Rice University logo
Top blue bar image COMP 427: Introduction to Computer Security
Course web page for Comp427

Course Syllabus


Comp427 / Comp541: Introduction to Computer Security

Prof. Dan Wallach, Spring 2018, Rice University

This elective course covers a wide variety of topics in computer security, including hands-on experience with breaking software and engineering software to be harder to break. For example, students will perform buffer overflow attacks and exploit web application vulnerabilities, while also learning how to defend against them. Grades will be based on homeworks, projects, and a final exam.

We’ll be using Piazza for a variety of class management functions. Assignment clarifications and help will often appear on Piazza. If you’ve got a question, go there first and see if somebody else hasn’t already answered it.

First, please fill out this brief survey. https://goo.gl/forms/BAKR2usmBgs18hGP2


The optional text for this class is Security Engineering, 2nd Edition by Ross Anderson.  On that page, you’ll notice that the second edition of the book is online, gratis.  You might still want to buy a copy, but you don’t need to. You may also enjoy Steve Bellovin’s new book, Thinking Security.

We’re not going to talk too much about cryptography except a bit at the beginning, but when we do, another optional text for this class is The Handbook of Applied Cryptography by Menezes, van Oorschot and Vanston.  It’s also available online, gratis. You don’t need to buy this book.


Comp310 and Comp321, or consent of the instructor.

Lecture schedule

See the course schedule page. If we need to make last-minute changes, you’ll also see a message on Piazza.  Class meets in Duncan Hall, room 1070, Tuesday and Thursday from 10:50am-12:05pm.  Please be on time.  Make-up classes will happen when necessary and there will be announcements on Piazza. Due to Dr. Wallach’s crazy travel schedule, there will be a number of guest lecturers as well as some experimental “class flipping” (e.g., watch a video in advance, then show up in class for a lab exercise based on the video).


Any student with a documented disability needing academic adjustments or accommodations is requested to speak with me during the first two weeks of class. All discussions will remain confidential. Students with disabilities should also contact Disabled Student Services in the Ley Student Center.

Office Hours

Office hours will be posted on Piazza, and will grow as necessary. Please pay attention to Piazza for postings.

Grading Policies

There are three things in Comp427 that will contribute to your final grade: homeworks, projects, and a final exam. (There will be no midterm exam.)

There will be five homeworks during the semester that will count for 30% of your course grade. Unless otherwise noted, you are free to discuss the problems and your general approach with other students in the class. However, the answers you turn in must be your own original work, and you are bound by the Honor Code. Please start early and attend your lab section for important instructions and extra help.

There will be five projects during the semester that will count for 40% of your course grade. Unless otherwise indicated, you must work in a team of two. (Teams of three will not be accepted. If you want to work solo, we strongly discourage you, but we’ll allow it if necessary.) You may consult general reference material, but you may not collaborate outside your team . The material you turn in must be entirely your team’s work, and you are bound by the Honor Code(see also “honor code issues”, below). Please start early and attend office hours, as necessary, for assistance.

The final exam will cover the remaining 30% of your grade for the class.

Grades will be posted to Canvas as soon as they’re available. If you see a problem with your grade, here’s the process for resolving it.

  • If there’s a minor issue that requires correction (e.g., the grader failed to notice a second page of your submission, or clearly gave you somebody else’s grade), then you may contact your grader.
  • If you disagree with your grader’s interpretation of your work in any substantive way, then you may dispute your grade to Dr. Wallach. The window for protesting a grade is precisely seven days from when you receive that grade. Your protest must be sent as an email to Dr. Wallach include all necessary materials for Dr. Wallach to resolve your grade. If inadequate information is present in the email to convince Dr. Wallach, then your protest will be declined. The email subject line must start with “Comp427 grade dispute, “ followed by the homework or project number (e.g., “Comp427 grade dispute, project 3”).
  • Any disputes sent to the graders will be ignored.

Based on your final weighted average, we will assign letter grades as follows:

  • [80,83) is a B-, [83,87) is a B, [87,90) is a B+, [90,93) is an A-, etc.
  • We might curve up. We won’t curve down.

The “You Flake, You Fail” Policy: Mostly, when two students agree to work as partners, everything works great. Occasionally, partners become unresponsive. Emails aren’t returned. Schedules are slipped. Promised work isn’t delivered. If your partner is flaking on you, please let us know ASAP. We’ll email them and try to resolve the situation. If we conclude that they’re not behaving responsibly, we will give them an immediate F in the course. We may also, on occasion, offer a non-equal assignment of points, where the “non-flaking” partner earns a higher score and the “flaking” partner earns a lower score, commensurate with their respective efforts.

Late Policy

Due to the tight scheduling of this class, there is truly no room for slack. Late work is simply not accepted. Period. In some cases, we will ask you to submit materials to Canvas. In other cases, we will ask you to submit materials through GitHub. Email attachments, zip files, and so forth are not accepted.

If you see a looming time conflict, such as a job interview or other off-campus activity, and you tell us in advance, we’ll do our best to accommodate you. We will deny all extension requests made after the submission deadline.

Note that the Rice General Announcements state: “No student should be given an extension of time or opportunity to improve a grade that is not available to all members of the class, except for verified illness or justified absence from campus.” They don’t give a hard a fast definition of a “verified illness or justified absence”, but we interpret this to mean that you provide a written note from a doctor, nurse, or other medical provider.

Ethics, Law, and University Policies Warning

To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in Comp427 is that you must respect the privacy and property rights of others at all times, or else you will fail the course.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. If in doubt, we can refer you to an attorney.

Please review the university’s policy on Responsible Use of Information Resources for guidelines concerning proper use of information technology at Rice. As members of the university, you are required to abide by these policies.

Honor Code Issues

Collaboration: We wish to provide a nurturing environment for everyone enrolled in the course. However, acts of cheating and unacceptable collaboration will be reported to the Honor Council, as appropriate. Cheating is when you copy, with or without modification, someone else’s work that is not meant to be publicly accessible. Unacceptable collaboration is the knowing exposure of your own exam answers, project solutions, or homework solutions, or the use of someone else’s answers or solutions.

At the same time, we encourage students to help each other learn the course material. As in most courses, there is a boundary separating these two situations. You may give or receive help on any of the concepts covered in lecture. You are allowed to consult with other students about the conceptualization of a project, or the general approach for solving problems. However, all written work, whether in scrap or final form, must be done by you (or your project partner where applicable).

If you’re looking for a simple metric to assist you, it’s this: if you put your computers and code print-outs away, out of reach, and you want to discuss things around a whiteboard, that’s fine. If your actual code is visible in any way, that’s not acceptable.

If you have any questions as to what constitutes unacceptable collaboration or exploitation of prior work, please talk to an instructor right away. You are expected to exercise reasonable precautions to protect your own work, including not posting solutions publicly.