Syllabus

CSE 365 Summer 2024

Course Info

Full Syllabus: Click
Course Location: Zoom
Live lecture: Monday 2:00pm-3:00pm, Thursday (Office hour) 4:00pm-5:00pm
Recitation Location: Zoom
Recitation Time: : See Discord #course-info. Recitation attendance is optional, and you can attend any recitation.

Instructor

Instructor: Prof. Jaejong Baek
Email: jaejong@asu.edu
Office: BYENG M1-38
Office Hours: Thursday 2:00pm-3:00pm 4:00pm-5:00pm (Zoom or in person)

IA

Kanishk Sharma: ksharm72@asu.edu

Grader

Sparsh Tayal: stayal2@asu.edu

UGTA

Benjamin Jones: Bdjone19@asu.edu
Sukhmanjot Khangura: skhangur@asu.edu

Course Description

This course will introduce students to the fundamentals of cybersecurity. Security is a complicated thing: it is only as strong as its weakest link, and a small, single mistake can often bring down otherwise extremely secure software.

In this course, we will explore security from the perspective of the web, following the entire technology stack from the CPU, to the kernel, userspace, networking, cryptography, and finally, all the way up to the browser and http server. Each lecture will consist of an introduction to a new topic and an assignment for students to explore these concepts.

These assignments will be very thorough, and by the end, students will have an intuitive understanding of how to exploit these vulnerabilities, and will have the building blocks needed to prevent them, both in the lab and in the real world.

Course Structure

Both sections of this course will be treated as one big course (that's why they are hybrid). The content/lectures covered in both classes will be available to attend online, as well as recorded and posted online after. Students in both classes will be responsible for the content taught in both (as they build on each other).

Assessment

Students will be evaluated on their performance on assignment pwn.college modules, which will contain hands-on security exercises.

Course Communication

All announcements and communications for the class will take place on the pwn.college discord, with announcements in the course #announcements channel and discussion in the #text class-specific channel. Students are required to be on this discord.

Questions meant for the professors and/or TAs can be sent directly to their emails. Before emailing your question, please consider asking it on the discord instead. This way, the entire class will benefit from your question.

Grade Policies

Assignments

There are 9 assignments. Each assignment is equally weighted. Within an assignment, each challenge is equally weighted. Your grade on each assignment is earned by solving challenges: your solves / total number of challenges; with solves after the assignment deadline being worth half credit.

Assignments are worth 100% of your grade.

Good Questions

Asking good questions is a skill. If you ask a good question in the course discord, you may receive extra credit, up to 0.25% extra credit per good question. The course discord bot will acknowledge good questions with the approval of course staff. Questions asked for the sake of asking questions will not count as good questions.

Deadlines

Module	Start Date	Due Date
Module 1: Talking Web	Thursday, May 16, 2024 @ 12:00:00	Wednesday, May 22, 2024 @ 23:59:59
Module 2: Assembly Crash Course	Monday, May 18, 2024 @ 00:00:00	Sunday, May 26, 2024 @ 23:59:59
Module 3: Building a Web Server	Monday, May 27, 2024 @ 00:00:00	Sunday, Jun 2, 2024 @ 23:59:59
Module 4: Reverse Engineering	Monday, Jun 3, 2024 @ 00:00:00	Sunday, Jun 9, 2024 @ 23:59:59
Module 5: Intercepting Communication	Monday, Jun 10, 2024 @ 00:00:00	Sunday, Jun 16, 2024 @ 23:59:59
Module 6: Cryptography	Monday, Jun 17, 2024 @ 00:00:00	Sunday, Jun 23, 2024 @ 23:59:59
Module 7: Access Control	Monday, Jun 24, 2024 @ 00:00:00	Sunday, Jun 30, 2024 @ 23:59:59
Module 8: Web Security	Thursday, Jun 27, 2024 @ 00:00:00	Wednesday, July 3, 2024 @ 23:59:59
Module 9: Binary Exploitation	Thursday, July 4, 2024 @ 00:00:00	Wednesday, July 10, 2024 @ 23:59:59

All times are in Arizona time (UTC-7).

Grade Thresholds

The preliminary thresholds for assigning a letter grade are the following:

Letter Grade	Threshold (>=)
A+	100
A	93
A-	90
B+	86
B	83
B-	80
C+	74
C	70

We reserve the right to curve the grades (by lowering the thresholds), depending on the circumstances.

