CSE 40567/60567 is an undergraduate and graduate level Computer Science and Engineering course at the University of Notre Dame that introduces students to the fundamentals of computer security. Is computer security getting better, or is it getting worse? With each passing day, we hear reports of new security breaches targeting major government, corporate and university networks — in spite of decades of effort to harden the hardware and software that runs the Internet. Part of the problem has been a profound disconnect between academic researchers and security practitioners, underpinned by a fundamental misunderstanding of the role the human element plays in circumventing supposedly secure systems. To help bridge this gap, this course introduces students to the major concepts of practical security engineering, with an emphasis on risk mitigation as opposed to imperfect risk prevention. With this guiding philosophy, the course covers the core principles of cryptographic protocols, software security, and network security, which will serve as useful building blocks for application-specific security engineering endeavors. Special attention will be paid to current topics in the field, including cryptographic libraries, preemptive strategies for combating software bugs, wireless networks, and web security. Balance will be struck between theoretical analysis and real-world cases, giving students an appropriate background to pursue further work in security in an academic or professional setting.

Upon successful completion of this course, students will be able to:

  1. Describe the principles of three core areas of computer security (cryptographic protocols, software security, and network security), and know how to apply them in real-world settings.

  2. Engineer practical security systems with risk mitigation as a guiding philosophy.

  3. Select current cryptographic algorithms with appropriate cryptographic primitive lengths that are not easily prone to attack.

  4. Detect weaknesses in cryptographic implementations that can lead to data compromise.

  5. Identify bugs and poor practices that can lead to vulnerabilities in hardware and software.

  6. Develop and deploy custom software solutions for system and network attacks and defense.

  7. Reverse engineer proprietary and obfuscated binary code for auditing purposes.

  8. Understand the components of secure web app development.

  9. Itemize the most up-to-date security threats propagating on the Internet, as well as the corresponding countermeasures.

Class Information

T/R 2:00 PM - 3:15 PM
Class Zoom Room (see link pinned in Slack)


Walter Scheirer (walter.scheirer@nd.edu)
Office Hours
T/R 12:00 PM - 1:45 PM, and by appointment
Office Location
Prof. Scheirer's Zoom Room (see link pinned in Slack)

Help Protocol

  1. Think
  2. Slack
  3. Think
  4. Email
  5. Think
  6. Office

Teaching Assistants

Graduate Teaching Assistant
Sophia Abraham (sabraha2@nd.edu)
Office Hours
F 11:30 AM - 1:30 PM
Office Location
Sophia's Zoom Room (see link pinned in Slack)
Graduate Teaching Assistant
Bill Theisen (wtheisen@nd.edu)
Office Hours
W 3:30 PM - 5:30 PM
Office Location
Bill's Zoom Room (see link pinned in Slack)
Unit Date Topics Assignment
Security Basics 01/14 Introduction, Syllabus, Overview of the State of Security Slides
01/16 Risk Mitigation, the Human Element, Vulnerability Disclosure Slides A. Ch. 2, pp. 17-43
01/21 Security Nomenclature, Auth. Mechanisms, Categories of Attacks and Defenses Slides A. Ch. 2, pp. 43-62; Homework 01
Cryptography 01/23 Cryptographic Protocols Slides A. Ch. 3
01/28 Key Exchange, BAN Logic, Protocol Proofs Slides A. Ch. 5, pp. 129-153
01/30 One-Way Functions, Symmetric Key Encryption Slides A. Ch. 5, pp. 153-184; Homework 02
02/4 AES, Public Key Encryption, RSA Slides Hankerson et al., Ch. 1
02/6 RSA, Elliptic Curves, Digital Signatures Slides Perrin and Marlinspike
02/11 Current Applications, Zero Knowledge Proofs, PKI, Cryptanalysis Slides SANS, PKI; Homework 03
Software Security 02/13 Advanced Persistent Threats, Password Cracking Slides Oechslin
02/18 User Roles, Group Roles, Fine-Grained Access Control Slides A. Ch. 4, pp. 93-107
02/20 File System Security, Memory Allocation, Buffer Overflows Slides Cowan et al.; Homework 04
02/25 Heap Overflows, Type Overflows, Midterm Review Slides blexim
02/27 Checklist 01 Midterm
03/3 Film Screening: The Great Hack Film Response
03/5 Film Screening: The Great Hack
Spring Break
Software Security 03/24 Guest Lecture: Ariel Herbert-Voss, OpenAI Video
03/26 Format Strings Bugs, Software Security Tools Slides Video Serebryany et al.; Homework 05
03/31 Memory Protection Mechanisms Slides Video A. Ch. 4, pp. 110-117
Network Security 04/2 Introduction to TCP/IP Slides Video A. Ch. 21, pp. 633-652
04/7 Guest Lecture: RC Johnson, PayPal
04/9 Network Eavesdropping, Wireless Eavesdropping, Countermeasures Against Eavesdropping Slides Video A. Ch. 21, pp. 652-78; Homework 06
04/14 Port Scanning, OS Fingerprinting, DNS Security Slides Video Son and Shmatikov
04/16 Covert Channels, Denial of Service Attacks Slides Video Zargar et al.
04/21 Firewalls, Intrusion Detection Slides Video Paxson; Homework 07
04/23 Guest Lecture: Stephen Watt, Farsight Security Video Wired Article on Stephen
04/28 Evading Intrusion Detection, Anomaly-Based Intrusion Detection Slides Video Sommer and Paxson
Final Exam 5/7-5/8 Checklist 02 Final


