Course Overview

Instructor: Shagufta Mehnaz (Shagufta.Mehnaz@Dartmouth.edu)

Location: Zoom (see Canvas for details)

Meeting times: 3A Slot (Mondays and Wednesdays 3:30 - 5:20 pm)

Office hours: Tuesdays (4:30pm-5:30pm) and Fridays (4:30pm-5:30pm), Zoom (see Canvas for details).

I do not plan to regularly use x-hours, but I may use them for missed classes, or to catch up on material, or for optional, informal session to work through examples.

TA: Sayanton Dibbo (sayanton.v.dibbo.gr@dartmouth.edu)

TA office hours: Tuesdays (9am-10am) - In person, Thursdays (9am-10am) - In person and Zoom. Maintained on Canvas Course Calendar.

Objective: This course provides an introduction to the theory and application of computer security and privacy. Students will develop the skills necessary to formulate and address the security needs of enterprise and personal environments. The course will begin by describing the goals and mechanisms of security as motivated by recent incidents in the real world. The topics will cover cryptography, authentication, authorization, software security, software vulnerabilities, access control, malware/intrusion detection, web security, database security, privacy, AI security, and other emerging topics. A detailed list of lecture contents, assignments, and due dates (subject to change as semester evolves) will be available on the course website.

Prerequisites: CS 50 (CS51 highly recommended). In addition, I will assume you have sufficient programming experience in C/C++ and Python.

Textbooks & Materials

The following books will be used for readings and as reference material:

(1) Computer Security and the Internet: Tools and Jewels, Paul C. van Oorschot.

(2) Security in Computing, 5th edition, by Pfleeger, Pfleeger, and Margulies.

Grading

Students will be assessed and graded according to the following components. A total score of at least 60% is required to pass this course.

• Course projects (labs): 40%

• Mid-term exam: 20%

• Final exam: 20%

• Quizzes: 10%

• Class participation: 10%

Course projects/labs (40%)

There will be four lab assignments that together account for 40% of the grade in this course. Each lab is worth 10% of the final grade.

Requirements for lab submissions:

Labs are designed to be completed outside of class and must be submitted electronically via Canvas before the deadline indicated on Canvas. Even when a lab has some written exercises, you are required to either type in a file or scan your written work and submit it electronically. To submit output from your program, submit a copy-pasted file in pdf format and/or a screenshot, as appropriate. For plain text, you can use a program like TextEdit, NotePad, or Emacs, or even Word, but be sure to save as a pdf. For a screen shot, you can use Preview on Mac (under the "File" menu) or the PrntScrn button on Windows.

Lab partners

For each lab you work with another student (e.g., groups of two). In addition:

• You will get randomly selected partner for each lab

• Collect all your code files into a single zip file and upload that zip, rather than many separate files

• One partner can submit on behalf of the group

• Note in the Canvas text box for each lab the names of all partners

• Two partners will receive the same grade for the lab.

Late policy

Due via Canvas on the date and time noted on Canvas assignment. Penalties: < 8 hours: 10%; < 24 hours: 20%; < 48 hours: 40%; more: no credit.

Grading

Specific grading rubrics will be provided for each lab.

Exams (40%)

There will be a midterm and a final, each worth 20% of the final grade.

Quizzes (10%)

There will be two quizzes, one before midterm and another after midterm, each worth 5% of the final grade.

If you have questions about your lab/exam/quiz score, or would like a question/problem re-graded, see your TA within one week from the date that the score was returned to the class. If you request a re-grade of a particular question/problem, we reserve the right to re-grade your entire lab/exam/quiz.

Class participation (10%)

Most classes will have a discussion portion where we consider the topic of the day. In some cases there will be no right or wrong answer — we will all benefit from a diverse set of perspectives. Ask questions and share thoughts based on your knowledge and experience.

Collaboration

Even though you will work with one other person on the lab assignments, you are still responsible for understanding the entire assignment. That means that splitting the coding into pieces, doing your part, and never looking at your partner's parts is not a good idea. You can learn a lot by reading your partner's code and figuring out how it works, whether it is correct, and how it might be improved. You can also catch things like poor or missing comments that could cost you style points when the assignment is graded.

When working with partners, I suggest that you borrow a practice from Extreme Programming, a method of writing code that many businesses find quite effective. One person (the driver) sits at the keyboard. The other person (the navigator) looks at the (virtual) screen as the driver types, asking questions, making suggestions, and catching errors. Both of you will understand the code better if you discuss it as it is written than if you just write it (or read it) by yourself. Regularly trade off who is driver and who is navigator.

The usual reaction to this idea is, "that will take twice as long!" In practice it is usually faster than each person programming alone. The reason is that errors are caught earlier, and the amount of time are saved when debugging more than makes up for the lack of parallelism in code writing. Also, the code tends to be better written. These are some of the reasons why this idea has been adopted in industry.

Acknowledgement

This course is closely based on the ones developed by Dr. Charles Palmer and Dr. Timothy J. Pierson. I am deeply thankful to them for their generous assistance in creating this course.