A first course in the design and implementation of secure and private systems. Attacks against low-level programming, secure software engineering practices, and the use of Rust to develop secure systems. Detailed study of important secure systems such as TLS, messaging, and anonymity networks. Side channels and back doors in security-sensitive systems. Advanced topics and case studies in secure systems engineering. The course will culminate in a final project where students will engineer a secure system for a chosen application. (3 credits)
🛡️ EE G7701 meets Tuesdays from 6:30
- 9:15p
in Shepard 20. |
Prerequisites: EE 34400 Digital Computer Systems or
CSC 33200 Operating Systems or Program Director Approval.
Course instructor: Tushar Jois (Office hours: Thu 4:30 - 5p in Steinman 638)
Course text: None (zero textbook cost). We will be using publicly available materials.
| Date | Lecture topic | In-class activity | Reading | Deliverables |
|---|---|---|---|---|
| Jan 30, 2024 | Course intro & Unix security basics (slides) | Course virtual machine setup | Security Engineering book chapter | Assignment 1 out, due by 10p |
| Feb 6, 2024 | Buffer overflows (slides) | Intro to GDB & Assignment 1 in-class work | Book chapter (see Blackboard) | |
| Feb 13, 2024 | Rust programming (slides) | Lab 1: Hands-on with Rust | Rust Book, chapters 1, 3-6 | Assignment 2 out, due by 10p Mar 4 |
| Feb 20, 2024 | Practical cryptography (slides) | Lab 2: More fun with Rust | Rust Book, chapters 7-11 | |
| Feb 27, 2024 | Case study: Transport Layer Security (TLS) (slides) | Lab 3: Wireshark & TLS | The Illustrated TLS 1.2 Connection | |
| Mar 5, 2024 | Exam 1 | Project introduction & group assignment | Project description out (note due dates) | |
| Mar 12, 2024 | Case study: electronic voting (slides) | Project check-in 1 & in-class work | Blaze law review paper | |
| Mar 19, 2024 | Backdoors in secure systems (slides) | Assignment 3 in-class work | Reflections on Trusting Trust | Assignment 3 out, due by 10p Apr 1 |
| Mar 26, 2024 | Case study: medical device security (recorded lecture on Blackboard) | Project check-in 2 & in-class work |
DIYAPS review paper, pages 1217-1222 and 1227-1232 | |
| Apr 2, 2024 | Case study: privacy & anonymity systems (slides) | Lab 4: Privacy | Double Ratchet specification, sections 1, 2; optional: Tor paper | |
| Apr 9, 2024 | Advanced topics: side channels & trusted hardware (slides) | Project check-in 3 & in-class work | DOVE research paper | Submit Project code by 10p Apr 15 |
| Apr 16, 2024 | Exam 2 | Project check-in 4 & in-class work | ||
| Apr 23, 2024 | Spring recess (no class) | |||
| Apr 30, 2024 | Spring recess (no class) | |||
| May 7, 2024 | Project code demos | In-class work | Submit Project presentation slides by 10p May 13 | |
| May 14, 2024 | Project presentations |
This course schedule is subject to change at any time. The course staff will notify students of any schedule changes as they occur. Assignment submission and grades will be on Blackboard.
Take note of the midterm exam dates. I expect all students to take these exams in person; please let the course staff know of any issues at least two weeks before any potential absences.
If you are unable to keep up with the course, or expect to miss class due to extenuating circumstances, please inform the course staff as soon as possible.
Take my advice: don't fall behind!
Formative assignments are designed to get you familiar with the material and try out concepts. As they are for practicing, formative assignments are graded only to ensure completion of assigned tasks. However, content from these assignments will appear on the exams. It is important to complete these assignments with full effort to truly comprehend all of the material; simply attending lectures is insufficient. The following are this course's formative assignments:
Summative assessments on the other hand, are designed to evaluate your progress in the course. These form the majority of your final grade in the course. Content on these assessments will be derived from course material. The following summative assessments will be utilized in the course:
The course will be weighted as follows:
| 20% | Midterm Exam 1 (in class) |
| 20% | Midterm Exam 2 (in class) |
| 15% | In-class labs (completion, 4 total) |
| 15% | Assignments (3 total) |
| 15% | Project code & demo |
| 10% | Project presentation |
| 5% | Project check-ins (completion, 4 total) |
The following grade scales will apply to weighted scores, at a minimum:
| 100%: A+ | 99-92%: A | 91-90%: A- |
| 89-88%: B+ | 87-82%: B | 81-80%: B- |
| 79-78%: C+ | 77-72%: C | 71-70%: C- |
| 69-60%: D | < 60%: F |
The instructor may choose to curve all class grades up at the end of the course, and the above cutoffs could shift, which might improve your grade. Note that this is not guaranteed, and would occur at the instructor's sole discretion.
There will be no extra credit assignments in the course.
This course will include topics related computer security and privacy. As part of this investigation we may cover technologies whose abuse could infringe on the rights of others. As computer scientists and engineers, we rely on the ethical use of these technologies. Unethical use includes circumvention of an existing security or privacy mechanism for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possibly more severe academic and legal sanctions.
Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern "hacking." Understand what the law prohibits. If in doubt, we can refer you to an attorney.
In addition to the law, as members of the City College of New York and users of its computer systems, you are also bound by its policies on computer use.
If you ever have concerns in this course about harassment, discrimination, or any unequal treatment, or if you seek accommodations or resources, I invite you to share directly with me, the department, or university administration. We promise that we will take your communication seriously and seek mutually acceptable resolutions and accommodations. Reporting will never impact your course grade. In handling reports, people will protect your privacy as much as possible, but faculty and staff are required to officially report information for some cases (e.g. sexual harassment).
If you are struggling with anxiety, stress, depression, or other mental health-related concerns, please consider visiting the CCNY Counseling Center. If you are concerned about a friend, please encourage that person to seek out their services.
You are welcome to bring a family member to class on occasional days when your responsibilities require it (for example, if emergency childcare is unavailable, or for the health needs of a relative). Please be sensitive to the classroom environment, and if your family member becomes uncomfortably disruptive, you may leave the classroom and return as needed.
Academic dishonesty is prohibited in The City University of New York. Penalties for academic dishonesty include academic sanctions, such as failing or otherwise reduced grades, and/or disciplinary sanctions, including suspension or expulsion.
Academic integrity is at the core of a college or university education. Faculty assign essays, exams, quizzes, projects, and so on both to extend the learning done in the classroom and as a means of assessing that learning. When students violate the academic integrity policy (i.e., “cheat”), they are committing an act of theft that can cause real harm to themselves and others including, but not limited to, their classmates, their faculty, and the caregivers who may be funding their education. Academic dishonesty confers an unfair advantage over others, which undermines educational equity and fairness. Students who cheat place their college's accreditation and their own future prospects in jeopardy.
On every exam, you will sign the following pledge: “I agree to complete this exam without unauthorized assistance from any person, materials or device.”