Important Information for Students on COVID-19

Masks are required inside university buildings. You must also meet university vaccine or exemption requirements.
All students are expected and required to report to the COVID Reporter ( when:

  • You suspect you have symptoms of COVID, regardless of whether or not you are vaccinated and even if your symptoms are mild
  • You have tested positive for COVID through a non-CSU testing site, such as home test or test at a pharmacy
  • You believe you may have been exposed to COVID go to the COVID Reporter and follow the guidance under “I believe I have been in close contact with someone who has COVID-19.” This guidance will depend upon your individual circumstances
You will not be penalized in any way for reporting symptoms or concerns.

Do not ask me as your instructor to report for you. It is your responsibility to report through the COVID Reporter promptly.

As your instructor I may not ask you about vaccination status or if you have COVID but you may freely volunteer to send me information from a public health official if you have been asked to isolate or quarantine.

When you complete the COVID Reporter, the CSU Public Health office is notified. Once notified, that office will contact you and, depending upon each situation, will conduct contact tracing, initiate any necessary public health requirements and notify you if you need to take any steps.

If you do not have internet access to fill out the online COVID-19 Reporter, please call (970) 491-4600.
For the latest information about the University’s COVID resources and information, including FAQs about the spring semester, please visit the CSU COVID-19 site


  1. CS 455 (Intro to Distributed Systems) or equivalent or permission of instructor (strictly enforced)
  2. Knowledge of a programming language such as Python, Java or C/C++ (expected)
  3. Students are expected to have broad understanding of different aspects of how computer systems work.
  4. It is strongly recommended that the student have a working knowledge of computer networks.
  5. The students should also feel comfortable with algorithmic concepts and modular arithmetic.


There is no required text for this course as the materials covered are too broad to be covered by a single  text book. Lecture notes will be made available at this site. Two recommended references are:

  • Charles P. Pfleeger, "Security in Computing", Prentice Hall.
  • William Stallings, "Cryptography and Network Security: Principles and Practice.", Prentice-Hall.
Charlie Pfleeger's book contains sections for a major portion of the topics that we will cover. William Stallings book does a good job for cryptography.

Other reference books that you may want to have a look at, are:

  • William R. Cheswick and Steven M. Bellovin, "Firewalls and Internet Security: Repelling the Wily Hacker", Addison-Wesley.
  • Charlie Kaufman, Radia Perlman and Mike Spencer, "Network Security: Private Communication in a Public World", Prentice Hall.
  • Marshall D. Adams, Sushil Jajodia and Harold J. Podell, eds., "Information Security: An Integrated Collection of Essays". IEEE Computer Society Press.
  • Edward Amoroso, "Fundamentals of Computer Security Technology", Prentice-Hall.
  • Dorothy E. Denning, "Cryptography and Data Security", Addison-Wesley.
  • Peter J. Denning, "Computers under Attack", Addison-Wesley.
  • Douglas R. Stinson, "Cryptography: Theory and Practice", CRC Press.
  • Morrie Gasser, "Building a Secure Computer System", Van Nostrand Reinhold
  • D. Brent Chapman and Elizabeth D. Zwicky, "Building Internet Firewalls", O'Reilly and Associates



Computer and system security, authentication, access control, privacy.


CS 556 introduces the principles of computer security. Information is an important strategic and operational corporate asset. These days computers and computer networks, are increasingly being used for storing and retrieving information. Some of these information may be of a sensitive nature. Consequently they need to have adequate security measures that can safeguard sensitive information.  In this course, we will begin by investigating some of the security measures that can be employed to safeguard information. For the most part we will look into the theory that goes into designing these measures rather than studying security tools and techniques. This is because there are too many of those tools out there and they are changing frequently. The course examines how system designs, network protocols, and software engineering practices can result in vulnerabilities. The course explores how to better design and implement future systems in order to mitigate vulnerabilities. In addition, the course explores how to detect and mitigate vulnerabilities in existing systems.

Understanding security requires understanding system concepts such as memory and network access models, stacks, and buffers. Although the official pre-requisite for this course is CS 455 or an equivalent undergraduate course, this being an graduate level computer science course, students are expected to have broad understanding of different aspects of how computer systems work. It is strongly recommended that the student have a working knowledge in computer networks. The student should also feel comfortable with algorithmic concepts and modular arithmetic. If they do not, they are strongly encouraged to refresh their skills in these areas. Experimentation involving programming exercises in C/C++/Python and scripting languages is one of the activities of the course. Students should be ready with these skills.

Course Objectives

By the end of the course, students should be able to:

  • Understand the fundamental principles of access control models and techniques, authentication and secure system design
  • Have a strong understanding of different cryptographic protocols and techniques and be able to use them
  • Apply methods for authentication, access control, intrusion detection and prevention
  • Indentify and mitigate software security vulnerabilities in existing systems.


The course is geared toward graduate students and seniors in computer science, math, and information technology students who already have exposure to system design principles.


Following is tentative schedule for this class. Note that as the term progresses we are most likely to digress from this schedule quite a bit. However, dates for term paper/project and exams are fixed and will not change.

Week 1 - Introduction, security concepts, privacy concepts, threats, risk modeling and security services
Week 2 - Access control models: Discretionary and mandatory access control
Week 3 - Access control models: Covert channels, Side Channels and Chinese Wall
Week 4 - Access control models: Clark-Wilson, RBAC, ABAC
Week 5 - Introduction to cryptography Week 6 - Secret key cryptosystems
Week 7 - Key escrow
Week 8 - Modular Arithmetic and Public key cryptosystems
Week 8 - Public key cryptosystems
Week 9 - Diffie-Hellman, RSA, El-Gammal, Elliptic Curves
Week 10 - Searchable Encryption
Week 10 - Message digests, Merkle hashes and Blockchain, digital signatures
Week 11 - Identification and authentication, Passwords, Biometrics
Week 11 - One-time passwords and challenge response schemes, Two (multi)-factor authenication Kerberos
Week 12 - Kerberos, SSL, SSH
Week 13 - Wireless Security
Week 14- Privacy

Important Deadlines

Please familiarize yourself with the following deadlines related to exams and term paper/project submission. These are firm deadlines. Due dates for homework assignments will be announced as and when these are assigned.

January 16, Tuesday
First Day of Class
January 30, Tuesday
Term Paper / Topic Identification
February 27 Tuesday Term Paper / Project Abstract Due
March 9, Saturday
Spring Break Begins
March 10, Sunday
Takehome Midterm Examination Distributed
March 17, Sunday
Spring Break Ends
March 17, Sunday
Take Home Midterm Exam Due on CANVAS
April 5, Tuesday
Term Paper / Project Update
April 12, Friday
End Course Withdrawal ("W") Period, Repeat/Delete Deadline
April 30, Tuesday
Term Papers / Project Due
April 30, Tuesday
Take Home Final Examination Distributed
May 3, Friday
Friday: Last Day of Classes; Semester Withdrawal Deadline
May 7, Tuesday
Final Examination Due on CANVAS