Syllabus

CSE 365 Spring 2024

Course Info

Course Location: COOR 170
Course Times: Tuesday/Thursday, 12:00pm--1:15pm
Course attendance is optional, and you may attend any lecture.

Recitation Location: BYAC 260
Recitation Time: Monday/Tuesday/Wednesday/Thursday/Friday, 4:30pm--5:20pm
Recitation Start Date: 01/15/24
Recitation attendance is optional, and you may attend any recitation.

Instructors

Instructor: Prof. Jaejong Baek
Email: jaejong@asu.edu
Office: BYENG M1-38
Office Hours: Wednesday 5:00pm--6:00pm (Zoom or in person)

Instructor: Connor Nelson
Email: connor.d.nelson@asu.edu
Office Hours: Monday 11:00am--12:00pm (Twitch); Zoom or in person as requested

Instructor: Muhilan Ramamoorthy
Email: muhilan.ramamoorthy@asu.edu
Office Hours: Friday 2:00pm--3:00pm (Zoom or in person)

TA Office Hour

Steven: Monday 3:00 pm - 4:00 pm, Thursday 2:00 pm - 3:00 pm, Zoom
Puda: Wednesday and Friday 4:30 pm - 5:20 pm, In-person only at the recitations.

Course Description

This course will introduce students to the fundamentals of cybersecurity. Security is a complicated thing: it is only as strong as its weakest link, and a small, single mistake can often bring down otherwise extremely secure software.

In this course, we will explore security from the perspective of the web, following the entire technology stack from the CPU, to the kernel, userspace, networking, cryptography, and finally, all the way up to the browser and http server. Each lecture will consist of an introduction to a new topic and an assignment for students to explore these concepts.

These assignments will be very thorough, and by the end, students will have an intuitive understanding of how to exploit these vulnerabilities, and will have the building blocks needed to prevent them, both in the lab and in the real world.

Course Structure

Both sections of this course will be treated as one big course (that's why they are hybrid). The content/lectures covered in both classes will be available to attend online, as well as recorded and posted online after. Students in both classes will be responsible for the content taught in both (as they build on each other).

Assessment

Students will be evaluated on their performance on assignment pwn.college modules, which will contain hands-on security exercises.

Course Communication

All announcements and communications for the class will take place on the pwn.college discord, with announcements in the course #announcements channel and discussion in the #text class-specific channel. Students are required to be on this discord.

Questions meant for the professors and/or TAs can be sent directly to their emails. Before emailing your question, please consider asking it on the discord instead. This way, the entire class will benefit from your question.

Grade Policies

Assignments

There are 9 assignments. Each assignment is equally weighted. Within an assignment, each challenge is equally weighted. Your grade on each assignment is earned by solving challenges: your solves / total number of challenges; with solves after the assignment deadline being worth half credit.

Assignments are worth 100% of your grade.

Extra Credit

Extra credit will be awarded for participation in the class. In total, you can earn up to 5% extra credit in the course.

Memes

In order to foster a good learning community, and encourage creative thinking around the material, you may receive extra credit each week for sharing educational memes in the course discord. You may receive up to 0.25% extra credit per week, resetting on Sunday at 23:59:59, for memes. It is important to note that memes must be relevant, educational, and non-offensive. No excessively spicy memes please. The course discord bot will acknowledge credited memes with the approval of course staff. Good memes will be reviewed in class.

Helpfulness

This course encourages collaboration. If you are thanked in the course discord for helping someone, you receive extra credit. Extra credit for receiving thanks is logarithmic (5 * log_100_(thanks)); in other words, 10 thanks is worth 2.5% extra credit, while 100 thanks is worth 5% extra credit. The course discord bot will acknowledge thanks. Abuse of this system (inauthentic help, trading thanks, etc) is considered a violation of academic integrity.

Good Questions

Asking good questions is a skill. If you ask a good question in the course discord, you may receive extra credit, up to 0.25% extra credit per good question. The course discord bot will acknowledge good questions with the approval of course staff. Questions asked for the sake of asking questions will not count as good questions.

Deadlines

Module	Start Date	Due Date
Module 1: Talking Web	Thursday, January 11, 2024 @ 12:00:00	Monday, January 22, 2024 @ 23:59:59
Module 2: Assembly Crash Course	Thursday, January 18, 2024 @ 00:00:00	Wednesday, January 31, 2024 @ 23:59:59
Module 3: Building a Web Server	Thursday, February 1, 2024 @ 00:00:00	Monday, February 12, 2024 @ 23:59:59
Module 4: Reverse Engineering	Tuesday, February 13, 2024 @ 00:00:00	Monday, February 27, 2024 @ 23:59:59
Module 5: Intercepting Communication	Thursday, February 22, 2024 @ 00:00:00	Wednesday, March 14, 2024 @ 23:59:59
Module 6: Cryptography	Thursday, March 14, 2024 @ 00:00:00	Wednesday, March 27, 2024 @ 23:59:59
Module 7: Access Control	Thursday, March 28, 2024 @ 00:00:00	Tuesday, April 3, 2024 @ 23:59:59
Module 8: Web Security	Thursday, April 4, 2024 @ 00:00:00	Wednesday, April 17, 2024 @ 23:59:59
Module 9: Binary Exploitation	Tuesday, April 16, 2024 @ 00:00:00	Monday, April 29, 2024 @ 23:59:59

All times are in Arizona time (UTC-7).

