Syllabus for CSE 565 (A) Computer Security (Spring 2025)

Back to course page

[Page Status: Draft, not finalized yet]

• Syllabus for CSE 565 (A) Computer Security (Spring 2025)
  • Logistics
  • Communication Policy
  • Teaching Team
  • Course Description
    • Learning Outcome
    • Pre-requisites
  • Recommend resources
    • Textbooks
    • CTF Playground
  • Grading Policies
    • Grading Scale
  • Course Policies
    • Assignment Submission Process
    • Late policy
    • Exams
    • Regrading policy
  • ACADEMIC INTEGRITY
    • Examples of violations of Academic Integrity
  • Improper Distribution of Materials policy
  • Medical Emergencies
  • Accessibility Resources

Logistics

Communication Policy

All students must only use the course Piazza for any course-related issues.

UB Learns should be used only for checking the grades (and doing the AI Quiz) – all other materials such as syllabus, announcements, homework, and project assignments, as well as Q&As, are handled by Piazza only.

All questions/requests to the instructor, TAs, and Graders should be sent using Piazza (New Post and select Instructors only if this is a private post), and not via emails (which can be used as a secondary means if Piazza post didn't work).

Teaching Team

Course Description

The objectives of this course consist of developing a solid understanding of fundamental principles of the security field and building knowledge of tools and mechanisms to safeguard a wide range of software and computing systems. The tentative list of topics includes:

• Cryptographic background and tools: encryption / decryption, signature, hashing
• Software security: Buffer overflow, format string vulnerability, shellcode,
• System security: race condition vulnerability, micro-architecture attacks (Meltdown/Spectre)
• Network security: Network sniffing, TCP/IP attacks, ARP poisoning, etc
• Web security: XSS attack, SQL injection, etc.
• Legal and ethical aspects (cybercrime, intellectual property)

Course Credits: 3

Learning Outcome

At the end of this course, each student should be able to:

• Have a good overall picture of computer security in general.

• Have a rough idea of how various security mechanisms (hardware/software) work and what kind of attacks they can defeat.

• Start reading more advanced/research-oriented computer security materials.

Pre-requisites

Students need to have some basic knowledge of operating systems, C & Python programming language, and algorithm analysis. Knowledge of computer network / architecture will be helpful, but not required.

Recommend resources

Textbooks

There is no required textbook for this course, only some recommended readings:

• [SB] William Stallings and Lawrie Brown, Computer Security: Principles and Practice, 5th edition, Pearson, 2024 or 4th edition, Pearson, 2017.

• [Du] Wenliang Du, Computer & Internet Security: A Hands-on Approach, 3rd Edition

• [GT] Michael T. Goodrich and Roberto Tamassia, Introduction to Computer Security, Addison-Wesley, 2011

• [FS] Niels Ferguson and Bruce Schneier, Cryptography Engineering: Design Principles and Practical Applications.

• [An] Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems. 3rd edition, 2020

CTF Playground

• Pico CTF: CTF for beginners. Good for learn all the basics.
• pwn.college: Educational CTF platform maintained by ASU security team. Good for beginners.
• pwnable.kr: A collection of fun challenges.
• cryptopals: Learning cryptography by implementing classical algorithms and attacks
• Wargame-nexus: List of CTF playgrounds maintained by Yan Shoshitaishvili

Grading Policies

(==Tentative and subject to change==)

The overall score will be calculated based on the scores from the 4 parts (with weights) as follows:

• (In-class) Midterm Exam (1): 20%

• Final Exam (1): 30%

• Assignments (4): 50%. Each Assignment consists of a written Homework and a programming Lab, specifically:

  • Homeworks (4): 20%

  • Labs (4): 30%

All Assignment should be done individually. In each of the 4 parts listed, you will receive a numerical score (normalized to 0~100 range), and the final score is a weighted average of the 4 parts.

Grading Scale

The following indicates the grade breakdown which will be used in assigning grades in the course. It is possible that these ranges may be adjusted at the end of the semester to address inconsistencies or hardships that arise. Grades will not be curved/adjusted during the semester.

Note: We reserve the right to assign grades based on overall performance, taking into consideration the scores from different assignments and exams.

Course Policies

Assignment Submission Process

Your written solution may be either handwritten and scanned, or typeset. Either way, you must produce a PDF that is legible and displays reasonably on a typical PDF reader. You should view your submission after you upload it to make sure that it is not corrupted or malformed. Submissions that are rotated, upside down, or that do not load will not receive credit. Illegible submissions may also lose credit depending on what can be read. Ensure that your final submission contains all pages.

You are responsible for making sure your submission went through successfully.

Late policy

• All assignments are due on the day and time posted.

• You can submit an assignment up to 1 days late with a penalty of 20% out of total points. The latest submission (3 days late) will receive at most 80% of max points even if it’s all correct; 0 points if more than 24 hours late.

  • Please do not rush the assignment near the deadline. The penalty will be automatically applied even if you submit only 1-second late.

• Please start all assignments and projects early! Excuses that you did not have enough time for an assignment will not be considered. Extraordinary circumstances will be considered at the discretion of the instructor (not the TAs), contact the instructor via e-mail if you think these apply to you.

Exams

• If you miss an exam because of sickness or similar reasons, visit a physician and obtain a note detailing the period during which you were medically incapable of taking the exam.

• Notify the instructor immediately via e-mail if you are going to miss an exam before the exam takes place unless medically impossible.

• See the instructor as soon as you return to class.

• If you miss an exam without a valid excuse, you will receive a zero grade for that exam. No make-up exam will be available unless there is a provable extreme circumstance.

• No extra work in the next semester will be given to improve your grade.

