Introduction to Computer Security Winter 2021

This course introduces the principles and practice of computer security. It aims to teach you how to model threats to computer systems and how to think like an attacker and a defender. It presents standard cryptographic functions and protocols and gives an overview of threats and defenses for software, host systems, networks, and the Web. It also touches on some of the legal, policy, and ethical issues surrounding computer security in areas such as privacy, surveillance, and the disclosure of security vulnerabilities. The goal of this course is to provide a foundation for further study in computer security and to help you better understand how to design, build, and use computer systems more securely. See the schedule for details.



Course Information

Prerequisites CMSC 15400 or equivalent
Lectures The class will be held asynchronously. However, to encourage discussion, live lectures will be broadcast and recorded 3:00-4:00p Central on Mondays, Wednesdays, and Fridays on Zoom. See our Canvas page for the Zoom link. Attendance at live lectures is optional, but watching the videos is required. Videos will be posted as soon as possible following the broadcast.
Office Hours All office hours will be held in the class Zoom room (the same as for lectures). See our Canvas page for the Zoom link.
  • Mondays 11:00a - 12:00p (David)
  • Mondays 4:00p - 5:00p (TA help with assignments)
  • Tuesdays 9:00a - 10:00a (TA help with assignments)
  • Tuesdays 2:00p - 3:00p (Blase)
  • Wednesdays 8:00a - 9:00a (TA help with assignments)
  • Wednesdays 1:00p - 2:00p (David)
  • Wednesdays 2:00p - 3:00p (TA help with assignments)
  • Wednesdays 5:30p - 6:30p (Blase)
  • Thursdays 5:00p - 6:00p (TA help with assignments)
Textbook We will be using Computer Security and the Internet: Tools and Jewels by Paul van Oorschot. While the book is available in print, we will be referencing the PDFs of the draft chapters available for free from that link.
Coursework The coursework for all students consists of nine assignments and nine short responses to readings (about 2 or 3 paragraphs each). There will be no exams.

In addition, students enrolled in CMSC 33250 must complete a research project and submit reactions to assigned reseach papers. All assignments, reading responses, and projects must be done individually.
Communication We will update the course schedule regularly throughout the course. Assignments will be distributed on Canvas and collected on Gradescope.

We'll use Campuswire for general discussion and questions about course material and assignments.

Please try to keep all course-related communication to Campuswire rather than email. If you need to reach out to the instructors (e.g., pertaining to an illness or other events that might be impacting your performance in class), please make a post on Campuswire visible only to the instructors.
Submission of work All work for the class will be collected on Gradescope.

Reactions to research papers (only 33250 students) will generally be due 11:59pm on Monday evenings. Reading responses (for all students) will generally be due 11:59pm on Tuesday evenings. Assignments (for all students) will generally be due at 11:59pm on Thursday evenings.
Late policy We will accept the nine assignments and nine reading responses up to 24 hours late with a 15 point grade penalty. Assignments more than a day late will not be accepted without a previously approved extension. We will not accept late submissions of reactions to research papers or project-related deliverables (both applicable only to CMSC 33250 students).

Of course, in exceptional circumstances related to personal emergencies, serious illness, wellness concerns, family emergencies, and similar, please make the course staff aware of your situation and we will do our best to find a mutually agreeable solution. We do not consider job interviews or non-emergency travel to be exceptional circumstances.


Your course grade will be calculated as follows:
Undergraduate (CMSC 23200) Graduate (CMSC 33250)
Assignment 1, Assignment 9 10.5% (5.25% each) 6.75% (3.375% each)
Assignments 2-8 80.5% (11.5% each) 54.25% (7.75% each)
Research Project --- 30%
Reading Responses (9) 9% (1% each) 4.5% (0.5% each)
Research Paper Reactions --- 4.5%

P/F Grade Policies

As outlined in UChicago's policy, this course may be taken pass/fail (P/F). Students who wish to take the course pass/fail, instead of for a letter grade, must make a Campuswire post with that request by the end of Week 9. A grade of P will be given to students who would have earned a C- or better in the course if it were taken for a letter grade. Due to the exceptional circumstances of the pandemic, there are special pass/fail policies in place regarding when a class that is taken pass/fail may count toward the computer science major.

Academic Integrity Policies

The University of Chicago has formal policies related to academic honesty and plagiarism, as described by the university broadly and the college specifically. We abide by these standards in this course. Depending on the severity of the offense, you risk being dismissed altogether from the course. All cases will be referred to the Dean of Students office, which may impose further penalties, including suspension and expulsion. If you have any question about whether some activity would constitute cheating, please ask. In addition, we expect all students to treat everyone else in the course with respect, following the norms of proper behavior by members of the University of Chicago community.

Student interactions are an important and useful means to master course material. We encourage you to discuss the material in this class with other students and to form study groups. It is totally acceptable to discuss assignments in general terms, such as discussing and sketching out the general approach to an assignment on a whiteboard (or the virtual equivalent thereof). However, it is not acceptable to show someone else your code, nor to look at someone else's code, even over screensharing. Similarly, it is not acceptable to turn in someone else's writing or code (or fragments thereof) as your own. When the time comes to write down your answer, you should write it down yourself from your own understanding.

Moreover, you must cite any material discussions you had with another student in the course or any written sources you relied on in non-trivial ways when working on an assignment. That is, at the top of each assigment submission, you must include a list of all other students with whom you discussed the assignment and all resources (e.g., URLs of webpages) that influenced your solution. For example, "I discussed this assignment with Jane Smith and John Doe. I consulted" You do not need to cite discussions with the instructors or TAs, nor do you need to cite anything from our course Campuswire page. You also do not need to cite the course textbook, slides, or any other readings/materials we provide to you. If one student "helps" another by giving them a copy of their assignment, only to have that other student copy it and turn it in, both students are culpable.

In general, for any specific questions you have about why your specific approach to a problem isn't working (and definitely for any post that includes your own code), you should default to posting privately to the course staff on Campuswire. If you have more general questions or comments about assignments that don't include code snippets, please feel encouraged to post publicly on Campuswire and/or to discuss your approach with other members of the class.

If you have any questions about what is or is not proper academic conduct, please ask an instructor. Please note that we are personally willing to pursue cheating cases and have done so in the past. Finally, note that this description of academic honesty is derived in part from policies written by Stuart Kurtz and John Reppy.

Policies About Remote Interactions and Recordings

We expect your interactions via Zoom to be consistent with an in-person class experience. Respect the people you're working with. Enter the Zoom meetings muted if possible (pay careful attention to this if you are calling from a phone), and unmute to speak. Feel free to either interrupt the instructor or raise your hand using the "raise hand" button if you'd like to ask a question or comment on what was said. If you would rather not unmute yourself to ask a question, please feel free to use Zoom's messaging feature to either send the question to the full class ("everyone") or just to whichever of {Blase, David} is not presenting that day. Both instructors will attend all classes, and the instructor who is not presenting will be tasked with asking any questions that come in over the Zoom chat interface.

No one is required to have their video on, and you may choose not to do so for any reason, ranging from logistical difficulties to preference.

Note that in the settings page on the Zoom website, you can change the name automatically assigned to your Zoom profile. You don't have to go with whatever was assigned if you prefer a different name. If you have preferred pronouns, you can include them after your last name; you'll see an example of the instructors doing this. If you set a name that can't be easily matched to the name on record with the University, please let us know so that we don't inadvertently disconnect you from the lecture.

