Introduction to Computer Security Spring 2019

This course teaches the security mindset and introduces the principles and practices of computer security as applied to software, host systems, and networks. It covers the foundations of building, using, and managing secure systems. Topics include standard cryptographic functions and protocols, threats and defenses for real-world systems, incident response, and computer forensics. See the schedule for details.

Professors Michael Bailey
Office hours: by appointment
Kirill Levchenko
Office hours: by appointment
Prerequisites Credit in CS 241 or ECE 391
Lectures Mon./Wed. 12:30–13:45, 1320 Digital Computer Laboratory
Discussion Sections Thu. 10:00–10:50, 1214 Siebel Center for Comp Sci
Thu. 11:00–11:50, 1214 Siebel Center for Comp Sci
Thu. 12:00–12:50, 1214 Siebel Center for Comp Sci
Thu. 13:00–13:50, 1214 Siebel Center for Comp Sci
Thu. 14:00–14:50, 1214 Siebel Center for Comp Sci
Thu. 15:00–15:50, 1214 Siebel Center for Comp Sci
TAs Zane Zheng Ma, TA
Deepak Kumar, TA
Kaishen Wang, TA
Sameet Sapra, TA
Seoung Kim, TA
Office hours: M-F 17:00–19:00 (ECEB 3015).

Note a small number of room conflicts necessitate alternative rooms, be sure to check Piazza for announcements.
Communication We'll use Piazza for general discussion and questions about course material. For administrative issues, email to contact the course staff.

This is a paperless course. Assignments will be distributed on the website and you will submit them through GIT. Students get their own GIT repo in a course-semester GitHub organization, created by course staff. Grades will be managed through Compass2g. Lecture videos are available on echo360. Lecture slides and optional reading materials are on the website. Copies of assignments, slides, and other materials will also be available on a course-semester GitHub organization _public repo.
Reference Books No textbook is required, but if you would like additional references, we recommend:

Computer Security: Principles and Practice by William Stallings and Lawrie Brown. Pearson ISBN 9780134794105
Computer Security: Art and Science by Matt Bishop. Addison-Wesley Professional ISBN 0321712331
Security in Computing by Charles P. Pfleeger and Shari Lawrence Pfleeger. Pearson India ISBN 9789352866533
Introduction to Computer Security by Michael Goodrich and Roberto Tamassia. Pearson ISBN 9780321512949
Introduction to Computer Security by Matt Bishop. Addison-Wesley Professional ISBN 0321247442
Firewalls and Internet Security: Repelling the Wily Hacker by William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin. Addison-Wesley Professional ISBN 0785342634662
Security Engineering: A Guide to Building Dependable Distributed Systems by Ross J. Anderson. Wiley ISBN 0470068523
Computer Security: A Hands-on ApproachWenliang (Kevin) Du. CreateSpace Independent Publishing Platform ISBN 154836794X
Computer Security Fundamentals by Chuck Easttom. Pearson IT Certification ISBN 078975746X
Principles of Computer Security (Official Comptia Guide) by Wm. Arthur Conklin, Greg White, Chuck Cothren, Roger L. Davis, and Dwayne Williams. McGraw-Hill Education ISBN 0071835970
Computer and Information Security Handbook by John R. Vacca. Morgan Kaufmann ISBN 0128038438
Resources Security and Privacy Research at Illinois
Security Course Roadmap


We'll calculate your course grade based on these components:
Programming Projects 60% Five programming projects, completed in teams of two
Midterm Exam 20% One exam covering material in the first half of class
Final Exam 20% One exam covering all material from the course

Ethics, Law, and University Policies Warning

To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in ECE 422, CS 461 is that you must respect the privacy and property rights of others at all times, or else you will fail the course.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. If in doubt, we can refer you to an attorney.

Please review the Campus Administrative Manual (especially Policy on Appropriate Use of Computers and Network Systems at the University of Illinois at Urbana-Champaign) for guidelines concerning proper use of information technology at Illinois, as well as the Student Code (especially 1-302 Rules of Conduct, 1‑402 Academic Integrity Infractions). As members of the university, you are required to abide by these policies.