CSCI 667 – Concepts of Computer Security

[Overview] Syllabus [Schedule] [Research Project]

The course will cover topics including (but not limited to) network security, authentication, security protocol design and analysis, security modeling, key management, program safety, intrusion detection, DDoS detection and mitigation, architecture/operating systems security, security policy, web security, and other emerging topics. A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course schedule.

Please contact Prof. Nadkarni for any questions regarding the content of the course. We will be using Piazza for class discussions. Please sign up.


Course Prerequisites

Informal: You need to understand (1) IP networks, (2) modern operating systems (e.g., Windows, Linux), (3) discrete mathematics, (4) basics of systems theory and implementation (e.g., file systems, distributed systems, networking, operating systems, etc.). If you do not have a basic understanding of these areas, you will have difficulty with the course. If you have questions regarding these prerequisites, please contact the instructor.

Textbooks and Reading Material

This course has no formal textbook. The course readings will come from online book chapters, seminal papers, and other informative sources.

Here are some useful online books that provide additional information:

  1. Ross Anderson. Security Engineering, 2nd Edition. Wiley. April 2008.
  2. Jaeger, T., Operating System Security. Morgan & Claypool, 2008.
  3. Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press. October 1996.

Student Learning Outcomes

By the end of this course, students will be able to:

  • Explain concepts related to applied cryptography, including plaintext, ciphertext, symmetric cryptography, asymmetric cryptography, digital signatures.
  • Outline the requirements and mechanisms for identification and authentication of users and computer systems, including authentication protocols and key management. Identify the possible threats to each mechanism and ways to protect against these threats.
  • Explain concepts related to access control and operating system security, including access control matrices, protection, reference monitors, least privilege, discretionary access control, mandatory access control, multi-level security, role-based access control, and capabilities.
  • Explain common network and Web vulnerabilities and attacks, defense mechanisms against these attacks, and cryptographic protection mechanisms.
  • Describe the methods and motivation of Internet malware, and explain existing defense mechanisms and their limitations.

Course Structure and Grading

The course will consist of one midterm, a final, quizzes, class participation, and several homework assignments and a course research project that contribute towords the final grade in the following propotions:

  • 25% Course Research Project
  • 20% Mid-term Exam
  • 25% Final Exam
  • 20% Homework Assignments
  • 10% Class Participation and Quizzes

The final letter grade will be based on the final percentage as follows:

A >= 95% > A- >= 90% > B+ >= 85% > B >= 80% > B- >= 75% > C+ >= 70% > C >= 65% > C- >= 60% > D+ >= 55% > D >= 50% > D- >= 45% > F

The grades may be interpreted according to W&M’s grading policies.

Homework Assignments: The instructor will assign homework assignments on a periodic basis for topics associated with the class assignments. These homeworks may require the students to write, program, or perform other basic research. The content and due dates of these assignments will be decided over the course of the semester. If you cannot attend a lecture, contact other students to see if any assignments have been made and consult the syllabus.

Course Project: The course project requires that students execute research in systems security. The result of the project will be a conference-style paper. Project topics will be discussed in class after the introductory material is completed. Be realistic about what can be accomplished in a single semester. However, the work should reflect real thought and effort - projects executed in the closing days of the semester are unlikely to be well received. The grade will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort. See the Project for more details.

Quizzes: Quizzes may given at the beginning of class and will cover topics from the preceding lecture and readings. It is strongly suggested that students do the reading prior class, as a good percentage of their grade will depend on them. Quizzes missed because of absences can not be made up unless arrangements are made with the instructor prior to the course meeting.

Class Participation: To do well in this course, students must take active and regular roles in discussion and demonstrate comprehension of the reading and lecture themes. Students are required to do the assigned reading before class. This will be closely monitored by the instructor, thereby making a student’s ability to demonstrate their comprehension of papers essential to a receiving a passing grade.

Assignment Lateness Policy

Homework and project deadlines will be hard. Late assignments will be accepted within 24 hours with a 25% reduction in grade. Homeworks submitted after 24 hours will have a 100% penalty. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

Attendance Policy

The instructor will not take any formal attendance for class meetings. However, as stated above, a portion of the grade is based on class participation, which includes pop quizzes. Additionally, exam material includes anything in the readings, slides, and topics discussed in class. Students missing class should consult classmates on missed material.

The university policy on excused absences will be observed (see this). The students are responsible for discussing makeup exams if they miss exams due to excused absence. The instructor will choose a mutually agreed date and time for the makeup exam. Late submission of homework assignments due to excused absences is not subject to the policies on late assignments.

The instructor will treat COVID-related absences as excused absences, and follow the attendance policy outlined previously. The instructor will also release slides, and hold additional office hours if required, to assist students facing COVID-related absences.

Please note that testing positive for COVID or any other temporary illness is not considered a disability as defined by ADA guidelines and is not under the purview of W&M’s Student Accessibility Services (SAS). Thus, any questions should be addressed via email to the instructor.

Academic Integrity Policy

The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the W&M Student Code from the following URL:

The instructor expects honesty in the completion of test and assignments. The instructor has a zero tolerance policy for violations of academic integrity. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign the ‘F’ grade and refer the student to the appropriate University bodies for possible further action. It is the understanding and expectation of instructor that the student’s signature on any test or assignment means that the student neither gave nor received unauthorized aid.

Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.

Statement on transportation

Students have to provide their own transportation for any and all class related trips.

Statement on safety and risk assumption

This course does not require activities that pose physical risk to students.

Back to the top