|Instructor||Professor J. Alex Halderman|
(Office hours: Thurs. 1:30-2:30, 4717 CSE, or by appointment)
|Prerequisites||EECS 281; EECS 370 recommended|
|Lectures||Tues./Thurs. Noon–1:30, 2150 Dow|
|EECS Discussion||Fri. 2:30–3:30, 2150 Dow — required for undergrads|
GSI: (Office hours: Tues. 5-6pm, Mujo Café)
|ITS Discussion||Tues. 1:30–2:30, 2150 Dow — required for ITS staff|
(Office hours: by appointment)
|Announcements||Available via CTools|
This course introduces the principles and practices of computer security as applied to software, host systems, and networks. Designed for students with a basic technical understanding of operating systems and networks, it covers the foundations of building, using, and managing secure systems. Topics will include standard cryptographic functions and protocols, threats and defenses for real-world systems (such as Windows and UNIX hosts and Web applications), incident response, and forensics. There will be biweekly homework exercises, programming projects, and a final exam.
There are separate discussion sections designed for EECS students (undergrads) and ITS students (U-M IT professionals). These sections will cover additional material tailored to each group. To receive credit for the course, students must register for and attend the section designed for them, but all students are welcome to sit in on the other section when the topic is of interest.
If you are an EECS undergrad, your grade will be based on the following components:
|Class Participation||5%||Attendance, alertness, questions, and other contributions|
|Homework Exercises||30%||Six homework exercises due about every two weeks|
|Programming Projects||40%||Four programming projects due about every three weeks|
|Final||25%||Take-home final exam|
This is a paperless course; all assignments will be distributed and turned in electronically.
Ethics, Law, and University Policies
To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law and the university's computing practices, or may be unethical. You must respect the privacy and property rights of others at all times, or else you will fail the course. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including civil fines, expulsion, and jail time.
Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusions. This is just one of several laws that govern “hacking.” Understand what the law prohibits — you don't want to end up like this guy. If in doubt, I can help refer you to an attorney.