CSCI 4531/6531 Computer Security

Instructor

• Adam Aviv
• aaviv@gwu.edu
• SEH 5810
• Office Hours: Mon 10:30am - 12:00pm (TBD)

Meeting Times

• Location: ROM 351 COR 101A
• Time: Wed 3:30pm-6:00pm

Course Prerequisites

• For CSCI 4531, the prerequisite is CSCI 2113
• For CSCI 6531, none

Course Description

Functional description of cryptographic primitives. Risk analysis. Policy models: security, confidentiality, integrity, hybrid. Design principles: access control, information flow, and confinement. Assurance: formal methods, evaluation. Malicious logic: security effects of programming languages.

Learning Objectives

1. Describe basic components of security (confidentiality, integrity, and availability)
2. Understanding and ability to apply basic cryptographic primitives (e.g., symmetric keys, asymmetric keys, hash functions)
3. Understanding of authentication and access control mechanisms
4. Apply concepts in software security (e.g., race conditions, integer overflows, buffer overlfows)
5. Identify different forms of malicious software
6. Describe and apply forms of public key infrastructure for both authentication and privacy
7. Awareness of common security challenges with web protocols and browser authentication
8. Exposure to modern topics in computer security

Time Expectations:

• 2.5 hours of direct instruction (i.e., class time) per week
• 5 hours of independent learning (i.e., out of class time) per week
• Total: 112.5 hours per semester

Textbook

We will use the following textbook, chapters available for free online.

• Computer Security and the Internet: Tools and Jewels from Malware to Bitcoin, Second Edition. Paul C. van Oorschot. Springer, 2021.

Topics

• Risk Modeling
• Cryptographic Primitives
• Authentication
• Access Control
• Software Security
• Malware
• Public Key Infrastructure
• Web/Browser Security

(for detailed course schedule see the schedule)

Grading

• 15% Homework
• 25% Project
• 10% Worksheets
• 15% Midterm
• 25% Final
• 10% Participation/Attendance

Homework (15%)

There are three homework assignments, each worth 5% of your grade for a total of 15%. Some homework assignments can be completed in groups and some are individual. You should consult the individual instructions for each assignment.

Late Homework Submission Policy

Homework is due on the date specified on the calendar. Everyone in the class is entitled to a single three-day extension on any homework deadline, only once. You only need to tell me in advance, and the first time you ask, I will always say yes.

After you have used your single three-day extension, you may submit your assignment up to three days late for a 25% reduction. If you still cannot complete the homework in that timeline, you can complete it by the final lecture of the class for 50% credit.

Project (25%)

You will complete a semester long project exploring topics in computer security that may not be covered fully or at all in the class. The project has multiple parts, including completing an annotated bibliography, presentation, and report. You can find more details on the project description.

Projects will be completed in groups of two or three. Note that undergraduate students registered for section CSCI4531 should work with other students in their section, and the same for graduate students registered for CSCI6531.

Late Project Submission Policy

All projects portions MUST be submitted on the due date as specified. If you or your team members has an emergency that inhibits your ability to complete the project, you should contact your instructor as any issue arises.

Worksheets (10%)

You are required to complete 10 worksheets during the semester, each worth 1% of your final grade. Worksheets are not graded for correctness, but only completion. The due date of worksheets are the following lecture from when the topic is covered.

Late Worksheet Policy

If you do not submit your worksheet by the next lecture, you may submit them late by the next exam for 25% reduction, but not after. To be more precise:

• For worksheets 1-5, you can submit any outstanding worksheets for 25% reduction by the Midterm Exam, but after, you will not receive credit
• For worksheets 6-10, you can submit any outstanding worksheets for 25% reduction by the Final Exam, but after, you will not receive crdit.

The idea behind this policy is that the worksheet questions and topics will be covered on the respective exams. This is to encourage you to complete them to prepare for the exam.

Attendance / Participation (10%)

As this is an interactive class, with discussion, it is important that you attend class regularly. There are 11 meetings of this class, not including the midterm (which I assume everyone will attend!). Your attendance grade is determined based on the number of classes you attend:

• 10% - attend at least 8/11 meetings
• 7% - attend 7/11 meetings
• 6% – attend 6/11 meetings
• …

This means you can miss up to 3 classes without penalty. After missing your 4th class, this will result in a 3% reduction in your grade, and every further class you miss will be an additional 1%. There are no options to join classes online.

Requesting an Excused Absence

There is no reason to request an excused absence until you’ve missed more than 3 classes. Essentially, your first 3 absences are excused without any penalty. If you end up missing more than 3 classes, you should notify the instructor as soon as you know you will miss class. The following are university policy for excused absences: documented family or medical emergency, varsity athletic competition, or a religious observation.

Note that in accordance with University policy, students should notify faculty during the first week of the semester of their intention to be absent from class on their day(s) of religious observance. For details and policy, see Religious Holidays on the Provost web page.

Exams (40%)

There will be two exams. A midterm worth 15% of your grade, and a final worth 25% of your grade. The total exam weighting is 40%. The midterm will cover weeks 1-5 and final will cover topics weeks 1-10, while more heavily weighting the latter topics from week 6-10.

Exams will be in-class, pen-and-paper. If you need accommodations, you should notify the instructor as soon as possible with your DSS accommodation approval so that you can schedule your exams with DSS.

Academic Integrity

The George Washington University has a Code of Academic Integrity which we will follow in this class. Violations of the code, depending on severity, may lead to any (or all) of the following actions within this class:

• Receiving a 0% on the assignment in which a violation is found
• Dismissal from the course
• Receiving a failing grade in the class

Further action may occur, including referring the case to the Academic Integrity Council for further adjudication.

IMPORTANT: The use of AI assistants, such as ChatGPT, Gemni, etc., is strictly forbidden. Submitting AI assistants output as your own is plagiarism. You will receive a zero on that assignment, and if you do so multiple times after fair warning, you will be referred to the academic integrity board and receive a failing grade in the class. Please, please, please do not put me or you in a position where this may become necessary.

Disability Support Services (DSS)

Any student who may need accommodations based on the potential impact of a disability should contact Disability Support Services (or call 202-994-8250) to establish eligibility and to coordinate reasonable accommodations.

Wellness

If any issue arises that may limit your ability to participate in class, for example, personal illness, family emergency, etc., please be sure to discuss these matters with your instructor as soon as possible and accommodations will be made available to you as appropriate.

Feelings of being overwhelmed are unfortunately quite common in the university environment and something we have all dealt with. You are not alone, and there are a number of resources available to provide support in those moments. Learning to ask for help is an import part of the university of experience, and if you or anyone you know experiences any academic stress, difficult life events, or feelings of anxiety or depression, you are strongly encourage to seek support. GW offers counseling services, and also consider reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.

If you or someone you know is feeling suicidal or in danger of self-harm, call someone immediately, day or night:

• Student Counseling : 202-994-5300.
• National Suicide Prevention Lifeline: 1-800-273-8255