- Instructor: Dr. David Balash
- Email: [email protected]
- Office Hours: (Jepson 223)
- Tue 4:30PM - 5:30PM
- Fri 3:00PM - 5:00PM
- and by appointment at https://calendly.com/davidbalash or by email
- Lecture (Jepson G03)
- Tue 3:00PM - 4:15PM
- Thr 3:00PM - 4:15PM
- Lab (Jespson G04)
- Fri 1:30PM - 2:20PM
This course provides a foundational understanding of computer and network security. It covers key topics such as securing accounts and data, encryption and authentication techniques, and the security of software and systems. The course also delves into web security, networking fundamentals, and network security practices, while highlighting the importance of usable security and privacy. With a focus on practical application and developing a proactive security mindset, this course is well-suited for those looking to gain essential knowledge in the field of computer and network security.
By the end of this course, you will:
- Understand the foundational theories behind computer security.
- Learn about various mechanisms employed in securing systems and data.
- Gain practical skills in implementing security measures.
- Acquire basic knowledge and skills in using Linux, an important platform for many security tools and environments.
- Learn methods to secure user accounts, including password management and access controls.
- Understand and apply cryptographic techniques for data protection, such as encryption and decryption.
- Gain knowledge about securing software applications and operating systems against vulnerabilities and threats.
- Understand web security challenges and learn to protect web applications and services.
- Learn the basics of computer networking, essential for understanding network security.
- Acquire skills in securing networks against unauthorized access and attacks.
- Cultivate an ongoing awareness and proactive approach to security in all aspects of computing.
- Security Principles
- Introduction, Goals of Computer Security, Ethics
- Policy, Threat Models, and Mechanisms
- Trusted Computing Bases
- Linux Fundamentals
- Securing Accounts
- Passwords, Two-Factor Authentication, Credential Stuffing
- Social Engineering, Phishing
- Securing Data (Applied Cryptography)
- Hashing
- Secret-Key Cryptography, Public-Key Cryptography
- Digital Signatures, Passkeys
- Encryption in Transit, Encryption at Rest
- Securing Software and Systems
- Principle of Least Privilege, Access Control
- Operating Systems Security
- Control Hijacking Attacks, Buffer Overflows
- Web Security
- SQL Injection and Command Injection
- Client-Side and Server-Side Validation
- Cross-Site Scripting
- Networking Fundamentals
- Network Security
- Security Problems in the TCP/IP Protocol Suite
- DDoS Attacks, Network Defenses
- Usable Security and Privacy
There will be assigned reading from the following book which is available electronically for free on the authors web site.
- Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin, Second Edition by Paul C. van Oorschot
- In-class module exercises
- Lab assignments
- Class project
- Project presentation
- 5 Online reading quizzes
- 15%: Reading Reactions
- 40%: Labs
- 20%: Project
- 5%: Project Presentation
- 20%: Modules (In-class exercises)
Regular attendance for the entire class time is expected. You should not miss more than 4 total sessions (including lecture and lab). If you have to quarantine due to COVID or miss class for other legitimate reasons you will not be penalized.
Assignments including modules and labs may be submitted late with a 10% deduction per day late. In cases of personal illnesses, emergencies, or documented accommodations, assignments may be submitted late for full credit if you notify me of your situation.
Each lecture will be accompanied by a self-guided worksheet. This module exercise is to complement in-class content and to assist you in reviewing the material. In-class module exercises are due one week from the lecture in which they are assigned.
You will read and write a reaction four to assigned research papers. Reactions should consist of three brief paragraphs of prose (not bullet points) in your own words. A detailed description structure of these reading reaction assignments will be provided.
You will read and provide discussion question responses to chapters assigned from the course text. See course schedule for details.
Labs are short-to-medium size hands-on computer security assignments that are designed to reinforce lecture. This course has a formal laboratory component. You are expected to attend each lab for the entire 50 minute lab period. Some labs may require that you work in teams of two or more. Almost all labs will require more than the 50 minute alloted time to complete, so please expect to have to spend extra time on the labs.
Labs are due at 11:59 pm on the night prior to the next lab (for this course, that means 11:59 pm Thursday evening), unless I explicitly provide a different deadline. Note that some labs are more extensive, so might require two weeks to complete. In that case I will explicitly inform you of this.
You will work on a class project of your own choice. You will work in groups of 2 for the project. You will be required to turn in both your code and a short write-up describing the design and implementation of your project, and to make a short in-class presentation about your work.
I will use two primary forms of communication in this class: email announcements and Slack. You are responsible for remaining up to date on any information sent by email or posted to Slack. This may include clarifications to assignments, updates on grading rubrics, and changes in office hours.
For all general course information, questions, and clarifications, please use Slack. I hope that the Slack workspace can be an extension of our classroom community where we can share questions and answers for the entire class to view and learn from.
If you have personal, individual issues you'd like addressed, you should send those by email to me. However, all course related topics should be directed to Slack.
If you are ill and it will cause you to miss class, lab, or an assignment, you should let me know in advance, if possible. It is your responsibility to catch up with any missed material if you are able to do so. If not, then immediately on return, work out a time-frame with me on when work will be submitted.
It is very important in this course (and in life), that your work be your own. These guidelines will help you achieve that.
