CNT 5410

Computer and Network Security


Instructor: Kevin Butler (butler at
Co-Instructor: Adam Bates (bates at
Location and Time: MWF, 12:50-1:40 PM, CSE E118
Office Hours: Mon 2-3 PM and by appointment with Prof. Butler
TA: Youlin Zhang (youlin at office hours Wed 10:30-11:30 AM, CSE E309

Course Description

Computer security is one of the most exciting and challenging areas in all of computer science. Amongst industry and government alike, security has become one of the largest concerns, and many of the fundamental issues in securing systems and networks that have vexed us for years continue to do so or have become even more problematic.

This course provides an introduction to network security. Students successfully completing this class will be able to evaluate works in academic and commercial security, and will have rudimentary skills in security research. The course begins with a tutorial of the basic elements of cryptography and continues by covering a number of seminal papers and monographs in a wide range of security areas.

Topics covered include network security, authentication, security protocol design and analysis, security modeling, key management, intrusion detection, DDOS detection and mitigation, biometrics, web security, privacy, anonymity and other emerging topics.

Most of the course readings will come from seminal papers in the field. Links to these papers will be provided on the course pages. In addition, links to critical reference materials will also be provided.

A detailed list of lecture by lecture contents, assignments, and due dates (subject to change as the term evolves) will be available on the course schedule.

Please contact the instructor if you have questions regarding the material or concerns about whether your background is suitable for the course.

If you are not familiar with C and UNIX programming environments, you will need to become so. You should also have had some exposure to reading assembly. The following resources are recommeded for learning and using C:

The following are good resources on UNIX programming:
  • Stevens and Rago, Advanced Programming in the Unix Environment. 2/E, Addison Wesley, 2005.
  • Kerrisk, The Linux Programming Interface. 1/E, No Starch Press, 2010.
If you are unfamiliar with using the command line, the following resource is helpful: You likely learned some assembly in a computer organization or architecture course. Reading x86 assembly is not tremendously different from MIPS assembly. If you want a short primer, the x86 Assembly Guide from the University of Virginia is good. For a canonical reference, The Art of Assembly Language is excellent.

Course Expectations

The expectations for the course are that students will attend every class, do the readings assigned for class, actively and constructively participate in class discussions. A major component of the course is a research project in security, with the chief product being a conference-style poster. Project topics will be discussed in class and may be proposed through email or during meetings outside of class with Prof. Butler. Do not delay: terms are short and in order to be able to perform any interesting work, the sooner a topic is chosen, the better the end-result will be. While time is constrained. The expectation is that real thought and effort will be exhibited by the work. The project grade will be based on novelty, correctness, depth of understanding, clarity of presentation, and effort. More information about the project will be given during class.


The grading policy is as follows:
  • 25% Course Research Project
  • 20% Midterm Exam
  • 25% Final Exam
  • 20% Assignments
  • 10% Participation

The course will include one midterm and one final exam. Students will be responsible for material covered both in the readings and in the lectures. Attendance is therefore recommended as not all class discussions will be covered in the text.

Quizzes may be assigned sporadically throughout the term and test comprehension of the reading material as well as the previous day's class. Being late for or missing a quiz without an extremely sound reason will result in a zero for it.

Class participation will be a measure of contributing to the discourse both in class, through discussion and questions, inside and outside of class. The goal is for thoughtful contributions that show engagement with the material. The ability to comprehend the material and the papers read will be essential towards passing the course.

Academic Integrity Policy

Students are required to follow the university guidelines on academic conduct at all times. Students failing to meet these standards will be reported to the Dean of Students, which can results in the student receiving an 'E' grade for the course. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy.

Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing assignments or the projects without previous discussion with the instructor. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As security professionals, we rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possible more severe academic and legal sanctions.

When in doubt, please contact Professor Butler for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Butler.