CS342: Computer Security and Privacy

Practicalities

Instructor

Ada Lerner

they/them or she/her

Call me “Ada”, unless you’re more comfortable addressing me more formally (e.g., as Professor Ada or Professor Lerner). Do what makes you comfortable.

Science Center E120

ada.lerner@wellesley.edu

https://adalerner.com

Office Hours

My office hours are:

Please also sign up for a 10 minute get-to-know-you chat on this sheet:

https://docs.google.com/spreadsheets/d/1ByUdzUvEkCnGj7ZEgVW8CE3SNFrXLsAaAH1wUqfF0LA/edit?usp=sharing

Textbook

There is no required textbook for this course. Direct links to readings may be provided.

Table of Contents

Practicalities

Instructor

Office Hours

Table of Contents

Learning Goals

Calendar

Week 1: Jan 29 - Feb 2  |  The Security Mindset, Threat Modeling

Week 2: Feb 5 - Feb 9  |  Software Security

Week 3: Feb 12 - Feb 16  |  Software Security

Week 4: Feb 19 - Feb 23  |  Cryptography

Week 5: Feb 26 - Mar 2  |  Cryptography

Week 6: Mar 5 - Mar 9  | Cryptography, Authentication, Passwords

Week 7: Mar 12 - Mar 16  |  Network Protocol Security, Web Security

Week 8: Mar 19 - Mar 23  |  Web Security; Spring Break begins Thursday!

Week 9: Mar 26 - Mar 30  |  Spring Break, Fun, Relaxation

Week 10: Apr 2 - Apr 6  |  Web Security, Web Tracking

Week 11: Apr 9 - Apr 13  |  Web Tracking, Privacy

Week 12: Apr 16 - Apr 20  |  Privacy, Anonymity

Week 13: Apr 23 - Apr 27  |  Usable Security

Week 14: Apr 30 - May 4  |  Usable Security

Week 15: May 7 - May 11  |  Flex Time, Assorted Topics, Final Project Presentations

Policies

Disabilities and Accommodations

Late Policy

Email Policy

Grading Policy

The Honor Code

Learning Goals

Best practices for teaching suggest that it’s a good idea to create concrete, assessable learning goals for a class. Here are the high level learning goals for this class.

A student who completes this course should be able to:

Calendar

All due dates are at 8pm on the specified day.

Slides and worksheets will be posted on this calendar as the semester progresses.

Week 1: Jan 29 - Feb 2  |  The Security Mindset, Threat Modeling

Assignments: 

Current Event Review OUT (Monday, 1/29) (LINK)

Monday 1/30: Slides Worksheet (The Security Mindset)

Thursday 2/1: Slides Worksheet (Threat Modeling)

Week 2: Feb 5 - Feb 9  |  Software Security

Assignments: 

Software Security Lab OUT (Wednesday, 2/7) (LINK)

Current Event Review DUE (Wednesday, 2/7) (LINK)

Slides Worksheet (Software Security)

Readings:

http://insecure.org/stf/smashstack.html 

(Optional; classic; reference)

https://eli.thegreenplace.net/2011/02/04/where-the-top-of-the-stack-is-on-x86/

(Recommended; elegant; reference)

Week 3: Feb 12 - Feb 16  |  Software Security

Assignments:

        Software Security Lab Checkpoint 1 DUE (Thursday, 2/15)

Slides (Software Security continued)

Week 4: Feb 19 - Feb 23  |  Software Security

Slides (Malloc/double free)

Week 5: Feb 26 - Mar 2  |  Cryptography

Assignments:

        Software Security Lab Checkpoint 2 DUE (Monday, 2/26)

Slides (Randomness and start crypto)

Slides (Symmetric Encryption)

Week 6: Mar 5 - Mar 9  | Cryptography, Authentication, Passwords

Assignments:

        Cryptography Problem Set 1 OUT (Thursday, 3/8) (LINK)

Software Security Lab DUE (Thursday, 3/8)

Slides (MACs and Hash Functions)

Week 7: Mar 12 - Mar 16  |  Cryptography, Authentication, PKI

Assignments:

        Cryptography Problem Set 1 DUE (Friday, 3/16)

        Cryptography Problem Set 2 OUT (Saturday, 3/17) (LINK)

Slides (Key Negotiation, Asymmetric Crypto, DH/RSA)

Week 8: Mar 19 - Mar 23  |  Protocol/Web Security; Spring Break begins Thursday!

