Instructor Patrick McDaniel (mcdaniel 'at' cse.psu.edu)
Location IST 333
Meeting Times W 5:30-8:15pm
Credits 3
Office Hours by appointment

This course will evaluate works in academic and commercial systems security, and will have rudimentary skills in security research. The course begins with an introduction to cryptographic protocols & other security properties of a system, and continues with malware analysis, penetration testing, along with other topics in security. The course will also feature presentations and lab exercises covering actively researched topics in security and privacy including web, network, database, and mobile security. Thus, students will develop their own secure systems and assess existing systems for their security correctness using real world systems, frameworks, and other suitable tools.

Supplemental readings throughout the course will provide students with a general foundation of principles covered in lectures. Each lecture will provide students with specific use cases for the principles learned through the readings. Labs and assigments will allow students to apply the princples themselves.

A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.


We will be referencing the following books:
Computer Security: Principles and Practice - William Stallings, Lawrie Brown
Computer Security: Art and Science - Matt Bishop.

Readings will include academic papers and other texts.


The course will be graded on course projects, presentations, assignments and class participation in the following proportions:

70% Course Projects/Presentations
20% Course Assignments
10% Class Participation

Course Projects/Presentations

This class will require students to develop presentations that provide specific cases related to readings. Class projects will require students to develop labs that applies some security relevant research. These will be graded on correctness, clarity, and effort. The details of the projects will be made in class.

Course Assignments

Assignments will be given throughout the course in the form of problems sets and prerequisites to labs. Details of the assignments will be found on the course schedule.

Class Participation

Course lectures will be driven the contents of papers, textbook chapters, and other readings. However, students are going to be required to participate in discussions during each lecture. Hence, the students ability to exhibit comprehension of material is essential to a passing grade.

Lateness Policy

Assignments are assessed a 10% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

Ethics Statement

This course covers topics in personal and public privacy and security. As part of this investigation we will explore technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

Any instance of sharing or plagiarism, copying, cheating on tests, or other disallowed behavior will constitute a breach of ethics and will result in dismissal from the class with a failing grade.

Students are responsible for reporting any violation of these rules by other students, and failure to constitutes a ethical violation that carries with it similar penalties.

When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor McDaniel.

Course Updates

[09/15/2015] I have put up a preliminary website for the CSE597G course with initial schedule.