Grade Thresholds

The preliminary thresholds for assigning a letter grade are the following:

Letter Grade	Threshold (>=)
A+	100
A	93
A-	90
B+	86
B	83
B-	80
C+	74
C	70

We reserve the right to curve the grades (by lowering the thresholds), depending on the circumstances.

Late Submission Policy

Late solves on challenges (solves done after the module deadline) will incur a 50% penalty. Only those challenges that are solved after the deadline will be worth 50%. Any solves after May 5th at 11:59:59 AZ time will not count.

Recorded Lectures

Links to the recorded lectures:

• 01/09/2024 Introduction to Cybersecurity
• 01/11/2024 Overview of Information Assurance
• 01/16/2024 Web Basics https://youtu.be/Tp0oly7ruMY?feature=shared
• 02/22/2024 Intercepting Communication-1
• 02/27/2024 Intercepting Communication-2
• 02/29/2024 Intercepting Communication-3
• 03/12/2024 Intercepting Communication-4
• 03/14/2024 Cryptography-1
• 03/19/2024 Cryptography-2
• 03/21/2024 Cryptography-3
• 03/26/2024 Cryptography-4
• 03/28/2024 Access Control-1
• 04/02/2024 Access Control-2
• 04/04/2024 web Security-1

Lecture Slides

Links to the slides:

• 01/09/2024 Introduction to Cybersecurity
• 01/11/2024 Overview of Information Assurance
• 01/16/2024 Web Basic
• 02/22/2024 Intercepting Communication-1
• 02/27/2024 Intercepting Communication-2
• 02/29/2024 Intercepting Communication-3
• 03/12/2024 Intercepting Communication-4
• 03/14/2024 Cryptography-1
• 03/19/2024 Cryptography-2
• 03/21/2024 Cryptography-3
• 03/26/2024 Cryptography-4
• 03/28/2024 Access Control-1
• 04/02/2024 Access Control-2

Collaboration Policy

Collaboration is highly encouraged in this course. However, there is a delicate balance between being excessively helpful and learning. The purpose of course collaboration is to understand concepts. As such, questions and answers should be focused on concepts, and not how to solve challenge X.

The challenges explore important concepts, so it is fine to discuss the challenges. However, you may not discuss full or significant portions of a challenge's solution. Furthermore, you may not intentionally solve challenges as a group. The assignments must still be solved individually.

Feel free to discuss ideas important to the challenge, or tools which may be useful.

If there is any confusion, just ask! We will try to assume good intentions, but egregious violations are academic integrity violations.

Academic Integrity

Plagiarism or any form of cheating in assignments or projects is subject to serious academic penalties. To understand your responsibilities as a student read: [ASU Student Code of Conductanuals/usi/usi104-01.html) and ASU Student Academic Integrity Policy. All engineering students are expected to adhere to the ASU Student Honor Code. There is a zero-tolerance policy in this class: any violation of the academic integrity policy will result in a zero on the assignment and the violation will be reported to the Dean's office. Withdrawing from this course will not absolve you of responsibility for an academic integrity violation and any sanctions that are applied. The AIO maintains a record of all violations and has access to academic integrity violations committed in all other ASU college/schools. Plagiarism is taken very seriously in this course.

Posting your assignment solutions online is expressly forbidden, and will be considered a violation of the academic integrity policy. Note that this includes working out of a public GitHub repository. The Github Student Developer Pack provides unlimited private repositories while you are a student, so use that and never make it public.

You may use generative AI tools in this course.

Faculty Recording of Class Sessions

All class sessions will be recorded, and recordings provided to enrolled students, instructors, instructional support personnel, and the public. If you have concerns about being recorded, please contact the course instructor(s). Recordings of all class sessions will be posted online for all students (current and future) to access for reviewing course materials.

Special Accommodations

Students requesting disability accommodations should register with the Disability Resource Center (DRC) and present the instructor with appropriate documentation from the DRC.

Syllabus Update

Any information in this syllabus may be subject to change with reasonable advance notice.

Misc

The contents of this course, including lectures and other instructional materials, are copyrighted materials. During this course, students are prohibited from making audio, video, digital, or other recordings during class, or selling notes to or being paid for taking notes by any person or commercial firm without the express written permission of the faculty member teaching this course. Be reasonable.

Title IX is a federal law that provides that no person be excluded on the basis of sex from participation in, be denied benefits of, or be subjected to discrimination under any education program or activity. Both Title IX and university policy make clear that sexual violence and harassment based on sex are prohibited. An individual who believes they have been subjected to sexual violence or harassed on the basis of sex can seek support, including counseling and academic support, from the university. If you or someone you know has been harassed on the basis of sex or sexual assault, you can find information and resources at https://sexualviolenceprevention.asu.edu/faqs.

As a mandated reporter, I am obligated to report any information I become aware of regarding alleged acts of sexual discrimination, including sexual violence and dating violence. ASU Counseling Services, https://eoss.asu.edu/counseling, is available if you wish to discuss any concerns confidentially and privately.