Introduction to Computer Security (Comp535)

Meeting times / place :

Meeting Time: Tuesdays and Thursdays from 11am to 12:15 pm

Meeting Location: Fred Brooks Building, lower level, room FB007


The course covers introductory topics in computer security. The goal is to expose students to a broad range of security challenges facing us today. The course examines a wide range of topics in operating systems, software engineering, and network and communications security.

Important: This course is accompanied by a Lab, taught Fridays from 11:15am to 12:30pm in SN011. You must be enrolled in CS535 to attend the Lab. No exceptions. That lab will expose students to hands-on experimentation of concepts discussed in the course. Enrolled students must have their own laptop; we will provide access to virtual machines on our servers.

The modules for the lab will be available on Sakai. The modules will be roughly 50 mins each, but the instructors will stick around until 1pm to assist students where needed. You will be required to read and sign an Ethics and Responsible Practices statement (handed out in class) before proceeding with the labs. Participating in the modules taught in the Lab, and completing the assigned homeworks, will be essential in successfully completing the Course Project for Comp535.

Contact Info
location office hours
Fabian Monrose FB 336 2-3 pm Mondays; 3pm - 5pm Thursdays; (and by appointment)
Jan Werner : Lab Instructor FB 334 3pm - 5pm Tuesdays and Thursdays; (and by appointment); email:

When sending me email about this course, make sure to add the preamble "COMP535:" to the subject line; otherwise, responses will be slower than normal.

Course Materials

Textbook: None require, but the one(s) listed below offer background material helpful for the lectures.

  • Goodrich and Tamassia. Introduction to Computer Security, Pearson, 2011, Standard Edition.
  • Please note that many of the lectures will be supplemented by my own notes.

    For the labs, no textbook is required. We will handout detailed instructions for each module. However, the list of books below are highly recommended if you want to learn more about topics covered in this course and for mastering the labs:

  • Ligh et al, The Art of Memory Forensics, Wiley, 2016.
  • Hyde, The Art of Assembly Language, No Starch Press, 2nd Edition.
  • Kernighan and Ritchie, The C Programming Language, 1988.
  • Michal Zalewski, The Tangled Web, No Starch Press, 2012.

    Assignments (programming) 35%
    Exam 10%
    Course Project (team) 45%
    Class participation 10%

    Collaboration on assignments (except where explicitly stated) and exams is strictly forbidden. Remember UNC's Honor code.

    Written Project Status Update

    Syllabus (subject to change)

    A tentative schedule of lectures (subject to change) is provided below. Some of the material that lectures will be based on is provided below. Topics to be covered include:

    Week 1 :

    Course Overview (Goodrich: Chapter 1)

  • Introduction and basic concepts
  • Attack surface and risk assessment

  • Additional readings:
    • Risks of Risk-based Security, Communications of the ACM, 2007.
    • B. Cheswick. An Evening with Berferd in which a cracker is lured, endured, and studied, 1990.
    • S. Bellovin. There Be Dragons, USENIX Security, 1992.
    • B. Schneier, Secrets & Lies: Digital Security in a Networked World, John Wiley & Sons, 2000.

    [Lab: Getting acquainted with our VMs, UNIX essentials, compiling sample C code]

  • Week 2,3 :

    User Authentication (Goodrich: Chapter 1, 2)

  • Passwords: Approaches and defensive techniques
  • Guessing strategies and metrics
  • Case Study: Graphical passwords; Password managers for usability
  • Biometrics (overview and metrics for evaluation)

    Additional material:

    • J. Bonneau. The science of guessing: analyzing an anonymized corpus of 70 million passwords. In IEEE Symposium on Security and Privacy, 2012.
    • (video) TouchID "hack", 2014.
    [Lab Module: password cracking, proactive checking and hardening]

  • Week 4,5:
    Tools from Applied Cryptography (Goodrich: Chapter 8)

    [In class discussion]: D. Florencio and C. Herley. Is everything we know about password-stealing wrong? *

  • Terms and definitions
  • Symmetric Encryption
  • Cryptographic hash functions
  • Data authentication and integrity
  • Public-key encryption and Public-key digital signatures

  • Week 6
    Authentication Protocols Part 1: With Low Power Comes Low Security

  • Bluetooth LE: bounding and pairing, service discovery, trust anchors, key distribution weaknesses
  • Prudent engineering principles

    [Lab Module: Bluetooth]

  • (March 11-21):
    Spring Break

    Weeks 7,8:
    [Lab Module: Why crytosystems fail (cryptanalysis, WiFi vulnerabilities & protections), part 2]

    System Security (Goodrich: Chapter 3)

  • Core OS security principles (mediation, confinement, isolation, etc.)
  • Memory and Filesystem security
  • Privileges and the confinement problem

    [Lab Module: Stack-based overflows, enabling and disabling protections]

  • Week 9
    Software Security (Goodrich: Chapters 3,4)

  • Memory Protection: Stack Cookies, Data Execution Protection (DEP) and ASLR
  • Good practices; Why security testing is hard

    [Lab Module: Debugging without source code; Take-home EXAM]

  • Week 10:

    Web Security (Zalewski: Chapter 9)

    [In class discussion]: C. Herley, So Long, and No Thanks for the Externalities: The Rational Rejection of Security Advice by Users.

  • Active content and its perils
  • Cross-site Scripting, Cross-Site Forgery, SQL Injection, etc.
  • Request Origin Issues
  • Ethics and Responsible Disclosure

    [Lab Module: Web Exploits, SSL strip]

  • Week 10
    Authentication Protocols and Authenticated Key Management

  • [In class discussion:] Bryant: Designing an Authentication System: a dialogue in four scenes*

  • Establishing shared keys
  • Prudent engineering principles
  • Case study: Kerberos (Goodrich: Section 9.6)

  • Week 11:
    Realtime Protocols for the Internet (Goodrich: Chapter 6)

  • Understanding the Hearbleed Bug.
  • DNS Security;

    [Lab Module: Web Exploits & Defenses part 2]

  • Week 12:
    Malicious software (Goodrich: Chapter 4)

  • Trojans, viruses, worms and more.
  • case study: Stuxnet
  • Propagation strategies and some defense mechanisms

    Fun Readings:

    • Ken Thompson, Reflections on Trusting Trust.

  • Week 12:

    Firewalls, Perimeter Security and Network Attacks (Goodrich: Chapter 6,7)

  • Architectures and Hybrid Appliances
  • Limitations of Perimeter Defenses (Ghosts in the browser)
  • Traffic Monitoring and Intrusion detection (evaluation criteria)

    (time permitting) [Lab Module: Firewalls, determining network exposure, defenses]

    Written Project Status Update

  • Week 13:
    Privacy and Anonymity on the Internet

  • Privacy threats in Web browsing

  • Week 14:
    Course wrap up

    Final Project presentation: (Early May - TBD).