Learning Objectives

In this course, students will study a variety of attacks on computer software and hardware. These attacks are caused by the vulnerabilities in the design and implementation of computer systems. The course emphasizes "learning by doing", and requires students to conduct a series of lab exercises. Through these labs, students can enhance their understanding of the principles, and be able to apply those principles to solve real problems. After completion of the course, students should be able to possess the following skills:

  • be able to analyze and evaluate software systems for its security properties,
  • be able to evaluate risks faced by computer systems,
  • be able to explain how various attacks work,
  • be able to detect common vulnerabilities in software,
  • be able to design and implement basic security mechanisms to protect computer systems,
  • be able to describe and generalize various software vulnerabilities,
  • be able to compare various security mechanisms, and articulate their advantages and limitations,
  • be able to apply security principles to solve problems.


Professor: Wenliang (Kevin) Du
Office: SciTech Building, Room 4-285
Phone: 443-9180
Email address: wedu@syr.edu

Required Texts

Wenliang Du. Computer Security: A Hands-on Approach, 2nd Edition.

Grading (subject to change)

  • Late Homework Policy: 10% penality per business day.
  • Weights on Final Exam, Labs and Final Project: The labs and project are supposed to help students enhance and supplement their learnings with hands-on experiences. While many students do benefit from that, for some students, these exercises do not seem to work. They get very good scores in labs and project, but score very low in the final exam. Given that the final exam is the utimate test to measure how much a students has learned, for students doing poorly on the exam, the hands-on exercises do not seem to serve their intended goal, so their weight needs to be reduced. Here is the fomula to calculate the weight on the labs and final project:
    • Final exam score ≥ 60: weight on labs/project = 50%.
    • Final exam score < 60: weight on labs/project = (final_exam_score - 10)/100.
    • Final exam score < 10: weight on labs/project = 0%.
    Examples Weight on Final Exam Weight on Labs/Project
    Final exam score is above 60 50% 50%
    Final exam score is 40 70% 30%
    Final exam score is 20 90% 10%
    Final exam is below 10 100% 0%


  • Introduction and Basics
    • Class Introduction (syllabus, policies, and projects)
    • An Overview of Computer Security
    • Course projects (labs)
    • Unix Security Basics

  • Software Security: Vulnerabilities, Attacks, and Countermeasures
    • Privileged programs (Set-UID programs) and vulnerabilities
    • Buffer Overflow vulnerability and attack
    • Return-to-libc attack
    • Race Condition vulnerability and attack
    • Dirty COW attack
    • Format String vulnerability and attack
    • Shellshock attack
    • Heartbleed attack

  • Web Security: Vulnerabilities, Attacks, and Coutermeasures
    • Same Origin Policy
    • Cross-Site Scripting Attack
    • Cross-Site Request Forgerty Attack
    • SQL-Injection Attack
    • Click-Jacking Attack
    • Web Tracking

  • Smartphone Security
    • Access control in Android operating system
    • Rooting Android devices
    • Repackaging attacks
    • Attacks on apps
    • Whole-disk encryption
    • Hardware protection: TrustZone

  • Hardware Security
    • Meltdown attack
    • Spectre attack
    • 80x86 Protection Mode (access control in hardware)