CY 2550, Foundations of Cybersecurity,  Spring 2025

In spring 2025 I taught 2 sections of Foundations of Cybersecurity (CY 2550) at Northeastern's Oakland campus.

Course Description

Major security breaches routinely make headline news and impact the lives of millions of people. Cybercrime is a multi-million dollar, mature business. Privacy and online safety are facing new challenges with the growth of AI tools. As technology is increasingly embedded in society, business, and government, the need for security and privacy expertise to protect our infrastructure grows.

This course presents an overview of basic principles, concepts and human aspects of security, privacy and online safety. The high-level course goal is to introduce a breadth of concepts in the security and privacy space and learn when and how to use those concepts through projects. Students will develop a broad sense of the security/privacy space and can decide how to focus in subsequent course work or experiential learning. We will also critically use pre-trained LLMs to understand how they can support security and privacy decision making.

Readings will introduce students to the history of security and privacy as well as contemporary threats. Students will learn how to develop threat models that characterize attacker capabilities, goals, and the costs of different defensive strategies. The course will also introduce students to legal, ethical, and human computer interaction issues associated with security and privacy.

Prerequisites

The official prerequisite for this course is CS 2500. Students will implement relatively straightforward programming assignments. Basic knowledge of the Unix/Linux command line is needed and tutorial materials will be available. Since CS 3650 (Computer Systems) and CS 3700 (Networks and Distributed Systems) are not prerequisites, students will not be expected to complete assignments that deal with assembly code, operating system internals, or low-level network protocols. Binary exploitation is not part of this class.

Class Forum

The class forum is on Piazza. Piazza is the best place to ask questions about projects, programming, debugging issues, exams, etc. To keep things organized, please tag all posts with the appropriate hashtags, e.g. #lecture1, #project3, etc. I will also use Piazza to broadcast announcements to the class. Bottom line: unless you have a private problem, post to Piazza before writing emails to TAs or me.

Ethics

In this class, you will learn about security and privacy techniques and tools that can potentially be used for offensive purposes. It is imperative that students only use these tools and techniques on systems they own (your personal computers) or systems that are sanctioned by the instructor. NEVER perform attacks against public systems that you do not control. As we will discuss in class, it is ethically problematic to attack systems that you do not own, and may violate the law.

Class Format 

This class will use a traditional, lecture-style format, punctuated with in-class examples. Slides will be made available by the end of each class. Please bring a laptop/tablet to every class.

The following textbooks are available online and are optional resources for many of the course topics:

Security Engineering - Third Edition, A Guide to Building Dependable Distributed Systems

by Ross Anderson

§  Computer Security and the Internet: Tools and Jewels
by Paul C. van Oorschot. 2019, Springer. 

https://people.scs.carleton.ca/~paulv/toolsjewels.html

While we won't cover it in class, the following optional book is also recommended: Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter. You are free to purchase paper or electronic versions of this book.

This term we will be using Piazza for class discussion. The system is highly catered to getting you help fast and efficiently from classmates, the TA, and myself. Rather than emailing questions to the teaching staff, I encourage you to post your questions on Piazza. If you have any problems or feedback for the developers, email team@piazza.com.

Find our class signup link at: https://piazza.com/northeastern/spring2025/cy2550merged202530

Assignments & Grading

There will be several projects in the class; all will be available in Canvas. Programming assignments are in a language of your choice. The only universal requirement is that your projects must compile and run on an unmodified Khoury College Linux machine. You will use a turn-in script to create a compressed archive of the necessary files for the assignments, timestamp them, and submit them for grading. I highly recommend that students start assignments early!

Most class meetings will end with a quiz taken in Canvas. Quizzes are designed to be completed in 30 minutes or less. They are not meant to cause students grief, and the questions will be straightforward. The goals of the quizzes are to incentivize attendance and encourage careful study of the lecture material. The lowest 2 quiz scores will be dropped and you will be able to make-up at most 3 quizzes without a doctor's note by an alternative exercise, tailored to the topic of the missed quiz. The details of this alternative exercise will be explained in class and available in Canvas.

In total, the projects count for 60% and the quizzes count for 40% (in total) of final grades. 

To calculate final grades, I will use the following scale: [0-59] F, [60-62] D-, [63-66] D, [67-69] D+, [70-72] C-, [73-76] C, [77-79] C+, [80-82] B-, [83-86] B, [87-89] B+, [90-92] A-, [93-100] A. 

Late Policy

For projects, we will use flexible slip days. Each student is given seven (7) slip days for the semester. You need to ask the instructors via a Piazza post before the project deadline. If the reasoning you offer is not satisfactory, your request will be denied, and you will adhere to the 20% a day penalty policy. After you have used up your slip days, any project handed in late will also be penalized by 20% per day.

For our  group projects, slip days will be deducted from each group member's remaining slip days. Keep this stipulation in mind: if one member of a group has zero slip days remaining, then that means the whole group has zero slip days remaining.

Requests for Regrading
Each student is allotted three (3) grading challenges each semester. If you want a project or an essay question on a quiz regraded you must make a formal request in Piazza to all instructors specifying (a) the problem or problems you want to be regraded and (b) for each of these problems, why you think the problem was misgraded. This request must be made within a week of the assignment due date or when you receive your grade in Canvas, whichever is later. If it turns out that there has been an error in grading, the grade will be corrected, and you get to keep your challenge. However, you permanently lose your challenge if the original grade is correct. Once your two challenges are exhausted, you cannot request regrades. You may not challenge the use of slip days or any points lost due to lateness.

For our 1 group project (the Value Sensitive Design project), all group members must have an available challenge to contest a grade. If the challenge succeeds, all group members get to keep their challenge. However, if the challenge is unsuccessful, then all group members permanently lose one challenge.

Cheating Policy

It's ok to ask your peers about the concepts, algorithms, or approaches needed to do the assignments. We encourage you to do so; both giving and taking advice will help you to learn. However, what you turn in must be your own, or for projects, your group's own work. Looking at or copying code or homework solutions from other people or the Web is strictly prohibited. In particular, looking at other solutions (e.g., from other groups or students who previously took the course) is a direct violation. Projects must be entirely the work of the students turning them in, i.e. you and your group members. If you have any questions about using a particular resource, ask the course staff or post a question to the class forum.

All students are subject to the Northeastern University's Academic Integrity Policy. Per Khoury College policy, all cases of suspected plagiarism or other academic dishonesty must be referred to the Office of Student Conduct and Conflict Resolution (OSCCR). This may result is deferred suspension, suspension, or expulsion from the university.

Accommodations for Students with Disabilities

If you have a disability-related need for reasonable academic accommodations in this course and have not yet met with a Disability Specialist, please visit www.northeastern.edu/drc and follow the outlined procedure to request services. If the Disability Resource Center has formally approved you for an academic accommodation in this class, please present the instructor with your "Professor Notification Letter" at your earliest convenience, so that we can address your specific needs as early as possible.

Title IX

Title IX makes it clear that violence and harassment based on sex and gender are Civil Rights offenses subject to the same kinds of accountability and the same kinds of support applied to offenses against other protected categories such as race, national origin, etc. If you or someone you know has been harassed or assaulted, you can find the appropriate resources here.