A first course in the design and implementation of secure and private systems. Attacks against low-level programming, secure software engineering practices, and the use of Rust to develop secure systems. Detailed study of important secure systems such as TLS, messaging, and anonymity networks. Side channels and back doors in security-sensitive systems. Advanced topics and case studies in secure systems engineering. The course will culminate in a final project where students will engineer a secure system for a chosen application. (3 credits)
🛡️ EE
G7701 meets Wednesdays from 6:30 - 9:15p
in Steinman 269. |
Prerequisites: EE 34400 Digital Computer Systems or
CSC 33200 Operating Systems or Program Director Approval.
Course instructor: Tushar Jois (Office hours: Thu 4:30 - 5p in Steinman 638)
Course text: None (zero textbook cost). We will be using publicly available materials.
| Date | Lecture topic | In-class activity | Required reading | Notes |
|---|---|---|---|---|
| Aug 28, 2024 | Course intro & Unix security basics | Lab 1: Introduction | Security Engineering book chapter | Labs are due 10p Tue after they are out |
| Sep 4, 2024 | Rust programming (guest lecture) | Lab 2: Hands-on with Rust | Rust Book, chapters 1, 3-6 | Course VM setup instructions (Intel only) |
| Sep 11, 2024 | Buffer overflows | Lab 3: Buffer overflows | Book chapter (see Blackboard) | |
| Sep 18, 2024 | Practical cryptography | Lab 4: Cryptography in Rust | Rust Book, chapters 7-11 | |
| Sep 25, 2024 | Transport Layer Security (TLS) | Lab 5: Wireshark and TLS | The Illustrated TLS 1.2 Connection | |
| Oct 2, 2024 | Fall break (no class) | |||
| Oct 9, 2024 | Exam 1 | Project introduction & group assignment | Project description out (note due dates) | |
| Oct 16, 2024 | Backdoors in secure systems (online lecture) | Lab 6: Trusting Trust | Reflections on Trusting Trust | |
| Oct 23, 2024 | Case study: electronic voting | Project check-in 1 & in-class work | Blaze law review paper | Project check-ins are due 10p the same day they are out |
| Oct 30, 2024 | Privacy & anonymity | Lab 7: Privacy | Double Ratchet specification, sections 1, 2; optional: Tor paper | |
| Nov 6, 2024 | Advanced topics | Project check-in 2 & in-class work | DOVE research paper | |
| Nov 13, 2024 | Exam 2 | Project check-in 3 & in-class work | Submit Project code by 10p Nov 19 | |
| Nov 20, 2024 | Demo practice & red team analysis (self-guided) | Project check-in 4 & in-class work | ||
| Nov 27, 2024 | Thanksgiving (no class) | |||
| Dec 4, 2024 | Project code demos | Submit Project presentation slides by 10p Dec 10 | ||
| Dec 11, 2024 | Project presentations |
This course schedule is subject to change at any time. The course staff will notify students of any schedule changes as they occur. Assignment submission and grades will be on Blackboard.
Take note of the midterm exam dates. I expect all students to take these exams in person; please let the course staff know of any issues at least two weeks before any potential absences.
If you are unable to keep up with the course, or expect to miss class due to extenuating circumstances, please inform the course staff as soon as possible.
Take my advice: don't fall behind!
Formative assignments are designed to get you familiar with the material and try out concepts. As they are for practicing, formative assignments are graded only to ensure completion of assigned tasks. However, content from these assignments will appear on the exams. It is important to complete these assignments with full effort to truly comprehend all of the material; simply attending lectures is insufficient. The following are this course's formative assignments:
Summative assessments on the other hand, are designed to evaluate your progress in the course. These form the majority of your final grade in the course. Content on these assessments will be derived from course material. The following summative assessments will be utilized in the course:
The course will be weighted as follows:
| 20% | Midterm Exam 1 (in class) |
| 20% | Midterm Exam 2 (in class) |
| 20% | Assignments (7 total) |
| 15% | Project code & demo |
| 10% | Project presentation |
| 10% | Reading quizzes (8 total) |
| 5% | Project check-ins (4 total) |
The following grade scales will apply to weighted scores, at a minimum:
| 100%: A+ | 99-92%: A | 91-90%: A- |
| 89-88%: B+ | 87-82%: B | 81-80%: B- |
| 79-78%: C+ | 77-70%: C | < 70%: F |
The instructor may choose to curve all class grades up at the end of the course, and the above cutoffs could shift, which might improve your grade. Note that this is not guaranteed, and would occur at the instructor's sole discretion.
Extra credit will be awarded to the reading quizzes grade for each attendance at a Cybersecurity Seminar. Details on this opportunity will be posted later.
This course will include topics related computer security and privacy. As part of this investigation we may cover technologies whose abuse could infringe on the rights of others. As computer scientists and engineers, we rely on the ethical use of these technologies. Unethical use includes circumvention of an existing security or privacy mechanism for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possibly more severe academic and legal sanctions.
Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern "hacking." Understand what the law prohibits. If in doubt, we can refer you to an attorney.
In addition to the law, as members of the City College of New York and users of its computer systems, you are also bound by its policies on computer use.
If you ever have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, I invite you to share directly with me, the department, or university administration. We promise that we will take your communication seriously and seek mutually acceptable resolutions and accommodations. Reporting will never impact your course grade. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).
If you are struggling with anxiety, stress, depression, or other mental health-related concerns, please consider visiting the CCNY Counseling Center. If you are concerned about a friend, please encourage that person to seek out their services.
You are welcome to bring a family member to class on occasional days when your responsibilities require it (for example, if emergency childcare is unavailable, or for the health needs of a relative). Please be sensitive to the classroom environment, and if your family member becomes uncomfortably disruptive, you may leave the classroom and return as needed.
Academic dishonesty is prohibited in The City University of New York. Penalties for academic dishonesty include academic sanctions, such as failing or otherwise reduced grades, and/or disciplinary sanctions, including suspension or expulsion.
Academic integrity is at the core of a college or university education. Faculty assign essays, exams, quizzes, projects, and so on both to extend the learning done in the classroom and as a means of assessing that learning. When students violate the academic integrity policy (i.e., “cheat”), they are committing an act of theft that can cause real harm to themselves and others including, but not limited to, their classmates, their faculty, and the caregivers who may be funding their education. Academic dishonesty confers an unfair advantage over others, which undermines educational equity and fairness. Students who cheat place their college's accreditation and their own future prospects in jeopardy.
On every exam, you will sign the following pledge: “I agree to complete this exam without unauthorized assistance from any person, materials or device.”
Note on Generative AI: This course assumes that all work (i.e., formative assignments and summative assessments) and communications (i.e., messages and emails) have been created by the student or the student's group. The use of generative AI tools (such as ChatGPT, Copilot, Gemini, and others) to complete this course is strictly prohibited, and will be treated as academic dishonesty. Please contact the instructor if you have questions.