Introduction to Computer Security Winter 2021
This course introduces the principles and practice of computer security. It aims to teach you how to model threats to computer systems and how to think like an attacker and a defender. It presents standard cryptographic functions and protocols and gives an overview of threats and defenses for software, host systems, networks, and the Web. It also touches on some of the legal, policy, and ethical issues surrounding computer security in areas such as privacy, surveillance, and the disclosure of security vulnerabilities. The goal of this course is to provide a foundation for further study in computer security and to help you better understand how to design, build, and use computer systems more securely. See the schedule for details.
Instructors
TAs
Course Information
| Prerequisites | CMSC 15400 or equivalent |
| Lectures | The class will be held asynchronously. However, to encourage discussion, live lectures will be broadcast and recorded 3:00-4:00p Central on Mondays, Wednesdays, and Fridays on Zoom. See our Canvas page for the Zoom link. Attendance at live lectures is optional, but watching the videos is required. Videos will be posted as soon as possible following the broadcast. |
| Office Hours | All office hours will be held in the class Zoom room (the same as for lectures). See our Canvas page for the Zoom link.
|
| Textbook | We will be using Computer Security and the Internet: Tools and Jewels by Paul van Oorschot. While the book is available in print, we will be referencing the PDFs of the draft chapters available for free from that link. |
| Coursework |
The coursework for all students consists of nine assignments and nine short responses to readings (about 2 or 3 paragraphs each). There will be no exams. In addition, students enrolled in CMSC 33250 must complete a research project and submit reactions to assigned reseach papers. All assignments, reading responses, and projects must be done individually. |
| Communication |
We will update the course schedule regularly throughout the course.
Assignments will be distributed on Canvas and collected on
Gradescope. We'll use Campuswire for general discussion and questions about course material and assignments. Please try to keep all course-related communication to Campuswire rather than email. If you need to reach out to the instructors (e.g., pertaining to an illness or other events that might be impacting your performance in class), please make a post on Campuswire visible only to the instructors. |
| Submission of work |
All work for the class will be collected on Gradescope. Reactions to research papers (only 33250 students) will generally be due 11:59pm on Monday evenings. Reading responses (for all students) will generally be due 11:59pm on Tuesday evenings. Assignments (for all students) will generally be due at 11:59pm on Thursday evenings. |
| Late policy |
We will accept the nine assignments and nine reading responses up to 24 hours late with a 15 point grade penalty. Assignments more than a day late will not be accepted without a previously approved extension. We will not accept late submissions of reactions to research papers or project-related deliverables (both applicable only to CMSC 33250 students). Of course, in exceptional circumstances related to personal emergencies, serious illness, wellness concerns, family emergencies, and similar, please make the course staff aware of your situation and we will do our best to find a mutually agreeable solution. We do not consider job interviews or non-emergency travel to be exceptional circumstances. |
Grading
Your course grade will be calculated as follows:| Undergraduate (CMSC 23200) | Graduate (CMSC 33250) | |
|---|---|---|
| Assignment 1, Assignment 9 | 10.5% (5.25% each) | 6.75% (3.375% each) |
| Assignments 2-8 | 80.5% (11.5% each) | 54.25% (7.75% each) |
| Research Project | --- | 30% |
| Reading Responses (9) | 9% (1% each) | 4.5% (0.5% each) |
| Research Paper Reactions | --- | 4.5% |
P/F Grade Policies
As outlined in UChicago's policy, this course may be taken pass/fail (P/F). Students who wish to take the course pass/fail, instead of for a letter grade, must make a Campuswire post with that request by the end of Week 9. A grade of P will be given to students who would have earned a C- or better in the course if it were taken for a letter grade. Due to the exceptional circumstances of the pandemic, there are special pass/fail policies in place regarding when a class that is taken pass/fail may count toward the computer science major.Academic Integrity Policies
The University of Chicago has formal policies related to academic honesty and plagiarism, as described by the university broadly and the college specifically. We abide by these standards in this course. Depending on the severity of the offense, you risk being dismissed altogether from the course. All cases will be referred to the Dean of Students office, which may impose further penalties, including suspension and expulsion. If you have any question about whether some activity would constitute cheating, please ask. In addition, we expect all students to treat everyone else in the course with respect, following the norms of proper behavior by members of the University of Chicago community.Student interactions are an important and useful means to master course material. We encourage you to discuss the material in this class with other students and to form study groups. It is totally acceptable to discuss assignments in general terms, such as discussing and sketching out the general approach to an assignment on a whiteboard (or the virtual equivalent thereof). However, it is not acceptable to show someone else your code, nor to look at someone else's code, even over screensharing. Similarly, it is not acceptable to turn in someone else's writing or code (or fragments thereof) as your own. When the time comes to write down your answer, you should write it down yourself from your own understanding.
