CSE543 - Computer Security - Fall 2006

Instructor Trent Jaeger (tjaeger 'at' cse.psu.edu)
TA Xinran Wang (xinrwang 'at' cse.psu.edu)
Location 265 Willard
Meeting Times T-TH 11:15am-12:30pm
Credits 3
Office Hours Prof. Jaeger: WF 1-2pm or by appointment
Xinran Wang : TuTh 10-11am or by appointment
Mail-list TBD


This course provides an introduction to computer and network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography, cryptanalysis, and systems security, and continues by covering a number of seminal papers and monographs is a wide range of security areas.

Topics will include network security, authentication, security protocol design and analysis, security modeling, trusted computing, key management, program safety, intrusion detection, DDOS detection and mitigation, architecture/operating systems security, security policy, group systems, biometrics, web security, and other emerging topics.

A detailed list of a lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course calendar.


The course will be graded on exams, a course project, and class participation in the following proportions:

15% Mid-term Exam
10% Quizzes and Assignments
15% Presentations, Summaries, and Class Participation
25% Final Exam
35% Course Project


The mid-term and final are open book and open note exams to be held outside normal course meetings on pre-designated times during the semester. The exams may include any topic previously covered in lectures or assigned readings. While all topics are fair game for the final exam, it will emphasize material covered since the mid-term. Students who have conflicts with the exam schedule should see Professor Jaeger immediately.

A hint: exam questions will often require students to think beyond or delve deeper into the particulars of lectures and papers. Hence, students who have read and understand all assigned material (and in particular the assigned research papers) will have a much better chance a doing well on the exams. Students who rely exclusively either on the readings or the lectures will almost certainly do poorly. In short, the exams will not ask students to regurgitate facts, but to reason about the field. This requires a deep understanding of the material that cannot be acquired during the exam time.


Quizzes will be given at the beginning of class and will cover topics from the preceding lecture and readings. It is strongly suggested that students do the reading prior to class, as a good percentage of their grade will depend on them. Quizzes missed because of absences cannot be made up unless arrangements are made with the instructor prior to the course meeting.


Short writing or problem assigments will be handed out periodically in class. The content and due dates of these assignements will be decided over the course of the semester. If you cannot attend a lecture, contact other students to see if any assignments have been made.

Course Project

The course project requires the student execute some limited research in security. The chief product of the project will be a conference-style paper. Project topics will be discussed in class as the introductory material is completed. Be realistic about what can be accomplished in a single semester. However, the work should reflect real thought and effort. The grade will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort.

Project teams may include groups of up to three students. I would encourage students who wish to make security their primary research area to work by themselves. I will advise each team/individual independently as needed. The project grade will be a combination of grades received for a number of milestone artifacts and the final project writeup. Details of the milestones and content will be given in class with the other project details.

Class Participation

Class participation focuses on the assigned papers for the class. Each student will be required to submit a summary of the prior reading at the beginning of class. Each student will also lead (or co-lead) the discussion of the lecture's paper. The discussion will focus on the paper reviewing concepts discussed early in the class. Even for students that are not presenting, they are required to participate in discussions of the paper content during each lecture. Hence, the students ability to exhibit comprehension of papers is essential to a passing grade.

Lateness Policy

Assignments and project milestones are assesed a 10% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with letgitmate reasons who contact the professor before the deadline may apply for an extension.

Required Texts

Most of the course readings will come from seminal papers in the field. Links to these papers will be provided on the course pages as the assignments are made. The following book is also required for the course.

The following are also recommended:

Course Outline

The course focuses on the study of computer and network security. The lectures begin with basic topics and terminology in computer security. Subsequent lectures will cover a broad range of topics in depth. These latter topics will largely be introduced through class readings. Students should complete readings before the lecture, as the discussion will be directed by the paper contents.

A rough outline of the class is as follows:

  1. Introduction
    1. Security, Threats, and Vulnerabilities
    2. Security Models
    3. Cryptography and Cryptanalysis
  2. Security Basics and Theory
    1. Authentication
    2. Access Control
    3. Protocols
  3. Computer Security
    1. Trusted Computing
    2. OS Security
    3. Vulnerabilities
  4. Network Security
    1. IP Security
    2. Firewalls
    3. IPsec/VPNs
    4. Worms
    5. DDOS
  5. Special Topics
    1. Web Security
    2. Program Safety and Analysis
    3. Linux Security
    4. Virtual Machine Security

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Jaeger.

CSE 543 - Fall 2006

Last modified: Tu Aug 15 12:34:04 EDT 2006