CSE 565 (A) Computer Security (Spring 2025)

[Page Status: Draft, Under construction]

Site Map

Course Info (This page) : Basic summary of course content
Syllabus : Detailed course content, including grading policy, academic integrity policy, accessibility resources, etc.
Schedule : This is where you find course materials (lecture notes / slides / assignments) and deadlines (assignments / projects / exams).

Announcements

[04/15] HW4 & Lab4 released. Both due in 04/29.
[03/27] HW3 & Lab3 released. Both due in 04/11.
[02/25] HW2 & Lab2 released. Both due in 03/11.
[02/04] HW1 & Lab1 released. Both due in 02/19.
[01/23] Class begins.

Logistics

Lecture Time	Location	Piazza Link
Tue & Thu, 9:30 AM –10:50 AM	Davis 101	spring2025/cse565a

Communication Policy

All students must only use the course Piazza for any course-related issues.

UB Learns should be used only for checking the grades (and doing the AI Quiz) – all other materials such as syllabus, announcements, homework, and project assignments, as well as Q&As, are handled by Piazza only.

All questions/requests to the instructor, TAs, and Graders should be sent using Piazza (New Post and select Instructors only if this is a private post), and not via emails (which can be used as a secondary means if Piazza post didn't work).

Teaching Team

Role	Name	Office Hours
Instructor	Xiangyu Guo (xiangyug@buffalo.edu)	Davis Hall 318, Tue & Thu, 1:30 PM – 2:30 PM. (Zoom Link)
TA	Gaoxiang Liu (gliu25@buffalo.edu)	Davis Hall 309, Thu, 1:00 PM – 3:00 PM (Zoom Link)
TA	Xingyu Wang (xwang282@buffalo.edu)	Davis Hall 309, Tue, 1:00 PM – 3:00 PM (Zoom Link)

Course Description

The objectives of this course consist of developing a solid understanding of fundamental principles of the security field and building knowledge of tools and mechanisms to safeguard a wide range of software and computing systems. The tentative list of topics includes:

Cryptographic background and tools: encryption / decryption, signature, hashing
Software security: Buffer overflow, format string vulnerability, shellcode,
System security: race condition vulnerability, micro-architecture attacks (Meltdown/Spectre)
Network security: Network sniffing, TCP/IP attacks, ARP poisoning, etc
Web security: XSS attack, SQL injection, etc.

Course Credits: 3

Learning Outcome

At the end of this course, each student should be able to:

Have a good overall picture of computer security in general.
Have a rough idea of how various security mechanisms (hardware/software) work and what kind of attacks they can defeat.
Start reading more advanced/research-oriented computer security materials.

Pre-requisites

Students need to have some basic knowledge of operating systems, C & Python programming language, and algorithm analysis. Knowledge of computer network / architecture will be helpful, but not required.

Textbooks

There is no required textbook for this course, only some recommended readings:

[SB] William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 5th edition, Pearson, 2024 or 4th edition, Pearson, 2017.
[Du] Wenliang Du, Computer & Internet Security: A Hands-on Approach, 3rd Edition
[GT] Michael T. Goodrich and Roberto Tamassia, Introduction to Computer Security, Addison-Wesley, 2011
[FS] Niels Ferguson and Bruce Schneier, Cryptography Engineering: Design Principles and Practical Applications.
[An] Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems. 3rd edition, 2020

CTF Playground

Pico CTF: CTF for beginners. Good for learn all the basics.
pwn.college: Educational CTF platform maintained by ASU security team. Good for beginners.
pwnable.kr: A collection of fun challenges.
cryptopals: Learning cryptography by implementing classical algorithms and attacks
Wargame-nexus: List of CTF playgrounds maintained by Yan Shoshitaishvili