CSC-405 Computer Security

Course Details

CourseCSC-405-001 Computer Security
Meeting Location00135 BTEC
Meeting TimesMo/We 8:30AM - 9:45AM
Credits3
InstructorsAleksandr Nahapetyan
Emailanahape at ncsu.edu
Office HoursBy appointment
TASohom Datta
TA office hoursHackpack Meeting (Friday 4:30pm, EB2 1226)

Course Resources

You can find the class schedule and all slides from the lectures here.
We will use Ed(stem) for our communication.
The recorded lectures will be available here.

Course Prerequisites/Corequisites

The course has the following recommended corequisites:
CSC236 - Computer Organization and Assembly Language for Computer Scientists
CSC246 - Concepts and Facilities of Operating Systems for Computer Scientists

Informal: You need to understand (1) the basics of C and memory management, (2) modern operating systems (e.g., Linux), (3) the basics of systems theory and implementation (e.g., file systems, distributed systems, networking, system calls, etc.). If you do not have a basic understanding of these areas, you will have difficulty with the course. If you have questions regarding these prerequisites, please get in touch with the instructor.

Course Overview

In this class, we explore several aspects of computer security with the goal of understanding the attacker’s mindset. The class will help students to develop a foundation and a well-rounded view of software and web vulnerabilities. We will cover some of the fundamental attack/defense techniques and ongoing research activities in a number of topics in software and web security.

Textbooks and Reading Material

This course has no formal textbook. The course readings will come from online book chapters, seminal papers, and other informative sources.

Here are some useful online books that provide additional information:

Student Learning Outcomes

By the end of this course, students will be able to:

  • Understand in depth software and web vulnerabilities
  • Craft attacks against known software and web vulnerabilities in a contained environment
  • Understand what defense mechanisms exist against software and web attacks, how they work and why some of them fail against the most advanced attack techniques
  • Design systems and software with security in mind

Course Structure and Grading

The course will consist of several homework assignments that contribute to the final grade in the following proportions:

75%Homework Assignments
25%HackPack CTF challenges

The final letter grade will be based on the final percentage as follows:

A+ <= 97% < A <= 93% < A- <= 90% <
B+ <= 87% < B <= 83% < B- <= 80% <
C+ <= 77% < C <= 73% < C- <= 70% <
D+ <= 67% < D <= 63% < D- <= 60% < F

REG 02.50.03 (Grades and Grade Point Average) describes the grade point interpretation of letter grades.

Homework Assignments

The instructor will assign homework assignments on a periodic basis for topics associated with the class assignments. These assignments require the students to write, program, or perform other basic research. The content and due dates of these assignments will be decided over the course of the semester and will be announced on Ed.

For the homework assignments where we will provide a remote server for you to work on, you will be required to access (successfully connect) to the homework servers one week before the deadline.

Course Schedule

See the course schedule. Note that the schedule is subject to change as the semester evolves.

Late Policy

No late assignments will be accepted. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

Attendance Policy

All lectures will be recorded and available online for this class. Students are expected to attend all lectures.

Academic Integrity Policy

The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct, or from the following URL.

The instructor expects honesty in completing tests and assignments. The instructor has a zero-tolerance policy for violations of academic integrity. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so students must use their best possible judgment in meeting this policy. On the discovery of an offense, the instructor will assign the ‘F’ grade and refer the student to the appropriate University bodies for possible further action. It is the understanding and expectation of the instructor that the student’s signature on any test or assignment means that the student neither gave nor received unauthorized aid.

Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project (the instructor may provide exceptions). Also, students are forbidden from discussing or collaborating on any assignment except where explicitly allowed in writing by the instructor.

GenAI usage policy

Students are welcome to use GenAI tools to explain different mechanisms behind exploits, with the understanding that, for low-level programming questions (memory layout, shellcode mistakes, syscall setups in assembly), these systems may produce wildly incorrect answers. Students MAY NOT submit LLM-generated write-ups, and should be able to explain the exploits submitted for homework independently.

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.

University Policies

Academic Integrity and Honesty

Students are required to comply with the university policy on academic integrity found in the Code of Student Conduct. Therefore, students are required to uphold the university pledge of honor and exercise honesty in completing any assignment.

Please refer to the Academic Integrity web page for a detailed explanation of the University’s policies on academic integrity and some of the common understandings related to those policies.

Students may be required to disclose personally identifiable information to other students in the course, via electronic tools like email or web-postings, where relevant to the course. Examples include online discussions of class topics and posting of student coursework. All students are expected to respect the privacy of each other by not sharing or using such information outside the course.

Students are responsible for reviewing the NC State University PRR’s which pertains to their course rights and responsibilities:

Students with Disabilities

Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with the Disability Resource Office at Holmes Hall, Suite 304,Campus Box 7509, 919-515-7653 . For more information on NC State’s policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG02.20.01)

Trans-Inclusive Statement

In an effort to affirm and respect the identities of transgender students in the classroom and beyond, please contact me if you wish to be referred to using a name and/or pronouns other than what is listed in the student directory.

Basic Needs Security

Any student who faces challenges securing their food or housing or has other severe adverse experiences and believes this may affect their performance in the course is encouraged to notify the professor if you are comfortable in doing so. Alternatively, you can contact the Division of Academic and Student Affairs to learn more about the Pack Essentials program https://dasa.ncsu.edu/pack-essentials/

Course Evaluation

ClassEval is the end-of-semester survey for students to evaluate the instruction of all university classes. The current survey is administered online and includes 12 closed-ended questions and 3 open-ended questions. Deans, department heads, and instructors may add a limited number of their own questions to these 15 common-core questions. Each semester students’ responses are compiled into a ClassEval report for every instructor and class. Instructors use the evaluations to improve instruction and include them in their promotion and tenure dossiers, while department heads use them in annual reviews. The reports are included in instructors’ personnel files and are considered confidential. Online class evaluations will be available for students to complete during the last two weeks of the semester for full-semester courses and the last week of shorter sessions. Students will receive an email directing them to a website to complete class evaluations. These become unavailable at 8 am on the first day of finals.

Syllabus Modification Statement

Our syllabus represents a flexible agreement. It outlines the topics we will cover and the order we will cover them in. Dates for assignments represent the earliest possible time they would be due. The pace of the class depends on student mastery and interests. Thus minor changes in the syllabus can occur if we need to slow down or speed up the pace of instruction.