Late Submission Policy

Late solves on challenges (solves done after the module deadline) will incur a 50% penalty. Only those challenges that are solved after the deadline will be worth 50%. Any solves after May 5th at 11:59:59 AZ time will not count.

Recorded Lectures

Links to the recorded lectures:

Lecture Slides

Links to the slides:

Collaboration Policy

Collaboration is highly encouraged in this course. However, there is a delicate balance between being excessively helpful and learning. The purpose of course collaboration is to understand concepts. As such, questions and answers should be focused on concepts, and not how to solve challenge X.

The challenges explore important concepts, so it is fine to discuss the challenges. However, you may not discuss full or significant portions of a challenge's solution. Furthermore, you may not intentionally solve challenges as a group. The assignments must still be solved individually.

Feel free to discuss ideas important to the challenge, or tools which may be useful.

If there is any confusion, just ask! We will try to assume good intentions, but egregious violations are academic integrity violations.

Academic Integrity

Plagiarism or any form of cheating in assignments or projects is subject to serious academic penalties. To understand your responsibilities as a student read: ASU Student Code of Conduct Manuals/usi/usi104-01.html and ASU Student Academic Integrity Policy. All engineering students are expected to adhere to the ASU Student Honor Code. There is a zero-tolerance policy in this class: any violation of the academic integrity policy will result in a zero on the assignment and the violation will be reported to the Dean’s office. Note that the second offense may make XE (Academic Dishonesty) grade assigned in accordance with AIP. Withdrawing from this course will not absolve you of responsibility for an academic integrity violation and any sanctions that are applied. The AIO maintains a record of all violations and has access to academic integrity violations committed in all other ASU colleges/schools. Plagiarism is taken very seriously in this course.

Our course team regularly monitors cheating codes the students use. Note that reusing code even the course team (Instructor, TA, UGTA, etc.) shares can’t waive this policy.

Posting your assignment solutions online is expressly forbidden, and will be considered a violation of the academic integrity policy. Note that this includes working out of a public GitHub repository. The GitHub Student Developer Pack provides unlimited private repositories while you are a student, so use that and never make it public.

You must refrain from uploading to any course shell, discussion board, or website used by the course instructor or other course forum, material that is not the student's original work unless the student first complies with all applicable copyright laws; faculty members reserve the right to delete materials on the grounds of suspected copyright infringement. The contents of this course, including lectures and other instructional materials, are copyrighted materials. Unless otherwise directed, students may not share outside the class, including uploading, selling, or distributing course content or notes taken during the conduct of the course. Any recording of class sessions is authorized only for the use of students enrolled in this course during their enrollment. Recordings and excerpts of recordings may not be distributed to others. (see ACD 304–06, Commercial Note Taking Services and ABOR Policy 5-308 F.14 for more information).

Generative AI policy

You may use generative AI tools in this course but should report the citation here https://forms.gle/umCGHnXN16RBEEpx7 to avoid AIV issue.

Faculty Recording of Class Sessions

All class sessions will be recorded, and recordings provided to enrolled students, instructors, instructional support personnel, and the public. If you have concerns about being recorded, please contact the course instructor(s). Recordings of all class sessions will be posted online for all students (current and future) to access for reviewing course materials.

Special Accommodations

Students requesting disability accommodations should register with the Disability Resource Center (DRC) and present the instructor with appropriate documentation from the DRC.

Syllabus Update

Any information in this syllabus may be subject to change with reasonable advance notice.

Misc

The contents of this course, including lectures and other instructional materials, are copyrighted materials. During this course, students are prohibited from making audio, video, digital, or other recordings during class, or selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of the faculty member teaching this course. Be reasonable.

Title IX is a federal law that provides that no person be excluded on the basis of sex from participation in, be denied benefits of, or be subjected to discrimination under any education program or activity. Both Title IX and university policy make clear that sexual violence and harassment based on sex are prohibited. An individual who believes they have been subjected to sexual violence or harassed on the basis of sex can seek support, including counseling and academic support, from the university. If you or someone you know has been harassed on the basis of sex or sexual assault, you can find information and resources at https://sexualviolenceprevention.asu.edu/faqs.

As a mandated reporter, I am obligated to report any information I become aware of regarding alleged acts of sexual discrimination, including sexual violence and dating violence. ASU Counseling Services, https://eoss.asu.edu/counseling, is available if you wish to discuss any concerns confidentially and privately.