This course provides an introduction to computer and network security.
Students successfully completing this class will be able to evaluate
works in academic and commercial security, and will have rudimentary
skills in security research. The course begins with a tutorial of the
basic elements of cryptography, cryptanalysis, and systems security,
and continues by covering a number of seminal papers and monographs in a
wide range of security areas.
Topics covered include network security, authentication, security
protocol design and analysis, security modeling, trusted computing,
key management, program safety, intrusion detection, DDOS detection and
mitigation, architecture/operating systems security, security policy,
group systems, biometrics, web security, and other emerging topics.
Most of the course readings will come from seminal papers in the
field. Links to these papers will be provided on the course pages. In
addition, the following book will be used for readings and as reference
Kaufman, C., Perlman, R. and Speciner, M., Network Security: Private
Communication in a Public World, 2nd edition, Prentice Hall 2002.
A detailed list of lectures, readings, assignments, due dates (subject
to change as the semester evolves) is available on the
Students will be evaluated based on the following breakdown:
- 35% Course Research Project
- 20% Midterm
- 35% Final
- 10% Class Participation
The course will include one evening midterm and one final exam. Students
will be responsible for material covered both in the readings AND
lectures. Attendance is therefore recommended as not all class
discussions will be covered in the text.
The instructor will assign homework assignments on a periodic basis for
topics associated with the class assignments. These homeworks require
the students to write, program, or perform other basic research. The
content and due dates of these assignments will be decided over the
course of the semester. If you cannot attend a lecture, contact other
students to see if any assignments have been made and consult the
Quizzes may given at the beginning of class and will cover topics
from the preceding lecture and readings. It is strongly suggested
that students do the reading prior class, as a good percentage of their
grade will depend on them. Quizzes missed because of absences can not be made up unless arrangements are made with
the instructor prior to the course
The course project requires that students execute research in network
security. The result of the project will be a conference style paper.
Project topics will be discussed in class after the introductory
material is completed. Be realistic about what can be accomplished in
a single semester. However, the work should reflect real thought and
effort - projects executed in the closing days of the semester are
unlikely to be well received. The grade will be based on the following
factors: novelty, depth, correctness,
clarity of presentation, and effort.
Project teams may include groups of up to three students; however,
groups of greater size will be expected to make greater
progress. I will advise each team/individual independently as needed.
The project grade will be a combination of grades received for a number
of milestone artifacts and the final project write-up. Details of the
milestones and content will be given in class with the other project
To do well in this course, students must take active and regular roles
in discussion and demonstrate comprehension of the reading and lecture
themes. Students are required to do the assigned reading before
class. This will be closely monitored by Professor Traynor, thereby
making a student's ability to demonstrate their comprehension of
papers essential to a receiving a passing grade.
Assignments and project milestones are assessed a 15% per-day late
penalty, with a maximum of 4 days. Unless the problem is apocalyptic,
don't give me excuses. Students with legitimate reasons who contact
the professor before the deadline may apply for an extension.
Academic Integrity Policy
Students are required to follow the university guidelines on academic
conduct at all times. Students failing to meet these standards will
be reported to the Office of Student Integrity, which
can result in the student receiving an 'F' for the semester. Note
that students are explicitly forbidden from copying anything off of the
Internet (e.g., source code, text, slides), using anything from an
answer guide, or copying code/answers from each other for the purposes
of completing any assignment or a course project.
Statement of Ethics
This course covers topics concerning the security of many systems
that are widely deployed and potentially critical. As part of this
course, we will investigate methods, tools and techniques whose use may
negatively impact the rights, property and lives of others. As security
professionals, we rely upon the ethical use of the above technologies to
perform research. However, it is easy to use such tools in an unethical
manner. Unethical use includes the circumvention of existing security or
privacy measurements for any purpose, or the dissemination,
promotion, or exploitation of vulnerabilities of these services.
This is NOT a class on hacking. Any activity outside of the
spirit of these guidelines will be reported to the proper authorities
both within and outside of Georgia Tech and may result in dismissal
from the class and the University. Exceptions to these guidelines
may occur in the process of reporting vulnerabilities through
the proper channels; however, students with any doubt should consult
Professor Traynor for advice. DO NOT conduct any action which
could be perceived as technology misuse anywhere or under any
circumstances unless you have received explicit permission from