This course teaches the security mindset and introduces the principles and practices of computer security as applied to software, host systems, and networks. It covers the foundations of building, using, and managing secure systems. Topics include standard cryptographic functions and protocols, threats and defenses for real-world systems, incident response, and computer forensics. See the schedule for details.
Professor | Eric Wustrow Office hours: Mon 3:30–4:30, Wednesday 10:00–11:00 (ECCR 1B13) |
TA | Gaukas Wang Office hours: Fri 1:00–2:00 (ECCR 1B10) |
Prerequisites | ECEN 3350 (or CSCI 2400) or equivalent programming experience and understanding of computer organization topics (high level assembly/CPU operation) |
Lectures | Mon./Wed./Fri. 2:30–3:20, ECCR 265 |
Communication |
We'll use Slack for general discussion and questions about course material and grading. For administrative issues, email ewust@colorado.edu to contact the course staff. This is a paperless course. Assignments will be distributed here and collected via Canvas. |
Reference Books |
No textbook is required, but if you would like additional references, we recommend: Security Engineering by Ross Anderson Cryptography Engineering by Ferguson, Schneier, and Kohno |
Resources |
Netsec reading group ECEN 5014 (graduate-level security class) |
Homework Exercises | 25% | Five homework exercises, completed on your own |
Programming Projects | 45% | Five programming projects, completed in teams of two |
Final Exam | 30% | One exam covering all material from the course |
To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in this class is that you must respect the privacy and property rights of others at all times, or else you will fail the course.
Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. If in doubt, we can refer you to an attorney.
Please review CU's acceptable use policy of IT resources for guidelines concerning proper use of information technology at CU, as well as the Engineering Honor Code.