You must:
- Do your best to solve all homework, projects, labs, and exams on your own.
- Write the names of any students you collaborated with as a comment at the top of your file (subject to the constraints below).
You may:
- Discuss general approaches to solving the homework problems with other students, but the pen-to-paper, fingers-to-keyboard work should be your own.
- Have another student look at a specific snippet of your code (e.g., 10 lines) to help you debug a programming error.
You may not:
- Copy code to or from other students or people outside of the class.
- Have someone else write code for you.
- Copy code from the internet, unless you specifically reference the source and can explain how it works. This should be a tiny minority of the code you submit.
- Write code as a group and then submit identical or slightly modified versions---if you discuss general approaches to solving a problem together, you still must be writing up your own independent solution.
The Honor Code will apply to this course. Please read through the code carefully.
You will almost certainly be using generative AI in some way for the rest of your career. You may use generative AI tools for homework, labs, and project in the following manner.
You must:
- Understand any code that you use. We reserve the right to review your submitted code with you, and ask you to explain how it works.
You may:
- Ask a GenAI tool a generic question for informational purposes. For example, "Please explain the C++ syntax for reading input from a file, and give an example." If you use this code, please cite the source in a comment.
You may not:
- Ask a GenAI tool to solve the assignment. For example, you should not paste the entire problem description and ask the GenAI to solve it for you.
- No GenAI tools can be used for the exams.
This policy is subject to change as we all learn more about how GenAI works and doesn’t work as part of learning college level course content.
Any student who may need an accommodation based on the potential impact of a disability should contact Disability Services (or call 804-662-5001) to establish eligibility and to coordinate reasonable accommodations.
If you are approved for classroom and/or testing accommodation(s) please make sure to submit a Disability Accommodation Notice to me at this link.
If any issue arises that may limit your ability to participate in class, for example, personal illness, family emergency, etc., please be sure to discuss these matters with me as soon as possible and accommodations will be made available to you as appropriate.
Feelings of being overwhelmed are unfortunately quite common in the university environment. You are not alone, and there are a number of resources available to provide support in those moments. Learning to ask for help is an important part of the university experience, and if you or anyone you know experiences any academic stress, difficult life events, or feelings of anxiety or depression, we strongly encourage you to seek support. UR offers counseling services, and also consider reaching out to a friend, family or faculty member you trust for help.
If you or someone you know is feeling suicidal or in danger of self-harm, call someone immediately, day or night:
- UR Counseling and Psychological Services: 804-289-8119
- University of Richmond Police: 804-289-8911
- National Suicide Prevention Lifeline: 1-800-273-8255
Academic Skills Center: Academic coaches assist students in assessing and developing their academic and life-skills (e.g., critical reading and thinking, information conceptualization, concentration, test preparation, time management, stress management, etc.). Peer tutors offer assistance in specific subject areas (e.g., calculus, chemistry, accounting, etc.) and will be available for appointments in-person and virtually. Peer tutors are listed on the ASC website. Email Roger Mancastroppa ([email protected]) and Hope Walton ([email protected]) for coaching appointments in academic and life skills.
English Language Learning: assists multi-lingual and international students in honing their language, academic, and/or intercultural skills. Among other available services for students are one-on-one tutoring, group workshops, and semester-long classes on writing and U.S. culture. Please contact Dr. Bohon, Director of English Language Learning, at [email protected] for more information and appointments.
Quantitative Resource Center: Provides services related to quantitative and computational learning across the curriculum through tutoring, consultation and training.
Speech Center: Assists with preparation and practice in the pursuit of excellence in public expression. Recording, playback, coaching and critique sessions are offered by teams of trained student consultants. During scheduled appointments, consultants assist in developing ideas, arranging key points for more effective organization, improving style and delivery, and handling multimedia aids for individual and group presentations. We look forward to meeting your public speaking needs.
Technology Learning Center The TLC is a staffed public lab dedicated to supporting digital media projects. Services include camera checkout, video/audio recording assistance, virtual reality, poster printing, 3D printing and modeling. The TLC is located on the second floor of Boatwright Library.
Writing Center: Assists writers at all levels of experience, across all majors. Students can attend walk-in hours at Boatwright Library (room 171A) with trained writing consultants who offer friendly critiques of written work.
Boatwright Library Research Librarians (289-8876): Research librarians help students with all steps of their research, from identifying or narrowing a topic, to locating, accessing, evaluating, and citing information resources. Librarians support students in their classes across the curriculum and provide individual appointments, class library instruction, tutorials, and research guides (libguides.richmond.edu). Students can contact an individual librarian or ASK a librarian for help via email, text (804-277-9ASK), or chat.
Career Services (289-8547): Can assist you in exploring your interests and abilities, choosing a major or course of study, connecting with internships and jobs, and investigating graduate and professional school options. We encourage you to update your profile in Handshake and schedule an appointment with a career advisor early in your time at UR.
Counseling and Psychological Services (289-8119): Assists currently enrolled, full-time, degree-seeking students in improving their mental health and well-being, and in handling challenges that may impede their growth and development. Services include brief consultations, short-term counseling, skills-building classes, therapy groups, crisis intervention, psychiatric consultation, and related services.