CS 42600 - Computer Security Spring 2018

Link to Blackboard Learn login page

Link to Piazza class page


A survey of the fundamentals of information security. Risks and vulnerabilities, policy formation, controls and protection methods, database security, encryption, authentication technologies, host-based and network-based security issues, personnel and physical security issues, issues of law and privacy. Typically offered Fall Spring.

Catalog description: The course focuses on the principles and foundations of building secure computer systems and on security and privacy challenges in existing and emerging computer networks and systems. The course compares and analyzes security and privacy threats and architectures from an adversarial standpoint to understand how to build more secure protocols that can withstand the ever-adaptive attacks.


3 class hours, 2 PSO hours, 3 credit hours


Undergraduate level CS 35400 Minimum Grade of C [may be taken concurrently] or (Undergraduate level ECE 46900 Minimum Grade of C or Undergraduate level EE 46900 Minimum Grade of C)

Policies & Standards

All of my courses operate under the same general policies and standards . My students are expected to study and understand all of these policies. Potential students are encouraged to check these out before signing up for one of my classes.


Class meetings

MWF in LWSN B-155, 1:30pm ‐ 2:20pm


Tentatively scheduled for March 9, in class
No books or notes. NO electronic devices.

A second exam may be given in early April.

Final exam: Tuesday May 1, 1pm--3pm, WALC 2087

Comprehrensive. No books or notes. NO electronic devices.


Eugene H. Spafford (Spaf)

Some classes will be taught by other faculty when Spaf is out of town.

For office hours, telephone/email, etc., see Spaf's homepage .


Arnab Chaudhuri

Office hours: R 1:45pm ‐ 3:45pm, or by appointment office: REC 224
email: < chaudhu1@purdue.edu >

Kyungtae Kim

Office hours: T R 10am ‐ 12pm, or by appointment office: HAAS G-50, or overflow in HAAS 143
email: < kim1798@purdue.edu >

Contacting Students

There will be a course email list used for high-priority announcements. This will use your registered @purdue.edu email address; make sure this is forwarded to an account you read on a regular basis.

All students should sign up on the Piazza webpage for the course (see the link above). We will be using Piazza for our discussions as well as to provide the required course material.

Some announcements may be posted in Blackboard, so be sure to check that at least once each week.

This informational page will be updated over the course of the semester! Be sure to check it regularly.

Grades and Grading

Blackboard will be used to distribute assignments and collect your responses. Grades will only be available there.

The final grade in the class will be based on assignments, a midterm exam, and a comprehensive final exam. In-class quizzes may be given without advance notice.

The determination of final scores will be approximately 35% for homeworks and projects, 25% for exams and quizzes, and 40% for the final exam.

I have adopted this 10 point scale for assignments, originally described by Professor Clifton for grading all non-test items:

10 Exceptional work. So good that it makes up for substandard work elsewhere in the course. These will be rare, and for many homeworks/problems a perfect score will correspond to an 8.
8 What I'd expect of a Ph.D. candidate or outstanding MS student. This corresponds to an A grade.
6 Average Master's degree student work, but not what I'd like to see for a Ph.D. candidate. This corresponds to a B grade.
4 Okay for a Master's candidate who does extremely well in other courses. This corresponds to a C grade.
2 Not good enough for a graduate student. But something.
0 Missing work, or so bad that you needn't have bothered.

If you have a question or a dispute with grading of any item related to the class, consult with one of the TAs first. You can then meet with Spaf about it if you do not agree with what the TA has to say.

Appeals of grades will only be considered within 10 class days of the posting of the grades!

Week-by-week topics


The following shows an approximate week-by-week list of topics and readings (readings will be fleshed out as the semester advances). The actual presentation of some of these topics may change, subject to availability of guest lecturers and additional resources.

† Normally, Wikipedia should not be relied upon as a definitive resource: many of its pages contain incomplete and incorrect information. Some of the pages are actually carefully crafted hoaxes. For this course, I will, however, list some Wikipedia entries for overview purposes because I have reviewed them (at the time of assignment) and found no glaring errors.
‡ You will need to access some of these readings via the Purdue online library ‐ you need to use the Purdue portal to get to them.
Week / Dates Topics Readings & Notes
1-2 / Jan 8 Class introduction & policies and overview of class.
Basic definitions: risk, vulnerability, trust

Basic cryptography
3-4 / Jan 22, Jan 29 Software Security

Flaws & testing
4-5 / Jan 29, Feb 5 Malware and Intrusion detection
5-6 / Feb 5, Feb 12 Access control
6-7 / Feb 12, Feb 19 Authentication
8-9 / Feb 26, Basics of Physical Security

Basics of Personnel Security

March 9
March 12 Spring Break
March 19 Network threats & attacks

Network defenses

  • Text pp. 432 ‐ 474 (Chapter 6 Sections 6 & 7)
  • IP Protocol
March 26 Law & ethics

  • Text pp. 813 ‐ 834 (Chapter 13 Sections 1 & 2)

April 2 Law & ethics continued
April 4 CERIAS Annual Symposium!
April 9 Privacy

Supply chain issues

April 16 Web security issues
April 23 Cyberwar, Incident Response

Certifications, economics

Catch-up & review

Tuesday May 1
Final Exam: , 1pm--3pm, Comprehensive, closed book, in WALC 2087


Referrence texts

Class Text

Charles P. Pfleeger , Shari Lawrence Pfleeger , and Jonathan Margulies
Security in Computing, 5/e Prentice Hall , 2007.

Other References

Matthew Bishop
Computer Security: Art and Science Addison-Wesley , 2003. ISBN 0-201-44099-7

I suggest you get the latest printing of the textbook; earlier printings had more typos. Also get the appropriate Errata pages .

I maintain a Tumblr blog i try to keep updated with current news about information security. You should monitor the blog and read the items I link in so as to get a sense of current security incidents. The blog is available at http://blog.spaf.us

Some students have found primary material in the research literature easier to understand than the (condensed) treatment in the textbook. The text contains extensive references (over 1000); you are encouraged to go to these for material with which you have difficulty.

Two recommended books for additional reference (or your bookshelf, if you intend to do more work in this area) are:

Ross Anderson
Security Engineering: A Guide to Building Dependable Distributed Systems , 2.e, Wiley, 2008.
Rolf Oppliger
Contemporary Cryptography , 2/e, Artech House, 2011

Other Readings

Readings may be added to the above table as the semester progresses.

I have a (outdated) list of general recommended readings for my security courses. This will be augmented with other suggestions and recommendations over time.

Other Information

Students are encouraged to attend the weekly security seminar or to view the podcasts online.

Other information, handouts, assignments, etc will all be on the class page in Blackboard and eventually linked in here.