CS342: Computer Security and Privacy
they/them or she/her
Call me “Ada”, unless you’re more comfortable addressing me more formally (e.g., as Professor Ada or Professor Lerner). Do what makes you comfortable.
Science Center E120
My office hours are:
Please also sign up for a 10 minute get-to-know-you chat on this sheet:
There is no required textbook for this course. Direct links to readings may be provided.
Table of Contents
Week 1: Jan 29 - Feb 2 | The Security Mindset, Threat Modeling
Week 2: Feb 5 - Feb 9 | Software Security
Week 3: Feb 12 - Feb 16 | Software Security
Week 4: Feb 19 - Feb 23 | Cryptography
Week 5: Feb 26 - Mar 2 | Cryptography
Week 6: Mar 5 - Mar 9 | Cryptography, Authentication, Passwords
Week 7: Mar 12 - Mar 16 | Network Protocol Security, Web Security
Week 8: Mar 19 - Mar 23 | Web Security; Spring Break begins Thursday!
Week 9: Mar 26 - Mar 30 | Spring Break, Fun, Relaxation
Week 10: Apr 2 - Apr 6 | Web Security, Web Tracking
Week 11: Apr 9 - Apr 13 | Web Tracking, Privacy
Week 12: Apr 16 - Apr 20 | Privacy, Anonymity
Week 13: Apr 23 - Apr 27 | Usable Security
Week 14: Apr 30 - May 4 | Usable Security
Week 15: May 7 - May 11 | Flex Time, Assorted Topics, Final Project Presentations
Disabilities and Accommodations
The Honor Code
Best practices for teaching suggest that it’s a good idea to create concrete, assessable learning goals for a class. Here are the high level learning goals for this class.
A student who completes this course should be able to:
All due dates are at 8pm on the specified day.
Slides and worksheets will be posted on this calendar as the semester progresses.
Current Event Review OUT (Monday, 1/29) (LINK)
Monday 1/30: Slides Worksheet (The Security Mindset)
Thursday 2/1: Slides Worksheet (Threat Modeling)
Software Security Lab OUT (Wednesday, 2/7) (LINK)
Current Event Review DUE (Wednesday, 2/7) (LINK)
Slides Worksheet (Software Security)
(Optional; classic; reference)
(Recommended; elegant; reference)
Software Security Lab Checkpoint 1 DUE (Thursday, 2/15)
Slides (Software Security continued)
Slides (Malloc/double free)
Software Security Lab Checkpoint 2 DUE (Monday, 2/26)
Slides (Randomness and start crypto)
Slides (Symmetric Encryption)
Cryptography Problem Set 1 OUT (Thursday, 3/8) (LINK)
Software Security Lab DUE (Thursday, 3/8)
Slides (MACs and Hash Functions)
Cryptography Problem Set 1 DUE (Friday, 3/16)
Cryptography Problem Set 2 OUT (Saturday, 3/17) (LINK)
Slides (Key Negotiation, Asymmetric Crypto, DH/RSA)
Cryptography Problem Set 2 DUE (Wednesday, 3/21) (LINK)
Slides (CSRF & XSS)
Slides (Command/SQL injection)
Threat Modeling Paper OUT (Wednesday, 4/4) (LINK)
Web Security Lab OUT (Wednesday, 4/10) (LINK)
Threat Modeling Paper DUE (Wednesday, 4/13) (LINK)
Slides (Notes on a few useful web security tricks)
Slides (Web Tracking)
Final Project OUT (???)
Web Security Lab DUE (Wednesday, 4/25)
Final Project DUE (Thursday, 5/11)
I aim to have the following three statements support every policy I apply to this class:
Will always be accommodated: my job is to help each and every one of you learn. Please contact me and/or have the Office of Disability Accommodations contact me soon. I will respond promptly to any and all such communications. I will never judge you or your disabilities, and I will avoid outing you to others. Though you are welcome to share any details that will help me assist in your learning, you are never required to share any private details of your life with me.
Assignments have two purposes: to help you learn, and to help both of us assess your learning (so that you can learn better, and I can help you learn better). Because assignments play such an important role in your learning, it is very important to me that you do the assignments. As a consequence, I do not deduct points for late assignments, since I find that doing so discourages completing the assignment and gaining its learning-related benefits.
For any and all assignments, you may email me for a 48 hour extension, no questions asked. You may request such an extension for any number of assignments. If those two extra days are not sufficient for you to complete the assignment, you MUST contact me to let me know. When you contact me, I will ask you to tell me about your plan for completing the assignment, and we will work together to make sure that plan is a reasonable and effective one that supports both your learning and your health.
The purpose of this policy is to help you balance the requirements of this course with your mental, physical, and emotional health. I recognize that your personal life is important, and my goal with this policy is to help you find the flexibility you need. You are never expected or required to tell me any personal or private details of your life. However, I am always available to listen should you feel that sharing anything will help me support you.
I will respond to email within 24 hours during the week, and within 48 hours over the weekend. I ask that you check your email regularly and respond promptly as well.
Your grade for this class will be determined as follows:
Cryptography Problem Set 1
Cryptography Problem Set 2
Web Security Lab
Other “Minor” Assignments
Best practices for teaching include the use of specific, assessable learning goals. I aim to give you a grade which is based on your work on those assessments.
You may notice that participation is not included in the grade. This is an intentional choice:
So do I not have to come to class? You should absolutely come to class, and do so regularly. My goal is that participation -- including in small group, large group, and one-on-one office hours conversations -- will be inherently valuable as a way to increase your mastery of the learning goals of the class, not something you show up to for a grade. Let me know if there are ways in which I could do better at achieving this ideal for you and your classmates.
I trust you - as a mature student who is invested in your learning and in your relationships with others - not to cheat, plagiarize, or otherwise violate the honor code. If at any time you feel that you are between a rock and a hard place, such that your only option is to cheat, don’t. Instead, email me, or come and talk to me. I will not judge you, and I will offer you any help I can to get you through your situation while supporting your learning and your health.