Intro to Computer Security

EECS 398
Fall 2009


10/21Take-home midterm available via CTools, due 10/23

10/14Project 2 posted, due 10/29

9/27 Project 1 posted, due 10/8

Course Overview

InstructorsProfessors J. Alex Halderman and Peter Honeyman
GSIScott Wolchok
PrerequisitesEECS 280 or EECS 282
LecturesTuTh 10:30-Noon, 1003 EECS
DiscussionFr 2:30-3:30, 1003 EECS
Office HoursProfessor Halderman: Tues. Noon-1pm, 4717 CSE
Professor Honeyman: Wed. 2pm-3pm, 4777 CSE
Scott: Wed. 4:30-5:30 PM and by appointment
Online ForumAvailable on CTools

This course introduces the principles and practices of computer security as applied to software, host systems, and networks. Designed for students with a basic technical understanding of operating systems and networks, it covers the foundations of building, using, and managing secure systems. Topics will include standard cryptographic functions and protocols, threats and defenses for real-world systems (such as Windows and UNIX hosts and Web applications), incident response, and forensics. There will be biweekly homework exercises, occasional programming assignments, and midterm and final exams.


Your grade will be based on the following components:

Class Participation5%Attendance, alertness, questions, and other contributions
Homework Exercises30%Six homework exercises due about every two weeks
Programming Projects30%Four programming projects due about every three weeks
Midterm15%Midterm exam during class on October 22 (take home)
Final20%Final exam during exam period

Ethics, Law, and University Policies

To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law and the university's computing practices, or may be unethical. You must respect the privacy and property rights of others at all times, or else you will fail the course. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including civil fines, expulsion, and jail time.

Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusions. This is just one of several laws that govern hacking. Understand what the law prohibits — you don't want to end up like this guy. If in doubt, I can refer you to an attorney.

Please review CAEN's policy document on rights and responsibilities for guidelines concerning use of technology resources at U-M, as well as the Engineering Honor Code. As members of the university, you are required to adhere to these policies.