Instructor Trent Jaeger (tjaeger 'at' cse.psu.edu)
Location 118 EES Bldg
Meeting Times T-TH 11:15am-12:30pm
Credits 3
Office Hours Prof. Jaeger: by appointment

This course provides a graduate-level introduction to computer and network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography, cryptanalysis, and systems security, and continues by covering a number of seminal papers and monographs in a wide range of security areas.

Topics covered include network security, authentication, security protocol design and analysis, security modeling, trusted computing, key management, program safety, intrusion detection, DDOS detection and mitigation, architecture/operating systems security, security policy, group systems, biometrics, web security, and other emerging topics. A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.

Most of the course readings will come from seminal papers in the field. Links to these papers will be provided on the course pages. In addition, the following book will be used for readings and as reference material.


The course will be graded on exams, quizzes, assignments, projects, and class participation in the following proportions:

40% Projects and Quizzes and Reviews
20% Mid-term Exam
30% Final Exam
10% Class Participation

Course Projects

There will be a few (two or three) small projects, and one course project at the end of the semester. The course project will focus on securing a particular software component in a deployment. The chief product of the project will be a conference style paper describing the experiment of securing the component. The grade will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort.

Projects will be performed in teams whose size will be determined based on the class size. I will advise each team independently as needed. The project grade will be a combination of grades received for a number of milestone artifacts and the final project write-up. Details of the milestones and content will be given in class with the other project details.

Project Formatting: Unless otherwise specified, all project related assignments must be created in the LaTeX formatting program. The final project writeup should be at least 12 pages (but no more than 20) of single spaced, double column pages. All bibliographic entries should be managed using the BibTeX tool. Bibliographic entries (References section) are counted in the page limitations.

If you are unfamiliar with LaTeX, please review one of the several available tutorials online on its use and syntax. For reference, you can obtain a sample project LaTeX starter documenter here.


Quizzes will be given with regularity over the course. Quizzes will be given in the first 5-10 minutes of class and will cover the reading material assigned for that day and the material from the preceding day. Note that there will be no make up for these quizzes for any reason, no matter how important or legitimate--this is just the costs of not coming to class. If you are late or miss the class for any reason, you will receive a 0 on the quiz.

Class Participation

Course lectures will be driven by the contents of assigned papers and book chapters. Students are going to be required to participate in discussions of the paper content during each lecture. Hence, the students ability to exhibit comprehension of papers is essential to a passing grade.

Lateness Policy

Project milestones are assessed a 10% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

Academic Integrity Policy

Students are required to follow the university guidelines on academic conduct at all times. Students failing to meet these standards will automatically receive a 'F' grade for the course. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign the 'F' grade and refer the student to the appropriate University bodies for possible further action.

Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Jaeger.

Course Updates