Component Points
Participation Participation in class, film response, office hours, and slack chats. 100
Homeworks Homework assignments. 7 × 125
Midterm Exam Covering the first half of the course. 400
Final Exam Covering the second half of the course. 625
Total 2000


Grade Points Grade Points Grade Points
A 1860-2000 A- 1800-1859
B+ 1734-1799 B 1666-1733 B- 1600-1665
C+ 1534-1599 C 1466-1533 C- 1400-1465
D 1300-1399 F 0-1299

Due Dates

All Homeworks are to be submitted to your own private GitLab repository. Unless specified otherwise:

  • Homeworks are due by 11:59pm one week following the release of the assignment.



Students are expected to attend and contribute regularly in class. This means answering questions in class, participating in discussions, and helping other students.

Foreseeable absences should be discussed with the instructor ahead of time.

Students with Disabilities

Any student who has a documented disability and is registered with Disability Services should speak with the professor as soon as possible regarding accommodations. Students who are not registered should contact the Office of Disabilities.

Academic Honesty

Any academic misconduct in this course is considered a serious offense, and the strongest possible academic penalties will be pursued for such behavior. Students may discuss high-level ideas with other students, but at the time of implementation (i.e., programming), each person must do his/her own work. Use of the Internet as a reference is allowed but directly copying code or other information is cheating. It is cheating to copy, to allow another person to copy, all or part of an exam or a assignment, or to fake program output. It is also a violation of the Undergraduate Academic Code of Honor to observe and then fail to report academic dishonesty. You are responsible for the security and integrity of your own work.

Late Work

In the case of a serious illness or other excused absence, as defined by university policies, coursework submissions will be accepted late by the same number of days as the excused absence.

Otherwise, a late penalty, as determined by the instructor, will be assessed to any late submission of an assignment. In general, the late penalty is -10 points off for each day after the assigned deadline. The instructor reserves the right to refuse any unexcused late work.

Classroom Recording

Notre Dame has implemented a classroom recording system. This system allows us to record and distribute lectures to you in a secure environment. You can watch these recordings on your computer, tablet, or smartphone. The recordings can be accessed within Sakai.

Because we will be recording in the classroom on select occasions, your questions and comments may be recorded. (Video recordings typically only capture the front of the classroom.) If you have any concerns about your voice or image being recorded, please speak to me to determine an alternative means of participating. No content will be shared with individuals outside of your course without your permission except for faculty and staff that need access for support or specific academic purposes.

These recordings are jointly copyrighted by the University of Notre Dame and your instructor. Posting them to other websites, including YouTube, Facebook, Vimeo, or elsewhere without express, written permission may result in disciplinary action and possible civil prosecution.

CSE Guide to the Honor Code

For the assignments in this class, you may discuss with other students and consult printed and online resources. You may quote from books and online sources as long as you cite them properly. However, you may not look at another student's solution, and you may not copy solutions.

For further guidance please refer to the CSE Honor Code or ask the instructor.


Security Engineering: Second Edition

Ross Anderson

Git Tutorials

Network Security Packages

  • nmap: network discovery and security auditing tool.
  • netcat: very handy network socket program.
  • Snort: lightweight network intrusion detection system for UNIX and Windows.
  • Wireshark: easy to use packet analyzer.
  • Kismet: console based 802.11 layer-2 wireless network detector, sniffer, and intrusion detection system
  • Aircrack-ng: 802.11 WEP and WPA-PSK keys cracking program.

Secure OSs

  • OpenBSD: Free, functional and secure OS.
  • Kali Linux: Linux distribution designed for penetration testing.
  • SELinux: kernel module for Linux providing additional access control security policies.
  • Tails: Live system for privacy protection.

Practical Crypto Tools

Software Security Packages:

  • Nessus: vulnerability scanner (free for personal use).
  • Metasploit: penetration testing software.
  • ophcrack: Windows password cracker based on rainbow tables.
  • John the Ripper: fast password cracker.
  • HashCat: advanced password recovery.
  • Hopper: OS X and Linux disassembler.

Notable Projects and Orgs.:

  • The Honeynet Project: "to learn the tools, tactics and motives involved in computer and network attacks, and share the lessons learned".
  • Crypto-Gram Newsletter: Crypto-Gram is a free monthly e-mail digest of posts from Bruce Schneier's Schneier on Security blog.
  • DEF CON: premier hacker convention (videos of talks from recent editions available online).

Web Security Packages

  • WPScan: black box WordPress vulnerability scanner.
  • BeEF: browser exploitation framework.
  • w3af: web application attack and audit framework.

Supporting Security Texts