Course Introduction to Computer and Network Security
Instructor Prof. Patrick McDaniel (mcdaniel 'at' cse.psu.edu)
TA Bo Zhao (buz107 'at' psu.edu)
Location 258 Willard
Meeting Times T-TH 4:15pm-5:30pm
Credits 3
Office Hours Prof. McDaniel: by appointment

This course provides an introduction to computer and network security. Students successfully completing this class will be able to perform basic security analysis and will have rudimentary skills in applying security technology. Topics covered include network security, authentication, security protocol design and analysis, security modeling, key management, intrusion detection, DDOS detection and mitigation, architecture/operating systems security, security policy, web security, and other emerging topics as time permits. A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.

Most of the course readings will come from lectures and the course textbook:


The course will be graded on exams, course assignments, and class participation in the following proportions:

35% Course Assignments
25% Mid-term Exam
30% Final Exam
10% Class Participation


The instructor will assign homework assignments on a periodic basis for topics associated with the class assignments. These assignments require the students to program or perform other basic research. The content and due dates of these assignments will be decided over the course of the semester. If you cannot attend a lecture, contact other students to see if any assignments have been made and consult the syllabus.

Note: all assignments are to be completed be each student independently. Any collaboration not explicitly allowed by Prof. McDaniel is a violation of the class rules and will result in dismissal from the class and an assignment of an 'F' grade. Please review the Academic Integrity Policy below for more information.

Class Participation

Course lectures will be partially driven by the contents of assigned reading and course slides. Students are going to be required to participate in discussions content during each lecture. Hence, the students ability to exhibit comprehension of assigned reading and preparation materials is essential to a passing grade.

Lateness Policy

Assignments and project milestones are assessed a 10% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

Academic Integrity Policy

Students are required to follow the university guidelines on academic conduct at all times. Students failing to meet these standards will automatically receive a 'F' grade for the course--no second chances or explanations will be accepted. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign the 'F' grade and refer the student to the appropriate University bodies for possible further action.

Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor McDaniel.

Course Updates

[05/04/2009] I have added the in class firewall exercise and its solution to the course web site. You should use these to study for the final.

[05/03/2009] I have added a page containing the classes ABCs of Security. Changes or updates are welcome.

[04/29/2009] The is an update to the final assignment (assignment #5) available. This corrects an error in the program that would make the exploitation of the buffer overflow much, much harder.

[04/20/2009] The final assignment (assignment #5) is now available on the course webpage. Note that this project is due at 8:0am the morning of the final exam. There will be no late extensions.

[03/28/2009] There is an update to assignment #4 which specifies more detail on collecting strace output.

[03/22/2009] Assignment #4 is available here. This requires a Linux host to complete, so contact the professor if you do have access to an appropriate system.

[02/24/2009] Assignment #3 is available here. This assignment make take some time, so you should allocate due time to it.

[01/16/2009] Assignment #2 is available here. You should receive your grades for assignment #1 by the end of next week.

[01/16/2009] An updated version of assignment #1 is available here. This updated version contains test inputs you can use to validate your program.

[01/04/2009] The course schedule is now set with lecture topics, mid-term, assignment due dates and readings. Students should review the schedule and plan the semester accordingly. Of particular note are the assignments, which will take about 20-40 hours per assignment and generally will become deeper and more difficult as the semester progresses.

[01/02/2009] Welcome to cmpsc443 - introduction to computer and network security! The class website is now setup. Students are encouraged to review its contents and start reading the text book before the first day in class.