Spring 2021 CS 458/658 (Computer Security and Privacy) Syllabus

Instructors N. Asokan Miti Mazmudar,
Office Hours 11:00 am–noon on Wednesdays or by appointment in MS Teams; see the MS teams page link below.
Email nasokan@uwaterloo.ca, miti.mazmudar@uwaterloo.ca
Lectures Visit the course LEARN site to view the pre-recorded lectures (in the Course Modules section), which will be posted on the first day of each module. Starting dates for modules are listed on LEARN (on the "IMPORTANT DATES" page in the "Important Course Information" section).
Interactive Sessions 10:00 am–11:30 am on Tuesdays in MS Teams; see the MS teams link below. Attendance is voluntary and recorded sessions will be uploaded to LEARN. See the rationale for interactive sessions below.
LEARN Course site on LEARN
Piazza Course page on Piazza
MS Teams Course team on MS Teams (See the University's MS Teams website on how to access/install MS Teams.)

Interactive Sessions: These sessions are an experiment in the the flipped classroom approach and as such, augment the lectures (some of which are recordings from a previous term). We encourage students to attend the interactive sessions, but attendance is voluntary and optional. The sessions will be recorded and made available via LEARN. The session will start with a brief recap, contain interactive exercises and allow students to ask questions. Questions may also be posted before the session on Piazza.

Overview

This course provides an introduction to security and privacy issues in various aspects of computing, including programs, operating systems, networks, databases, and Internet applications. It examines causes of security and privacy breaches, and gives methods to help prevent them.

Students completing this course should be better able to produce programs that can defend against active attacks, and not just against random bugs.

Intended audience

Third or fourth year CS students (CS 458), or first year CS graduate students (CS 658)

Prerequisites

CS 350 (Operating Systems). Familiarity with C.

Outline

Introduction to Computer Security and Privacy
The meaning of computer security; comparing security with privacy; types of threats and attacks; methods of defense
Program Security
Secure programs; nonmalicious program errors; malicious code; controls against program threats
Operating System Security
Methods of protection; access control; user authentication
Network Security
Network threats; firewalls, intrusion detection systems
Internet Application Security and Privacy
Basics of cryptography; security and privacy for Internet applications (email, instant messaging, web browsing); privacy-enhancing technologies
Database Security and Privacy
Security and privacy requirements; reliability, integrity, and privacy; inference; data mining; k-anonymity
Non-technical Aspects
Administration of security systems; policies; physical security; economics of security; legal and ethical issues

This syllabus is a guideline for the course and not a contract. As such, its terms may be altered when doing so is, in the opinion of the instructor(s), in the best interests of the class.

Grading Policy

Grades will be calculated as follows for undergraduate students:

For graduate students, 80% of your grade will be computed through the above distribution. The research survey paper will account for the remaining 20% of your overall mark, as discussed below. Please consult the "IMPORTANT DATES" page on LEARN for the assessment deadlines.

Assignments: The first three assignments contain both written and programming exercises and cover the new material in the course since the previous assignment. The final assignment is written-only but covers material from the whole term. If the weighted average of your score in the final assignment is below 50%, you cannot pass the course.

Please start working on the assignments in advance of the deadlines. To motivate you to do so, we may require you to submit milestones for some or all of them. Late submissions for final Assignments 1, 2 or 3, will be accepted only up to 48 hours after the original due date. There is no penalty for accepted late submissions. Assignments can be submitted multiple times -- the last one will be used for marking. There is no late submission for the final assignment and for any milestones of Assignments 1, 2 or 3. Course personnel will not normally give assistance for assignments after their original due dates (there will be no assistance from course staff for the final assignment). You must notify your instructor(s) well before the due date of any severe, long-lasting problems that prevent you from completing an assignment on time. The 48 hours grace period does not apply to any other assessments, including the self-tests, assignment milestones, blog-task (sign-up, publishing, comments), the final assignment or the CS 658 proposal and research survey paper; no lates will be accepted for them.

Assignments 1, 2, and 3 are due at 3:00 pm Eastern Time on their respective due dates. These assignments are to be submitted electronically with the "submit" command, see the 'Course Mechanics' section below. Assignments submitted by other means will not be accepted. Assignment 1, 2 and 3 comments and marks will be returned using infodist. Again, see the 'course mechanics' section below.

Self-tests: Self-tests are meant to help you keep up with the material, that is, to assess and improve your understanding of basic concepts. You can attempt each self-test as often as you like during its availability period; your last grade on each self-test will be the one recorded (although course personnel can see every attempt). The availability and deadline information will be posted on LEARN ("IMPORTANT DATES" page in the "Important Course Information" section). Late self-tests cannot be made up for any reason, including students signing up for the class late. The 48 hours grace period does not apply to the due dates for the self-tests.

