CS 5431: Practicum in System Security
Spring 2017
2 credits, graded

Course Meetings: Friday, 10:10-11:25 am, Hollister Hall 314

Course Description

CS 5431, the practicum in system security, is designed to offer students practical experience with the design and construction of secure computing systems. The course focuses on two main themes: (i) practical defenses for real-world attacks, and (ii) security as part of the software engineering process. Students will engage in a significant group programming project, including the use of software analysis tools.

Topics may include a selection from the following: malware, honeypots, bot nets, buffer overflows, heap attacks, return-oriented programming, format string vulnerabilities, stack canaries, address-space randomization, patch exploits, static analysis, fuzz testing, lint-like and bug-finding tools, SQL injection, cross-site scripting, input validation, taint analysis, same-origin policy, isolation in web browsers, cryptosystems, digital signatures, message authentication codes, hashes, password handling, password cracking, encrypted key exchange, identity-based encryption, SSL/TLS, IPSEC, DNSSEC, S-BGP, WEP/WPA, VPNs, firewalls, packet filtering, intrusion detection, network trace forensics, side channel attacks (timing, cache, power, EM, reflection, acoustic), TPMs, denial of service, flooding, client puzzles, CAPTCHAs.



Eleanor Birrell
Office: Gates 441

Office hours: Monday, 4-6pm. You can also schedule an appoint via email or drop by my office.


This course assumes that you have mastered the material in CS 4410 (Operating Systems). You must be registered in CS 5430 (System Security) to take CS 5431.

The course project must be programmed in Java. The course may also require the use of additional tools, such as Eclipse, Eclipse plugins, C, assembler, Unix, web servers, and other standard technologies. You either need to be familiar with these technologies or to be committed to investing extra time to learn them as you go. (Part of becoming a professional computer scientist or engineer is learning to adapt quickly to new technologies.)


As a result of this course, students will be able to:


Your final grade will be computed as follows:

2%Milestone 0
40%%Intermediate Milestones (10% each)
6%In-class Demos (2% each)
30%Final Project (Milestone 5)
10%Final Presentation
10%Challenge Factor
2%Other Factors

As a general rule of thumb, an A indicates "impressive", a B is just "adequate" and C indicates "many problems."

Grading policies

Late work: Late submissions will not be accepted without my prior approval. I am not likely to give that approval except in documented cases of medical emergency, of campus computing infrastructure failure, etc.

Regrades: For all graded assignments, you may request a regrade if you believe I have made an error in the grading or if you simply want a clarification. There will be a limited window of time (usually about one week after the assignment is returned to you) during which you may request a regrade.

Use CMS to request regrades. You must explain (via CMS) what you believe is wrong or what you don't understand. Be clear and succinct. "I think I deserve a better grade" does not constitute a valid explanation. I reserve the right to regrade your entire assignment. As a result, your grade might go up or down.

Academic integrity

Absolute integrity is expected of every Cornell student in all academic undertakings. You are responsible for knowing and adhering to the Cornell Code of Academic Integrity.

You are free (and even encouraged) to discuss your project with other groups, but all code and documentation must be written by members of your group

I may use automated tools to detect plagiarism. You have been warned.


On disabilities: If you have a disability-related need for reasonable academic adjustments in this course, provide me with an accommodation letter from Student Disability Services. You are expected to give two weeks notice of the need for accommodation. If you need immediate accommodation, please arrange to meet with me as soon as possible.

On wellness: If you are experiencing undue personal or academic stress at any time during the semester or need to talk to someone who can help, contact me or one of the following resources: