ECE/CS 230: Computer Systems Security [KAUST] 

Course Information

• Division: CEMSE

• Course number: ECE/CS230

• Academic Semester: Fall 2024

• Location: Building 9 - Classroom 3223

• Meeting time: Tue 08:30-11:30 

• Instructor: Charalambos Konstantinou (aka Harrys)

• Teaching Assistants: Li Zhou & Luis Vazquez Limon [TA hours: Tuesday 1-3pm (B5-L2)]

• Please read this before dropping an email to the TAs.

• Email: first.last at kaust.edu.sa

Course Description

Computer systems are essential in every part of our personal and professional life (e.g., online banking, social networking, etc.). These tasks can however expose the users to various security threats (e.g., credit card number theft, personal information leakage). Therefore, there is a need for designing secure computer systems. This course teaches both theoretical and practical concepts of cybersecurity. The course will cover an introduction to the most important features of computer security, including topics such as symmetric ciphers, public key cryptosystems, digital signatures, hashes, message authentication codes, key management and distribution, authentication protocols, vulnerabilities and malware, access control, network security. The class will provide students with the necessary knowledge for designing secure computer systems and programs and methods for defending against malicious threats (e.g., viruses, worms, denial of service).

Goals & Objectives

At the end of the course, the students will be able to (1) distinguish the broad set of technical aspects of cybersecurity, (2) be able to describe the vulnerabilities and threats posed by cyber-criminals to computer systems and supporting infrastructure, (3) explain common vulnerabilities in computer systems/programs, including buffer overflow vulnerabilities, time-of-check to time-of-use flaws, incomplete mediation, (4) know most theoretical concepts in the area of computer security including security principles, threat modeling, cryptography, access control), (5) apply theoretical concepts in practice by using a programming language to implement attacks and defenses in systems (e.g., operating systems, networks).

Required Knowledge / Prerequisites

Students are expected to enter this course with a background in computer systems and programming knowledge in C & Python and Linux systems, as well as basic knowledge of operating systems and data structures. Some knowledge of assembly and compilers will be helpful, but the relevant information will be covered in the course or in provided references.

Reference Texts

C. Pfleeger, S. Pfleeger, J. Margulies, “Security in Computing” 5th Edition, Prentice Hall, ISBN-13‏: 978-0134085043, Pearson; 5th edition 2015.

Available as an e-book with your KAUST credentials here. 

The lectures may not be compatible with the textbook. Reading literatures coupling with the course content will be posted online, as well as the slides.

Method of Evaluation

• 10% Online Active Participation 

• 35% Assignments

• 20% Midterm exam

• 35% Final exam

Nature of Assignments

• Online Active Participation: A topic will be assigned bi-weekly on Blackboard and students are required to participate in the discussion boards.

• Assignments: Assigned every other week and due one week after. They can be paper and pen questions and/or programming exercises. Some of the assignments will depend on previous assignments. Students will need to program in C and/or Python.

• Midterm exam: In-class open-note exam.

• Final exam: The final exam will be an open-notes exam, covering material from the whole semester, with emphasis on material covered since the last midterm.

Course Policies

• For the assignments students are expected to work independently. Offering and accepting solutions from others is an act of plagiarism, which will be penalized. Discussion among students is encouraged, but when in doubt, students should direct their questions to the professor or teaching assistant.

• A topic will be assigned bi-weekly on Blackboard and students are required to participate in the discussion boards. Participation is: 1) answering questions posed in the topic description, 2) answering questions posed by other students or the instructor, 3) posting interesting/insightful summaries on articles that pertain to the weeks coursework but not necessarily have to be on the topic. Participation is not: 1) simple two sentence responses, 2) linking to articles, 3) copying and pasting.

• Midterm and final exams will be open-notes meaning that students can consult the following course materials: slides, handouts (including labs and assigned readings), lecture notes. Anything else is not allowed (except linguistic dictionaries). Kindle-type readers without internet access are allowed to avoid printing slides, etc. 

• All methods of evaluations are required. Students who do not show up for an exam or do not provide any assignment or participate in a discussion should expect a grade of zero on that item. 

• Students will not receive extensions. Late assignments (not exams) will be accepted. Students will be penalized 20% for every late day (day determined per the deadline of the submission time). 

Additional Information

Overall, the course is largely self-contained and will introduce the necessary technologies required for a qualitative (rather than quantitative) understanding of the security landscape of computer systems.