Blog task: The blog task is intended to acquaint students with the latest developments in computer security and privacy. You will need to sign up on infodist (see 'Course mechanics' below) for a week to publish your blog post, by the blog task scheduling deadline (see the "IMPORTANT DATES" page in the "Important Course Information" section on LEARN). Late blog post submissions will not be awarded any marks. Please go through the link above for the blog task description and grading rubric.

Research Survey Paper (CS 658)

Students registered in CS 658 must write a research survey paper on a topic related to computer security or privacy. You should read Keshav's How to Read a Paper to efficiently read a paper and conduct a literature survey. In writing your paper, you must become familiar with the research literature relevant to your topic. Your focus should be on academic venues, such as the USENIX Security Symposium , ACM CCS, IEEE Symposium on Security and Privacy, Privacy Enhancing Technologies Symposium (PETS) or the NDSS Symposium. Visit LEARN for a sample paper and deadlines for the proposal and paper. You should email your topic, proposal and paper to the instructors.

Reappraisal Policy

If you have an assignment that you would like to have reappraised, please follow the instructions given on Piazza to submit your request. Include a clear justification for your claims. The appeals deadline is one week after the respective graded item is first made available. If your appeal is concerned with a simple calculation error, please see the TA(s) during their office hours.

Textbooks

Library-proxied links for both textbooks are available on LEARN (in the "Textbooks and Readings" page in the "Important Course Information" section).

It is expected that you will have read the appropriate sections of the textbook(s) while or after watching the lecture or interactive session videos. Additional readings may be assigned, and will appear on LEARN; readings marked as mandatory contain required material for the course. You should read these mandatory readings as well, in tandem with viewing the corresponding videos.

Communication

It is your responsibility to keep up with all course-related information posted to LEARN, the course Piazza site, and the course website.

Piazza: Please direct all communication to the discussion forums in Piazza. This includes questions on materials in lecture or interactive session videos, assignments, and general logistics.

Etiquette:

LEARN: Deadlines for assessment items have been included in the "IMPORTANT DATES" page on LEARN (in the Important Course Information section). Lecture, and interactive session videos will be posted periodically on LEARN (in their respective sections). Links to textbooks are also be available on LEARN.

Email: Important course information will generally be posted to LEARN, but may also be sent to your uwaterloo.ca email address. For personal matters, such as an illness, please email the instructors directly. We will only reply back to email from your uwaterloo.ca email address, for privacy rules.

Course mechanics:

Teaching Assistants

TA office hours will be held at the TA virtual meeting room (details on LEARN "Virtual Rooms" page in the "Important Course Information" section).

Other Resources

Security Information

In this course, you will be exposed to information about security problems and vulnerabilities with computing systems and networks. To be clear, you are not to use this or any other similar information to test the security of, break into, compromise, or otherwise attack, any system or network without the express consent of the owner. In particular, you will comply with all applicable laws and UW policies, including, but not limited to, the following:

Violations will be treated severely, and with zero tolerance.

Academic Integrity

Students are encouraged to talk to one another, to the TAs, to the instructor(s), or to anyone else about any of the assignments. Any assistance, though, must be limited to discussion of the problem and sketching general approaches to a solution. Each student must write his or her own solutions, including code and documentation if appropriate, for the assignments. Consulting another student's solution is prohibited, and submitted solutions may not be copied from any source. In particular, submitting assignments copied in whole or in part from assignment submissions to a previous offering of this course, or from any offering of any other course, is forbidden, even if a student is resubmitting his or her own work. These and any other forms of collaboration on assignments constitute cheating. If you have any questions about whether some activity constitutes cheating, please ask the instructor(s).

The general Faculty and University policy:

Diversity

It is our intent that students from all diverse backgrounds and perspectives be well served by this course, and that students' learning needs be addressed both in and out of class. We recognize the immense value of the diversity in identities, perspectives, and contributions that students bring, and the benefit it has on our educational environment. Your suggestions are encouraged and appreciated. Please let us know ways to improve the effectiveness of the course for you personally or for other students or student groups. In particular:

Note for Students with Disabilities

AccessAbility Services, located in Needles Hall North, Room 1401, collaborates with all academic departments to arrange appropriate accommodations for students with disabilities without compromising the academic integrity of the curriculum. If you require academic accommodations to lessen the impact of your disability, please register with AccessAbility at the beginning of each academic term.

Mental Health Support

The Faculty of Math encourages students to seek out mental health support if needed.

On-campus Resources:

Off-campus Resources:

COVID-19 Information and Resources

Online classes during the COVID-19 pandemic has been taxing and stressful for all of us. Here are some useful resources and guidance from the university.

Territorial Acknowledgement

We acknowledge that we live and work on the traditional territory of the Attawandaron (Neutral), Anishinaabeg, and Haudenosaunee peoples. The University of Waterloo is situated on the Haldimand Tract, the land promised to the Six Nations that includes ten kilometres on each side of the Grand River.