CS453: Computer Security F16

The importance of information security has been thoroughly highlighted in the media recently, discussing the wide and growing range of threats that challenge the integrity of our digital world. This course is premised on the notion that in cyberspace, understanding offense is the key to good defense. Accordingly, the focus of the course will be on hackers: how they think, surveying how they mount attacks against applications and how such attacks can be thwarted. In addition to covering a variety of fundamental security topics, we will do a deep-dive into memory corruption and control flow vulnerabilities in C, emphasizing how such bugs are exploited and how we try to protect against them. By the end of the course, you will have developed a hacker mindset that will enable you to both recognize and react to new cyberattacks.


Prof. Ymir Vigfusson.


MW 11:30-12:45 W303 Lectures.
W 13:00-14:00 W303 Office hours (Ymir)

An up to date schedule is on Google Docs

LAB #1 Due 9/7 at 23:59 ET. Defuse the bomb! Scoreboard. PDF.
LAB #2 Due 9/16 at 23:59 ET. The Stolen Homework (buflab) Scoreboard. PDF.
Remaining labs will be posted on Piazza.

See Piazza

  • The Art of Exploitation by Jon Erickson
    February 2008, ISBN: 978-1-59327-144-2
    No Starch Press.
  • The Tangled Web by Michal Zalewski
    November 2011, ISBN: 978-1593273880
    No Starch Press.

Ethics. Students taking or sitting in on the course are expected to use the skills and knowledge acquired in the course in an ethical manner. Specifically, they will use computer equipment only in a manner that is authorized, and they will not mount illegal or malicious attacks or compromise any system without prior permission from the legal owner or custodian. Students understand that illegal or immoral activity may be reported to authorities.

Integrity. Students are also expected to abide to the SPCA policy on computer assignments.