post that includes your own code), you should default to posting privately to the course staff on Campuswire. If you have more general questions or comments about assignments that don't include code snippets, please feel encouraged to post publicly on Campuswire and/or to discuss your approach with other members of the class.
If you have any questions about what is or is not proper academic conduct, please ask an instructor. Please note that we are personally willing to pursue cheating cases and have done so in the past.
Finally, note that this description of academic honesty is derived in part from policies written by Stuart Kurtz and John Reppy.
Policies About Remote Interactions
If you are feeling ill, please stay home from lecture to avoid spreading the illness. You may make a private Campuswire post using the "livestream request" tag (and noting whether you're in the 11:30a or 1:30p section) at least an hour before class. David or Blase will, if they are able, livestream that day's lecture for you on the same Zoom link we used for office hours; see Canvas for the link.Wellness
If a personal emergency comes up that might impact your work in the class, please let the instructors know in a Campuswire post visible only to the instructors so that the course staff can make appropriate arrangements. University environments can sometimes be very overwhelming, and all of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful. If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. The University of Chicago's counseling services are here to support you. Consider also reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.If you or someone you know is feeling suicidal or in danger of self-harm, call someone immediately, day or night:
• Student Counseling Urgent Care: (773)702-9800 or in person.
• National Suicide Prevention Lifeline: 1-800-273-8255.