CMPSC 443:  Introduction to Computer Security (tentative)

Instructor Information



Sencun Zhu 






Westgate W370

Office Hours

T, R, 11:00-12:00


Lunpin Yuan,,

Office hours:M 4:30-5:30pm,W 10-11am, @Westgate W361

Class Meeting Times/Location  

T, TH,  4:35 - 5:50PM / 103 Leonhard Bldg.

Course Webpage




CMPSC 473, CMPEN 362, or permission of the instructor

Course materials:   


Mark Stamp: Information Security Principles and Practice, 2nd edition. (e-textbook available through PSU library)


-- William Stallings, Cryptography and Network Security, 4/E, Prentice Hall, ISBN-10:0131873164
-- Slides and papers (TBA)



CMPSC 443 focuses on computer security. Students will learn fundamentals of computer security, formal models of security, aspects of information systems security such as access control, hacks/attacks, systems and programs security, intrusion detection, cryptography, networks and distributed systems security, worms, and viruses, and other Internet secure applications. Students will develop the skills necessary to formulate and address the security needs of enterprise and personal environments. 

Course schedule including lecture contents and reading assignments is listed below. Homework and lab assignment due dates will be available on Canvas.




Reading Assignment

Week 1

Course Introduction & Overview & Basic Concept (I)

Ch. 1

Week 2

Basic Concept (II) & Crypto Basics

Ch. 1

Week 3

Crypto Basics

Ch. 2

Week 4

Symmetric Key Crypto

Ch. 3

Week 5

Public Key Crypto

Ch. 4

Week 6

Hash Functions

Ch. 5

Week 7

Authentication Protocols and Real-world Security Protocols (SSL, SSH)

Ch. 9 and Ch.10

Week 8

Real-world Security Protocols (Kerberos, block chain, bitcons, WEP/WPA2)

Ch. 10

Week 9

Spring Break

Week 10

Network Attacks and Midterm (03/13)

Week 11

Buffer Overflow

Ch. 11

Week 12

User Authentication

Ch. 7

Week 13

Access control and Authorization

Ch. 8

Week 14

Web Security


Week 15

Intrusion Detection System and Firewalls

Ch. 8

Week 16

Malicious Software

Ch. 11

Week 17

 Final Exam (Date TBD)



Course Objective

Upon completion of the course, the students will be able to:

  • Develop an understanding of information systems security practiced in computer operating systems, distributed systems, networks and representative applications. 
  • Gain familiarity with prevalent network and distributed system attacks, defenses against them, and forensics to investigate the aftermath. 
  • Develop a basic understanding of cryptography, how it has evolved, and some key techniques used today. 
  • Develop an understanding of security policies (such as authentication, integrity and confidentiality) as well as protocols to implement such policies in the form of message exchanges. 

Assignments and Exams

  • 5 Homework: Homework should be submitted in hard copy only except otherwise specified by the instructor.
  • 2 Exams: One midterm and one final exam. There will be NO make-up examinations unless an official excuse (document) is submitted and pre-approved by the instructor. The exams are NOT accumulative.
  • 6 Labs: The first three labs are individual labs, and the last three are for team of size 2. Each lab includes a report. The submission of each report has a due day (see the course calendar). The reports are due to canvas. The labs are from the SEED labs.
  • Late Policy: For most assignments (including homework or lab reports), starting right after the required submission date, 10% of the grade will be deducted per day up to four days. NO points will be given to submissions more than four days late. For homework assignments due right before the exams, there will be no late submission as we will publish the solutions soon after. A documented chronic condition which could affect this policy must be immediately brought to the attention of the instructor. 
  • Attendance Policy: Attendance of students to all classes is required unless the cases mentioned blow. 5% of the total grade will be based on attendance and the level of participation. 

Class attendance is one of the most important ways students learn and understand course materials. It is a critical element of student success. Class attendance recognizes on exceptional occasions, students may miss a class meeting to participate in a regularly scheduled university-approved curricular or extracurricular activity (such as Martin Luther Kingís Day of Service, field trips, debate trips, choir trips, and athletic contests), or due to unavoidable or other legitimate circumstances such as illness, injury, military service, family emergency, religious observance or post-graduate, career-related interviews when there is no opportunity for students to re-schedule these opportunities (such as employment and graduate school final interviews.)

