Rice University logo
 
Top blue bar image COMP 427: Introduction to Computer Security
Course web page for Comp427
 

Course Syllabus

 

Comp427 / Comp541: Introduction to Computer Security

Profs. Nathan Dautenhahn and Dan Wallach, Spring 2022, Rice University

This elective course covers a wide variety of topics in computer security, including hands-on experience with breaking software and engineering software to be harder to break. For example, students will perform buffer overflow attacks and exploit web application vulnerabilities, while also learning how to defend against them. Grades will be based on homeworks, projects, and quizzes.

We’ll be using Piazza for a variety of class management functions. Assignment clarifications and help will often appear on Piazza. If you’ve got a question, go there first and see if somebody else hasn’t already answered it.

First, there are two forms for you to fill out, which you can find on Canvas. Of course, you must also register for the class with the university.

Texts

The optional text for this class is Security Engineering, 3nd Edition by Ross Anderson.  On that page, you’ll notice that  some chapters of the third edition, and all of the second edition of the book is online, gratis.  You might still want to buy a copy, but you don’t need to. You may also enjoy Steve Bellovin’s book, Thinking Security.

We’re not going to talk too much about cryptography except a bit at the beginning, but when we do, another optional text for this class is The Handbook of Applied Cryptography by Menezes, van Oorschot and Vanston.  It’s also available online, gratis. You don’t need to buy this book.

Pre-requisites

Comp310 and Comp321, or consent of the instructor.

Lecture schedule

We’ll be updating the exact agenda as the semester goes on and it will appear in our course slides. If we need to make last-minute changes, you’ll also see a message on Piazza.  Due to COVID-19, class (at least initially) meets exclusively on Zoom (the link will be posted on Canvas). Lectures will be recorded and links will be made available to you either through Piazza or Canvas.

Accommodations

Any student with a documented disability needing academic adjustments or accommodations is requested to speak with me during the first two weeks of class. All discussions will remain confidential. Students with disabilities should also contact Disabled Student Services in the Ley Student Center.

Office Hours

Office hours will be posted on Piazza, and will grow as necessary. Please pay attention to Piazza for postings.

Grading Policies

There are three things in Comp427 that will contribute to your final grade: homeworks, projects, and quizzes. (There will be no exams.)

There will be five homeworks during the semester that will count for 30% of your course grade. Unless otherwise noted, you are free to discuss the problems and your general approach with other students in the class. However, the answers you turn in must be your own original work, and you are bound by the Honor Code. Please start early.

There will be four or five projects during the semester that will count for 40% of your course grade. Unless otherwise indicated, you must work in a team of two. (Teams of three will not be accepted. If you want to work solo, we strongly discourage you, but we’ll allow it if necessary.) You may consult general reference material, but you may not collaborate outside your team . The material you turn in must be entirely your team’s work, and you are bound by the Honor Code (see also “honor code issues”, below). Please start early and attend office hours, as necessary, for assistance.

Normally, we would have a final exam, but because of COVID, we’re instead going to have “weekly quizzes”, posted on Canvas. They’ll generally be posted on a Friday, available through the weekend, and you’ll have an hour once you start to complete each quiz. You will do each quiz on your own and will not communicate about the quiz with any other student until every student has completed the quiz. Not every week will have a quiz. Collectively, the quizzes will be worth 30% of your grade. Your lowest quiz score will be dropped.

Grades will be posted to Canvas as soon as they’re available. If you see a problem with your grade, here’s the process for resolving it.

  • If there’s a minor issue that requires correction (e.g., the grader failed to notice a second page of your submission, or clearly gave you somebody else’s grade), then you may contact your grader.
  • If you disagree with your grader’s interpretation of your work in any substantive way, then you may dispute your grade to Profs. Wallach and Dautenhahn. The window for protesting a grade is precisely seven days from when you receive that grade. Your protest must be sent as an email to Wallach and Dautenhahn, including all necessary materials for them to resolve your grade. If inadequate information is present in the email to convince them, then your protest will be declined. The email subject line must start with “Comp427 grade dispute, “ followed by the homework or project number (e.g., “Comp427 grade dispute, project 3”).
  • Any disputes sent to the graders will be ignored.
  • Any disputes without the required subject line might be missed or forgotten.

