CSE543 - Computer Security - Fall 2007

Instructor Trent Jaeger (tjaeger 'at' cse.psu.edu)
TA Ranjit Ganta (ranjit 'at' cse.psu.edu)
Location 265 Willard
Meeting Times T-TH 11:15am-12:30pm
Credits 3
Office Hours Prof. Jaeger, 346A IST: TuW 3-4 or by appointment
Ranjit Ganta, 223A IST: MW 4:45-5:30 or by appointment
Mail-list Angel


This course provides an introduction to computer and network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography, cryptanalysis, and systems security, and continues by covering a number of seminal papers and monographs is a wide range of security areas.

Topics will include network security, authentication, security protocol design and analysis, security modeling, trusted computing, key management, program safety, intrusion detection, DDOS detection and mitigation, architecture/operating systems security, security policy, group systems, biometrics, web security, and other emerging topics.

A detailed list of a lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course calendar.


The course will be graded on exams, a course project, and class participation in the following proportions:

20% Mid-term Exam
15% Other Assignments
10% Summaries and Class Participation
25% Final Exam
30% Course Project


The mid-term and final are closed book and closed note exams to be held outside normal course meetings on pre-designated times during the semester. The exams may include any topic previously covered in lectures or assigned readings. While all topics are fair game for the final exam, it will emphasize material covered since the mid-term. Students who have conflicts with the exam schedule should see Professor Jaeger immediately.

A hint: exam questions will often require students to think beyond or delve deeper into the particulars of lectures and papers. Hence, students who have read and understand all assigned material (and in particular the assigned research papers) will have a much better chance a doing well on the exams. Students who rely exclusively either on the readings or the lectures will almost certainly do poorly. In short, the exams will not ask students to regurgitate facts, but to reason about the field. This requires a deep understanding of the material that cannot be acquired during the exam time.

Other Assignments

Mini-exam We will have a "mini-exam" at the end of the discussion on cryptography and authentication. This will be a closed-book, closed notes test about 40 minutes in length covering the basic principles of cryptography and constructions that can be applied.

Quizzes Quizzes will be given at the beginning of class and will cover topics from the preceding lecture and readings. It is strongly suggested that students do the reading prior to class, as a good percentage of their grade will depend on them. Quizzes missed because of absences cannot be made up unless arrangements are made with the instructor prior to the course meeting.

Problems Short writing or problem assigments will be handed out periodically in class. The content and due dates of these assignements will be decided over the course of the semester. If you cannot attend a lecture, contact other students to see if any assignments have been made.

Course Project

The course project requires the student execute some limited research in security. The chief product of the project will be a conference-style paper. Project topics will be discussed in class as the introductory material is completed. Be realistic about what can be accomplished in a single semester. However, the work should reflect real thought and effort. The grade will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort.

Project teams may include groups of up to four students. I will advise each team independently as needed. The project grade will be a combination of grades received for a number of milestone artifacts and the final project writeup. Details of the milestones and content will be given in class with the other project details.

Class Participation

Class participation focuses on the assigned papers for the class. Each student will be required to submit a summary of the lecture's paper(s) at the beginning of class. During the lecture, we will discuss the paper, focusing on the concepts discussed earlier in the class. Students are required to participate in discussions of the paper during each lecture. Ultimately, the students' ability to exhibit comprehension of papers is essential to a passing grade.

Lateness Policy

Assignments and project milestones are assesed a 10% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with letgitmate reasons who contact the professor before the deadline may apply for an extension.

Required Texts

Most of the course readings will come from seminal papers in the field. Links to these papers will be provided on the course pages as the assignments are made. The following book is also required for the course.

The following are also recommended:

Course Outline

The course focuses on the study of computer and network security. The lectures begin with basic topics and terminology in computer security. Subsequent lectures will cover a broad range of topics in depth. These latter topics will largely be introduced through class readings. Students should complete readings before the lecture, as the discussion will be directed by the paper contents.

A rough outline of the class is as follows:

  1. Introduction
    1. Security, Threats, and Vulnerabilities
    2. Security Models
    3. Cryptography and Cryptanalysis
  2. Security Basics and Theory
    1. Authentication
    2. Protocols
    3. Access Control
  3. Computer Security
    1. Vulnerabilities
    2. OS Security
    3. Integrity and Secrecy
    4. Trusted Computing
    5. Programming Language Security
  4. Network Security
    1. IP Security
    2. Firewalls
    3. IPsec/VPNs
    4. Worms
    5. DDOS
  5. Special Topics
    1. Web Security
    2. Linux Security
    3. Virtual Machine Security
    4. Mobile Phone Security

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Jaeger.

CSE 543 - Fall 2007

Last modified: Tu Aug 15 12:34:04 EDT 2007