Introduction to Computer Security Fall 2013

This course teaches the security mindset and introduces the principles and practices of computer security as applied to software, host systems, and networks. It covers the foundations of building, using, and managing secure systems. Topics include standard cryptographic functions and protocols, threats and defenses for real-world systems, incident response, and computer forensics. See the schedule for details.

Professor J. Alex Halderman
Office hours: Tues. 3:00–4:00, 4717 Beyster, or by appointment
Prerequisites EECS 281; EECS 370 recommended
Lectures Tues./Thurs. 1:30–3:00, 1670 Beyster
Section 11: Fri. 2:30–3:30, 1017 Dow
Section 13: Fri. 3:30–4:30, 3150 Dow
Section 12: Mon. 1:30–2:30, 2166 Dow
GSIs James Kasten (Office hours: Wed. 2:30–3:30, outside BBB Learning Center)
Alexander James (Office hours: Thu. 3:30–4:30, inside BBB Learning Center)
Communication We'll use Piazza for general discussion and questions about course material.
For administrative issues, email to contact the course staff.
This is a paperless class. Assignments will be distributed here and collected online via CTools.
Resources Security Research at Michigan
Security Reading Group (SECRIT)
EECS 588 (graduate-level security class)


We'll calculate your course grade based on these components:
Component Weight Description
Class Participation 10% Attendance, alertness, questions, intellectual contributions
Final Exam 20% One exam covering all material from the course (Dec. 19, 1:30–3:00)
Homework Exercises 30% Five homework exercises, completed on your own
Programming Projects 40% Five programming projects, completed in teams of two

Ethics, Law, and University Policies Warning

To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in EECS 388 is that you must respect the privacy and property rights of others at all times, or else you will fail the course.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. If in doubt, we can refer you to an attorney.

Please review ITS‘s policies on responsible use of technology resources and CAEN’s policy documents for guidelines concerning proper use of information technology at U-M, as well as the Engineering Honor Code. As members of the university, you are required to abide by these policies.