Based on your final weighted average, we will assign letter grades as follows:

  • [80,83) is a B-, [83,87) is a B, [87,90) is a B+, [90,93) is an A-, etc.
  • We might curve up. We won’t curve down.

Partnering Policies

For your projects, you will work with a partner. We will allow you to pick anybody in the class to be your partner, and we will assist you to ensure that you’re working with a partner in a timezone that’s compatible with your own. You may wish to use Piazza to help you if you cannot find somebody. We have no problem when one partner is an undergraduate and another is a masters student. In the event that we have an odd number of students, we’re willing to have a single grouping of three students, where the last person unpartnered tells us as much as we’ll help them join a group. You may not unilaterally declare yourself to operate in groups larger than two.

The “You Flake, You Fail” Policy: Mostly, when two students agree to work as partners, everything works great. Occasionally, partners become unresponsive. Emails aren’t returned. Schedules are slipped. Promised work isn’t delivered. If your partner is flaking on you, please let us know ASAP. We’ll email them and try to resolve the situation. If we conclude that they’re not behaving responsibly, we will give them an immediate F in the course. We may also, on occasion, offer a non-equal assignment of points, where the “non-flaking” partner earns a higher score and the “flaking” partner earns a lower score, commensurate with their respective efforts.

Late Policy

Due to the tight scheduling of this class, there is truly no room for slack. Late work is simply not accepted. Period. In some cases, we will ask you to submit materials to Canvas. In other cases, we will ask you to submit materials through GitHub. Email attachments, zip files, and so forth are not accepted.

If you see a looming time conflict, such as a job interview or other off-campus activity, and you tell us in advance, we’ll do our best to accommodate you. We will deny all extension requests made after the submission deadline.

Of course, in the age of the COVID-19 pandemic, we understand that crazy things happen. We’ll do our best to accommodate your needs, but please do your best to keep us informed about your situation.

Ethics, Law, and University Policies Warning

To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in Comp427 is that you must respect the privacy and property rights of others at all times, or else you will fail the course.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. If in doubt, we can refer you to an attorney.

Please review the university’s policy on Responsible Use of Information Resources for guidelines concerning proper use of information technology at Rice. As members of the university, you are required to abide by these policies.

Honor Code Issues

Collaboration: We wish to provide a nurturing environment for everyone enrolled in the course. However, acts of cheating and unacceptable collaboration will be reported to the Honor Council, as appropriate. Cheating is when you copy, with or without modification, someone else’s work that is not meant to be publicly accessible. Unacceptable collaboration is the knowing exposure of your own exam or quiz answers, project solutions, or homework solutions, or the use of someone else’s answers or solutions.

At the same time, we encourage students to help each other learn the course material. As in most courses, there is a boundary separating these two situations. You may give or receive help on any of the concepts covered in lecture. You are allowed to consult with other students about the conceptualization of a project, or the general approach for solving problems. However, all written work, whether in scrap or final form, must be done by you (or your project partner where applicable).

If you’re looking for a simple metric to assist you, it’s this: if you put your computers and code print-outs away, out of reach, and you want to discuss things around a whiteboard, that’s fine. If your actual code is visible in any way, that’s not acceptable for homeworks and projects. For quizzes, you should take the quiz without any assistance from any other person. Specific rules for each quiz (e.g., whether you’re allowed to use external resources) will be specified as part of the each quiz.

If you have any questions as to what constitutes unacceptable collaboration or exploitation of prior work, please talk to an instructor right away. You are expected to exercise reasonable precautions to protect your own work, including not posting solutions publicly.