In all cases, students should inform the instructor in advance, where possible, and discuss the implications of any absence. Missing class, even for a legitimate purpose, may mean there is work that cannot be made up, hurting the studentís grade in the class. Likewise, students should be prepared to provide documentation for participation in University-approved activities, as well as for career-related interviews, when requested by the instructor. Students who will miss a class in accordance with Senate Policy 42-27, should present a class absence form ( ).


The course will be graded on exams, a course project, and class participation in the following proportions:

  • 24% Mid-term exam (closed book)
  • 24% Final exam  (closed book)
  • 27% Five hands-on labs (4.5% each)
  • 20% Five homework assignments (4% each)
  • 5%   Class Participation

Final letter grades will be computed based on the following percentages:


A:   ≥92%

B+:  ≥84%

C+:  ≥70%

D:   ≥ 60%

A-:  ≥88%

B:    ≥ 80%

C:     ≥65%

F:    <60%


B-:   ≥ 75%



Additional Policies and Ethics Statement

Ethics Statement on the Use of Technology: This course includes topics involving personal and public privacy and security. We will cover technologies whose abuse may infringe on the rights of others. Especially, the hands-on labs may contain practical techniques for launching security attacks, although we will practice them in our isolated lab. Note that our purpose is to know the attacks and defend against them. Any abuse of such technology is at your own risk and responsibility. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class. When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Sencun Zhu.



Academic Integrity Statement: The University defines academic integrity as the pursuit of scholarly activity in an open, honest and responsible manner. All students should act with personal integrity, respect other students' dignity, rights and property, and help create and maintain an environment in which all can succeed through the fruits of their efforts (refer to Senate Policy 49-20. Dishonesty of any kind will not be tolerated in this course. Dishonesty includes, but is not limited to, cheating, plagiarizing, fabricating information or citations, facilitating acts of academic dishonesty by others, having unauthorized possession of examinations, submitting work of another person or work previously used without informing the instructor, or tampering with the academic work of other students. Students who are found to be dishonest will receive academic sanctions and will be reported to the University's Office of Student Conduct for possible further disciplinary sanctions (refer to Senate Policy G-9).


Accessibility Statement: Penn State welcomes students with disabilities into the Universityís educational programs. Every Penn State campus has an office for students with disabilities. The Student Disability Resources Web site provides contact information for every Penn State campus. For further information, please visit the Student Disability Resources Web site.


In order to receive consideration for reasonable accommodations, you must contact the appropriate disability services office at the campus where you are officially enrolled, participate in an intake interview, and provide documentation. If the documentation supports your request for reasonable accommodations, your campusís disability services office will provide you with an accommodation letter. Please share this letter with your instructors and discuss the accommodations with them as early in your courses as possible. You must follow this process for every semester that you request accommodations.


Counseling & Psychological Services (CAPS) Statement:  Students who experience personal issues that interfere with their academic performance, social development or satisfaction at Penn State are encouraged to seek confidential assistance from Counseling and Psychological Services (CAPS) Center (  They can be reached at (814) 863-0395.  Some of the more common concerns they can help with include anxiety, depression, difficulties in relationships (friends, roommates, or family); sexual identity; lack of motivation or difficulty relaxing, concentrating or studying; eating disorders; sexual assault and sexual abuse recovery; and uncertainties about personal values and beliefs.  Crisis intervention is available from Centre County CAN HELP ( at 1-800-643-5432, 24 hours a day, seven days a week.


Education Equity Reporting Statement: Students who experience themselves or observe any act of intolerance or bias may file a report through Penn Stateís Educational Equity Office:




This course includes some slides borrowed from Professor Patrick McDaniel (CSE/PSU), Alexandra Boldyreva (CS/GIT), Peng Ning (CS/NCSU) and labs from Professor Kevin Du (Syracuse University). Many thanks.