Instructor Trent Jaeger (tjaeger 'at' cse.psu.edu)
TAs Farshid Farhat (fuf111 'at' psu.edu)
Location 165 Willard
Meeting Times TuTh 4:15pm-5:30pm
Credits 3
Office Hours Prof. Jaeger: Tu 1-2p, W 1-2p, 346A IST Farshid Farhat: W 2-3p, Fr 11a-12p, 338E IST


This course provides an introduction to the theory and application of security in computer and network environments. Students will develop the skills necessary to formulate and address the security needs of enterprise and personal environments. The course will begin by describing the goals and mechanisms of security as motivated by recent incidents and seminal works in the area. Latter topics will cover cryptography, authentication, secure programming, security in operating systems, network security, secure storage, access control, denial-of-service, and file systems, and conclude with emerging trends in secure systems design. Course projects will focus on the application of security tools to real world problems.

A detailed list of a lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course calendar.


The course will be graded on exams, a course project, and class participation in the following proportions:

20% Mid-term exam
35% Course Projects
30% Final exam
15% Quizzes and Class Participation

Exams and Course Projects

The mid-term and final are closed book exams to be held outside normal course meetings on pre-designated times during the semester. The exams may include any topic previously covered in lectures or assigned readings. While all topics are fair game for the final exam, it will emphasize material covered since the mid-term. Students who have conflicts with the exam schedule should see the course instructors immediately.

A hint: exam questions will often require students to think beyond or delve deeper into the particulars of lectures and papers. Hence, students who have read and understand all assigned material will have a much better chance a doing well on the exams. Students who rely exclusively either on the readings or the lectures will almost certainly do poorly. In short, the exams will not ask students to regurgitate facts, but to reason about the field. This requires a deep understanding of the material that cannot be acquired during the exam time.

Short applied projects will be assigned periodically in class. The content and due dates of these assignments will be decided over the course of the semester. If you cannot attend a lecture, contact other students to see if any assignments have been made.

Lateness Policy

All milestones are assesed a 20% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with legitmate reasons who contact the professor before the deadline may apply for an extension.

Quizzes and Class Participation

Students are going to be required to participate in discussions of the reading content during each lecture. Hence, the students ability to exhibit comprehension of the readings is essential to a passing grade.

There will be occasional quizzes to test the students knowledge on key points and practice for the exams. These will be short quizzes, about 10 minutes, at the start of the class. I plan to announce these about one week prior.

Required Texts

Most of the course readings will come from the following required textbook:

Academic Integrity Policy

Students are required to follow the university guidelines on academic conduct at all times. Students failing to meet these standards will automatically receive a 'F' grade for the course. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign the 'F' grade and refer the student to the appropriate University bodies for possible further action.

Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Jaeger.

Course Updates