Moreover, you must cite any material discussions you had with another student in the course or any written sources you relied on in non-trivial ways when working on an assignment. That is, at the top of each assigment submission, you must include a list of all other students with whom you discussed the assignment and all resources (e.g., URLs of webpages) that influenced your solution. For example, "I discussed this assignment with Jane Smith and John Doe. I consulted https://www.helpfuldomain.com/helpfulpage.html." You do not need to cite discussions with the instructors or TAs, nor do you need to cite anything from our course Campuswire page. You also do not need to cite the course textbook, slides, or any other readings/materials we provide to you. If one student "helps" another by giving them a copy of their assignment, only to have that other student copy it and turn it in, both students are culpable.
In general, for any specific questions you have about why your specific approach to a problem isn't working (and definitely for any post that includes your own code), you should default to posting privately to the course staff on Campuswire. If you have more general questions or comments about assignments that don't include code snippets, please feel encouraged to post publicly on Campuswire and/or to discuss your approach with other members of the class.
If you have any questions about what is or is not proper academic conduct, please ask an instructor. Please note that we are personally willing to pursue cheating cases and have done so in the past. Finally, note that this description of academic honesty is derived in part from policies written by Stuart Kurtz and John Reppy.
Policies About Remote Interactions and Recordings
We expect your interactions via Zoom to be consistent with an in-person class experience. Respect the people you're working with. Enter the Zoom meetings muted if possible (pay careful attention to this if you are calling from a phone), and unmute to speak. Feel free to either interrupt the instructor or raise your hand using the "raise hand" button if you'd like to ask a question or comment on what was said. If you would rather not unmute yourself to ask a question, please feel free to use Zoom's messaging feature to either send the question to the full class ("everyone") or just to whichever of {Blase, David} is not presenting that day. Both instructors will attend all classes, and the instructor who is not presenting will be tasked with asking any questions that come in over the Zoom chat interface.No one is required to have their video on, and you may choose not to do so for any reason, ranging from logistical difficulties to preference.
Note that in the settings page on the Zoom website, you can change the name automatically assigned to your Zoom profile. You don't have to go with whatever was assigned if you prefer a different name. If you have preferred pronouns, you can include them after your last name; you'll see an example of the instructors doing this. If you set a name that can't be easily matched to the name on record with the University, please let us know so that we don't inadvertently disconnect you from the lecture.
Our Zoom class meetings will be recorded and saved to Canvas/Panopto to allow students in this class to review the discussion, and especially to provide access for students who cannot attend lecture synchronously. We do not intend for these recordings to be available to anyone other than class participants, nor available after the quarter. However, we don't have control over what others attending the class will do (e.g., making a recording). If you have FERPA concerns, please mask yourself accordingly (e.g., by turning off video and using an alias).
As the University temporarily transitions to a remote teaching and learning environment, instructors and students have asked for guidance on the recording of course sessions. Instructors have the discretion to record course sessions, except when recording is required to meet the needs of students granted an accommodation by the Office of Student Disability Services. Recordings and transcripts will be made available to students in the relevant course, the instructor, and other necessary University officials. Recordings in which students are personally identifiable will be managed in accordance with the Family Educational Rights and Privacy Act (FERPA).
This time-limited policy has been implemented to effectively deliver a remote education while safeguarding privacy and protecting rights in courses and instructional materials. Below is an acknowledgment for students designed to govern the use of any recordings and provide instructors and students with guidance on the use of instructional materials.
By attending course sessions, students acknowledge that:
A. They will not: (i) record, share, or disseminate University of Chicago course sessions, videos, transcripts, audio, or chats; (ii) retain such materials after the end of the course; or (iii) use such materials for any purpose other than in connection with participation in the course.
B. They will not share links to University of Chicago course sessions with any persons not authorized to be in the course session. Sharing course materials with persons authorized to be in the relevant course is permitted. Syllabi, handouts, slides, and other documents may be shared at the discretion of the instructor.
C. Course recordings, content, and materials may be covered by copyrights held by the University, the instructor, or third parties. Any unauthorized use of such recordings or course materials may violate such copyrights.
D. Any violation of this policy will be referred to the Area Dean of Students.
Wellness
If a personal emergency comes up that might impact your work in the class, please let the instructors know in a Campuswire post visible only to the instructors so that the course staff can make appropriate arrangements. University environments can sometimes be very overwhelming, and all of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful. If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. The University of Chicago's counseling services are here to support you. Consider also reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.If you or someone you know is feeling suicidal or in danger of self-harm, call someone immediately, day or night:
• Student Counseling Urgent Care: (773)702-9800 or in person.
• National Suicide Prevention Lifeline: 1-800-273-8255