This is an archive of a course I taught Fall 2021, preserved here as a resource for future students.

ECE 560: Computer and Information Security

Section 01, Fall 2021


Computer Security basically just means wearing
a ski mask on the internet.

Overview

Lecture location: Hudson Hall 125 + Zoom for authorized remote attendees
Lecture time: Tue/Thu 1:45pm - 3:00pm

Instructor: Dr. Tyler Bletsch
Email: Tyler.Bletsch AT duke.edu
Office Hours:

Teaching Assistants:

TA Office Hours: See Ed post

Links:

NOTE: This course has a significant overlap with COMPSCI 351 (taught by Maggs, Nayak, and Reiter in the Computer Science department). It is not recommended to take both. That course is great, by the way, it just didn't have enough slots to meet demand, especially from the ECE side.

Schedule

#DateLectureReadingHomework due
(11:59:00pm)
1 Tue 8/24 Introduction, Syllabus, Course Overview -
2 Thu 8/26 Computer Security Overview Chapter 1
Appendix C
3 Tue 8/31 Computer Security Overview Chapter 1
Appendix C
Homework 0,
Ethics Pledge

4 Thu 9/2 Computer Networking Overview Appendix F
Appendix I
5 Tue 9/7 Computer Networking Overview
Appendix F
Appendix I
6 Thu 9/9 Cryptography Chapters 2,20
7 Tue 9/14 Cryptography Chapters 20,21 Homework 1

8 Thu 9/16 User Authentication and Access Control Chapters 3-4
9 Tue 9/21 User Authentication and Access Control Chapters 3-4
10 Thu 9/23 Shell and Data Manipulation Skills Regex Quick Reference
11 Tue 9/28 Shell and Data Manipulation Skills Regex Quick Reference
12 Thu 9/30 Malicious Software Chapter 6
Stuxnet analysis
Homework 2
- HW2 encrypted materials
- Q9: VPN config

- Tue 10/5 Fall Break  
13 Thu 10/7 Midterm review (bring questions!)
Malicious Software
Chapter 6
Stuxnet analysis
14 Tue 10/12 Midterm exam
- Study guide
- Practice midterm
Chapter 6
15 Thu 10/14 Denial-of-Service Attacks Chapter 7 Homework 3
(PDF issue? Try Chrome.)

16 Tue 10/19 Buffer Overflows (first half of deck) Chapter 10-11
17 Thu 10/21 Buffer Overflows (first half of deck) Chapter 10-11
18 Tue 10/26 Software Security (second half of deck) Chapter 12
19 Thu 10/28 Endpoint security, Database security Chapter 12-13
20 Tue 11/2 Cloud security,
Reverse Engineering
Chapter 13,
NSA Codebreaker Challenge (2015)
Homework 4

21 Thu 11/4 Intrusion Detection, Intrusion Prevention, and Firewalls
Chapter 8-9,
Base rate fallacy spreadsheet
22 Tue 11/9 Intrusion Detection, Intrusion Prevention, and Firewalls
Chapter 8-9,
Base rate fallacy spreadsheet
23 Thu 11/11 Wireless Network Security, Mobile Security Chapter 24
24 Tue 11/16 Physical security, organizational security,
security auditing, and legal/ethical aspects
Chapter 16-19
25 Thu 11/18 Guest lecture: Alexander Merck
26 Tue 11/23 Human Factors and Social Engineering,
Maverick Chung: cpio exploit,
Final exam course review,
Optional topics?
- BitCoin and Cryptocurrency
- Jump oriented programming (end part of deck)
Poorly-spelled 1990s textfiles:
social.txt, soceng.txt
Homework 5

Fri 12/10 Final exam (9am-12pm)
- Study guide

Syllabus & policies

Course synopsis

An intense trip through many facets of computer and information security. Includes discussion and practical exercises in risk management, threat modeling, applied cryptography, malicious software, network security, intrusion detection and prevention, software and OS security, auditing and forensics, reverse engineering, and social engineering.

Includes *many* hands-on security assignments.

Should be fun.

Pre-requisites for grad students: ECE 650 (Systems Programming and Engineering) or instructor consent.

Pre-requisites for undergrad students: Computer Science 310/ECE 353 (Operating Systems).

If you feel you have an OS background but are missing the above pre-reqs, just contact me.

Grading breakdown

Category%
Homeworks 60%
Midterm exam20%
Final exam20%

Homework

You are expected to complete the homework individually unless otherwise stated. However, you may discuss topics covered in the class.

Late homework submissions incur penalties as follows:

NOTE: If you feel in advance that you may need an extension, contact the instructor. We can work with you if you see a scheduling problem coming, but extensions cannot be granted at or near the due date!

Your homework grade will be based on what you submit to Sakai and when you submit it.

Grade appeals

All regrade requests must be in writing. Email the TA with your questions. After speaking with the TA, if you still have concerns, contact the instructor.

All regrade requests must be submitted to the instructor no later than 1 week after the assignment was returned to you.

Academic integrity

I take academic integrity extremely seriously. Academic misconduct will not be tolerated, and all suspected violations of the Duke Honor Code will be referred to the Office of Student Conduct (for undergraduates) or the departmental Director of Graduate Studies (for graduate students). A student found responsible for academic dishonesty faces formal disciplinary action, which may include suspension. A student twice suspended automatically faces a minimum 5-year separation from Duke University.

In addition to the measures taken by the university, the affected assignment(s) will receive zero credit, or possibly -100% in egregious cases.

If you are considering this course of action, please see me instead, and we can work something out! I want every student in my course to be successful.

Additional resources