Assignments:

        Cryptography Problem Set 2 DUE (Wednesday, 3/21) (LINK)

Week 9: Mar 26 - Mar 30  |  Spring Break, Fun, Relaxation

Assignments:

        Sleep

        Enjoy yourself

Week 10: Apr 2 - Apr 6  |  Web Security, Web Tracking

Slides:

Slides (CSRF & XSS)

Slides (Command/SQL injection)

Assignments:

        Threat Modeling Paper OUT (Wednesday, 4/4) (LINK)

Week 11: Apr 9 - Apr 13  |  Web Tracking, Privacy

Assignments:

        Web Security Lab OUT (Wednesday, 4/10) (LINK)

        Threat Modeling Paper DUE (Wednesday, 4/13) (LINK)

Slides (Notes on a few useful web security tricks)

Slides (Web Tracking)

Week 12: Apr 16 - Apr 20  |  Privacy, Anonymity

Assignments:

        Final Project OUT (???)

Week 13: Apr 23 - Apr 27  |  Usable Security

Assignments:

        Web Security Lab DUE (Wednesday, 4/25)

Week 14: Apr 30 - May 4  |  Usable Security

Assignments:

Week 15: May 7 - May 11  |  Flex Time, Assorted Topics, Final Project Presentations

Assignments:

        Final Project DUE (Thursday, 5/11)

Policies

I aim to have the following three statements support every policy I apply to this class:

  1. “The purpose of this class is for us to work together to help you learn”, and
  2. “Your mental, emotional, social, and physical health are always at least as important as this class”
  3. “This class is an environment fully inclusive of all people”

Disabilities and Accommodations

Will always be accommodated: my job is to help each and every one of you learn. Please contact me and/or have the Office of Disability Accommodations contact me soon. I will respond promptly to any and all such communications. I will never judge you or your disabilities, and I will avoid outing you to others. Though you are welcome to share any details that will help me assist in your learning, you are never required to share any private details of your life with me.

Late Policy

Assignments have two purposes: to help you learn, and to help both of us assess your learning (so that you can learn better, and I can help you learn better). Because assignments play such an important role in your learning, it is very important to me that you do the assignments. As a consequence, I do not deduct points for late assignments, since I find that doing so discourages completing the assignment and gaining its learning-related benefits.

For any and all assignments, you may email me for a 48 hour extension, no questions asked. You may request such an extension for any number of assignments. If those two extra days are not sufficient for you to complete the assignment, you MUST contact me to let me know. When you contact me, I will ask you to tell me about your plan for completing the assignment, and we will work together to make sure that plan is a reasonable and effective one that supports both your learning and your health.

The purpose of this policy is to help you balance the requirements of this course with your mental, physical, and emotional health. I recognize that your personal life is important, and my goal with this policy is to help you find the flexibility you need. You are never expected or required to tell me any personal or private details of your life. However, I am always available to listen should you feel that sharing anything will help me support you.

Email Policy

I will respond to email within 24 hours during the week, and within 48 hours over the weekend. I ask that you check your email regularly and respond promptly as well.

Grading Policy

Your grade for this class will be determined as follows:

Current Event Review

5%

Software Security Lab

25%

Technology Review

15%

Cryptography Problem Set 1

5%

Cryptography Problem Set 2

5%

Web Security Lab

20%

Final Project

15%

Other “Minor” Assignments

10%

Total

100%

Best practices for teaching include the use of specific, assessable learning goals. I aim to give you a grade which is based on your work on those assessments.

You may notice that participation is not included in the grade. This is an intentional choice:

So do I not have to come to class? You should absolutely come to class, and do so regularly. My goal is that participation -- including in small group, large group, and one-on-one office hours conversations -- will be inherently valuable as a way to increase your mastery of the learning goals of the class, not something you show up to for a grade. Let me know if there are ways in which I could do better at achieving this ideal for you and your classmates.

The Honor Code

I trust you - as a mature student who is invested in your learning and in your relationships with others - not to cheat, plagiarize, or otherwise violate the honor code. If at any time you feel that you are between a rock and a hard place, such that your only option is to cheat, don’t. Instead, email me, or come and talk to me. I will not judge you, and I will offer you any help I can to get you through your situation while supporting your learning and your health.