Regrading policy

• Exams/Homework/Projects: Exams/Homework/project grades will be posted on UBLearns. You can look up graded exam/homework/projects from the UBLearns. Questions about exam/homework/report grades should be sent on Piazza via private post within one week after the grade is posted on UBLearns. If you are not satisfied with the TA’s response, you should contact the instructor no later than 2 days after the TA’s response.

• Exams papers will NOT be returned.

• No regrade requests will be considered after the deadlines mentioned above.

ACADEMIC INTEGRITY

Academic integrity is a fundamental university value. Through the honest completion of academic work, students sustain the integrity of the university and of themselves while facilitating the university's imperative for the transmission of knowledge and culture based upon the generation of new and innovative ideas. For more information, please refer to the Graduate Academic Integrity policy.

• No tolerance for cheating

  • Upon your first instance of academic integrity violation, you will receive at least a penalty of score 0 for that assignment.

  • If a second violation occurs, you will get an F and NOT pass the course.

  • All the violation (whether it’s the first or second instance) will be reported to the Office of Academic Integrity (OAI), the Department, and the School, as required by the University policy Academic Integrity.

  • Consult the Department and University Statements on Academic Integrity.

• Group study/discussion of the assignment at the conceptual level is encouraged, but the submission must be your own work. You must list all people you've discussed with in your submission.

• Homework: Homework reports must be written up individually. Use of reference materials in the library or online is allowed, provided that the homework explicitly cites the references used. Note that copying the solutions from online sources or the previous semester is still considered cheating even if you cite the sources.

• Projects: Projects need to be done individually. Discussions of ideas are welcome, but exchanges of reports are not allowed. You must list all people you've discussed with in your submission.

• Students who do share their work with others are as responsible for academic dishonesty as the student receiving the material. Students are not to show work to other students, in class or outside the class. Students are responsible for the security of their work and should ensure that printed copies are not left in accessible places, and that file/directory permissions are set to be unreadable to others.

• Excuses such as “I was not sure” or “I did not know” will not be accepted. If you are not sure, ask the TAs and/or the instructor.

• Usage of Large Language Model (LLM) services is not allowed unless explicitly stated

  • This applies to all existing online LLM services (e.g., ChatGPT, Claude.ai, Mistral AI, Copilot, etc) and offline/local-deployed LLMs.
  • We recognize that LLMs are powerful tools for security researchers and practitioners, and you should definitely utilize them outside the class. But if we allow the usage in homeworks, many would simply copy-paste whatever answers they get from the LLMs, which means they learned little actual knowledge.
  • In some problems of assignments/labs, we may explicitly state that you can use LLM to simplify certain steps. In that case, the usage is allowed.
  • Disallowed usage is considered as Academic Integrity violation.

• Any student may withdraw their submission (homework, lab, projects) at any time, no questions asked, BEFORE any AI violation is discovered.

Examples of violations of Academic Integrity

These bullets should be obvious things not to do (but commonly occur):

• Turning in your friend’s code/write-up (obvious).
• Turning in solutions you found on Google/ChatGPT with all the variable names changed (should be obvious).
• Turning in solutions you found on Google/ChatGPT with all the variable names changed and 2 lines added (should be obvious).
• Paying someone to do your work. You may as well not submit the work since you will fail the exams and the course.
• Posting to forums asking someone to solve the problem. Note: Aggregating every [stack overflow answer|result from Google|other source] because you "understand it" will likely result in full credit on assignments (if you aren't caught) and then failure on every exam. Exams don't test if you know how to use Google, but rather test your understanding (i.e., can you understand the problems to arrive at a solution on your own). Also, other students are likely doing the same thing, and then you will be wondering why 10 people that you don’t know have your solution.

Other violations that may not be as obvious:

• Working with a tutor who solves the assignment with you. If you have a tutor, please contact me so that I may discuss with them what help is allowed.
• Sending your code to a friend to help them. If another student uses/submits your code, you are also liable and will be punished.
• Joining a chatroom for the course where someone posts their code once they finish, with the honor code that everyone needs to change it in order to use it.
• Reading your friend’s code the night before it is due because you just need one more line to get everything working. It will most likely influence you directly or subconsciously to solve the problem identically, and your friend will also end up in trouble.

Improper Distribution of Materials policy

All materials prepared and/or assigned by me for this course are for the students’ educational benefit. Other than for permitted collaborative work, students may not photograph, record, reproduce, transmit, distribute, upload, sell or exchange course materials, without my prior written permission.

“Course materials” include, but are not limited to, all instructor-prepared and assigned materials, such as lectures; lecture notes; discussion prompts; study aids; tests and assignments; and presentation materials such as PowerPoint slides, Prezi slides, or transparencies; and course packets or handouts. Public distribution of such materials may also constitute copyright infringement in violation of federal or state law.

Violation of this policy may additionally subject a student to a finding of “academic dishonesty” under the Academic Integrity policy and/or disciplinary charges under the Student Code of Conduct.

Medical Emergencies

Accommodations for medical emergencies will be made on a case-by-case basis. Requests for extensions based on medical emergencies must be accompanied by documentation of the emergency from student health services:

http://www.buffalo.edu/studentlife/who-we-are/departments/health.html.

We do NOT accept just the proof of the doctor’s appointment as the accommodation request.

Accessibility Resources

If you have any disability which requires reasonable accommodations to enable you to participate in this course, please contact the Office of Accessibility Resources in 60 Capen Hall, 716-645-2608 and also the instructor of this course during the first week of class. The office will provide you with information and review appropriate arrangements for reasonable accommodations, which can be found on the web at: http://www.buffalo.edu/studentlife/who-we-are/departments/accessibility.html.