Introduction

This elective course covers a wide variety of topics in computer security, including hands-on experience with breaking software and engineering software to be harder to break. For example, students will perform buffer overflow attacks and exploit web application vulnerabilities, while also learning how to defend against them. Grades will be based exclusively on a series of in-class projects.

There will be reading assigned before every class, usually chapters from the book or papers available online somewhere. You’re expected to read them.  You should also subscribe to this blog with your favorite RSS reading tool.  If there are changes in the schedule or other important announcements, they’ll appear here. We’ll also be using Piazza for a variety of class management functions.

Texts

The optional text for this class is Security Engineering, 2nd Edition by Ross Anderson.  On that page, you’ll notice that the second edition of the book is online, gratis.  You might still want to buy a copy, but you don’t need to.

We’re not going to talk too much about cryptography, but when we do, another optional text for this class is The Handbook of Applied Cryptography by Menezes, van Oorschot and Vanston.  It’s also available online, gratis.  We’ll link to those pages from the course syllabus when appropriate.  You don’t need to buy this book.

Pre-requisites

Comp310 or consent of the instructor.

Lecture schedule

See the course schedule page. If we need to make last-minute changes, you’ll also see a message on the course blog.  Class meets in Duncan Hall, room 1042, Tuesday and Thursday from 9:25am-10:40am.  Please be on time.  Make-up classes will happen when necessary and there will be announcements on the course blog. Due to Dr. Wallach’s crazy travel schedule, there will be a number of guest lecturers as well as some experimental “class flipping” (e.g., watch a video in advance, then show up in class for a lab exercise based on the video).

WebsecLab and other Preliminaries

• Here’s a course registration form to tell us a bit about yourself
• Registration (select the “Comp327” group when setting up your account, we’ll give out the “class password” in class, not online)
• Virtual Box (Required to run the virtual machine appliance. Download this in advance and install it on your machine.)

Office hours

• Dan Wallach (DH 1081), Tuesday 11-12 (i.e., after class)
• TA: Theodore Booke (DH 1083), Thursday 1:30-2:30 or by appointment, (email: tbook at rice)

Accommodations

Any student with a documented disability needing academic adjustments or accommodations is requested to speak with me during the first two weeks of class. All discussions will remain confidential. Students with disabilities should also contact Disabled Student Services in the Ley Student Center.