COMP 4580 Computer Security





      17/03: Lecture 26 is now available




      Instructor: Noman Mohammed

      Email: (Please mention COMP 4580 in the subject)

      Lecture time and location: M/W/F 1:30 in EITC E2 Room # 150

      Office location: EITC E2-417

      Office hours: M/W 11:00 AM to 12:30 PM

      Course website:

       TA: Md Toufique Morshed Tamal <>



Course Description


This course provides an introduction to security and privacy issues in various aspects of computing, including cryptography, software, operating systems, networks, databases, and Internet applications. It examines causes of security and privacy breaches, and gives methods to help prevent them.




      COMP 3430 and COMP 3720 or COMP 3010


Textbook and Other Readings


  • Introduction to Computer Security, by Michael T. Goodrich and Roberto Tamassia. Addison Wesley, 2011.


  • Recommended optional textbooks:
    1. Computer Security – A Hands-on Approach, by Wenliang Du, 2017.
    2. Security in Computing, by Charles P. Pfleeger and Shari Lawrence Pfleeger.  Prentice Hall, 4th edition, 2007.
    3. Understanding Cryptography, by C. Paar and J. Pelzl. Springer, 2010.
    4. Network Security: Private Communication in a Public World, by Charlie Kaufman, Radia Perlman, and Mike Speciner. Prentice Hall, 2nd edition 2002.
    5. Hacking: The Art of Exploitation, by Jon Erickson. No Starch Press, 2nd edition, 2008.




      Assignments (3-5): 30%

      Midterm: 20%

      Final: 30%

      Research Paper: 20%


Administrative Policy


1.     There will be 3-5 assignments worth a total of 30% towards your final grade. The assignments may include both written and programming questions. Late submissions suffer a penalty rate of 20% per day, up to 5 days (weekends count).

2.     The midterm and final are closed-book exams. The midterm covers all material presented up to that point in the course. The final exam covers material from the whole term, with emphasis on the second half of the course. Detailed information about the midterm will be released at a later time.

3.     There is no makeup to a missing midterm, so make sure that you write the midterm at the scheduled time. In the case of a serious illness or emergency, the weight of the midterm will be moved towards the final exam.

4.     Final exam make-up is possible ONLY under a university-approved condition, such as sickness with a doctor's note. Be prepared to provide written documentation (e.g., a medical excuse from your doctor) to verify the emergency and its seriousness.

5.     Students are expected to attend every class. Some material may only be covered in class and not made available on the course note/website. Students are expected to read the assigned materials and to actively participate in class discussions.

6.     In the event of extraordinary circumstances beyond the University's control, the content and/or evaluation scheme in this course is subject to change.








Reading & Assignments


Jan 3

Course Logistics and Overview

      Course Outline

      Read textbook Sections 1.1.1 and 1.1.3

Lecture 1

Jan 5

Security basics and Crypto Intro

      Read textbook Section 1.3.1

Lecture 2

Jan 8


Historical Ciphers

      Watch a talk on The Growth of Cryptography by Professor Ronald Rivest.

      Read textbook Sections 8.1.1 to 8.1.3

Lecture 3


Jan 10


Historical Ciphers, AES

      Read textbook Sections 8.1.4 to 8.1.6

Lecture 4

Jan 12


Modes of Operation (ECB, CBC, CTR)

      Read textbook Section 8.1.7

Lecture 5

Jan 15


Public-Key Cryptography

(DH Key Exchange)

      Read textbook Section 8.2.4

Lecture 6

Jan 17



      Read textbook Section 8.2.2

Lecture 7

Jan 19


Digital Signatures

      Assignment 1 (Do Tasks # 1, 2, and 5)

      Read textbook Sections 8.4.1 and 8.4.3

Lecture 8

Jan 22

Software Security: Assembly Language

      Supplementary reading (Section 4.1 and 4.2)

      Research Proposal Due in Class (hardcopy; maximum half page)

o   Mention the Name and ID of the group members

o   Title and a brief description of the project

Lecture 9

Jan 24

Memory Layout

      Read textbook Section 3.1.4


Lectures 9 and 10

Jan 26

Buffer Overflow Attack

      Supplementary reading (Sections 4.3 to 4.5)

      Optional reading: Smashing the stack for fun and profit, by Aleph One. This is the classic paper on buffer overflows.

      Watch the TED talk Cracking Stuxnet, a 21st-century cyber weapon by Ralph Langner.

Lecture 11

Jan 29

Format String Attacks

      Read textbook Chapter 3.4.5


Lecture 12

Jan 31

Format String Attacks and Defenses

      Optional reading: Exploiting Format String Vulnerabilities, by Team Teso.


Lecture 12 and 13

Feb 2


      Submit the report for Assignment 1 in class (hard copy).

      Honesty declaration form


      Optional reading: Read textbook Chapter 4



Lecture 14

Feb 5

Operating Systems Concepts

      Assignment 2:

o   Buffer Overflow (Do Tasks # 1, and 2)

o   Format String (Do Task # 1)


      Read textbook Chapter 3.1.1, and 3.1.2




Lecture 15

Feb 7


      Read textbook Chapter 1.4.2, and 3.3.2

Lecture 16

Feb 9

Authorization and Audit

      Read textbook Chapter 1.2, and 3.2.2

Lecture 16 and 17

Feb 12

Unix Security


      UNIX/Linux Command Line - Permissions

      Read textbook Chapter 3.1.3

Lecture 18

Feb 14

Security Policies

      Optional: Read textbook Chapter 9.2.1, and 9.2.2

Lecture 19

Feb 16

Midterm review



Feb 26

Web Security: Basics

      Submit the report for Assignment 2 in class (hard copy).

      Read textbook 7.1.1, 7.1.3, 7.2.2, and 7.2.3



Lecture 20

Feb 28

Midterm (in class)




Mar 2


      Read textbook 7.1.4 and 7.2.1


Lecture 21


Mar 5




Mar 7

SQL Injection

      Read textbook 7.3.1 and 7.3.3

Lectures 21 and 22

Mar 9

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF)


      Assignment 3 (Do Tasks # 1, 2, and 3)

      Read textbook 7.2.6 to 7.2.8



Lecture 23

Mar 12

Network Security Concepts


      Read textbook 5.1


Lecture 24

Mar 14

Link and Network Layer Security

      Read textbook 5.2, 5.3, and 5.5.1

Lectures 24 and 25

Mar 16

Transport and Application Layer Security

      Read textbook 5.5.2, and 6.1

       Optional reading: Read textbook 5.4


Lecture 26

Mar 19




Mar 21




Mar 23


      Submit the report for Assignment 3 in class (hard copy).



Mar 26




Mar 28




April 2

Project presentation



April 4

Project presentation



April 6

Project presentation

      Research report is due (hard copy)

o   7 to 8 pages (single spacing) including references,

o   Font: Times New Roman; Size: 12


April 11

Final Exam

      9 AM (Location: TBA)