18-487: Introduction to Computer & Network Security and Applied Cryptography

Dawn Song
Course Home
DH 2105
Meeting Times
Monday & Wednesday, 10:30AM-11:50PM
Dawn Song
CIC 2122
Min Gyung Kang
CIC 2131E

James Kerchenfaut

Mailing Lists
Questions about subject matter, course policy, grading, etc. (Also see the class discussion board, on blackboard).
Submit project proposals, milestones, and papers here.


The prerequisites of this class include 15-213 , proficient programming in C and Java, and familiarity with assembly language.

Course Description:

Security is becoming one of the core requirements in the design of critical systems. This course will introduce students to the intro-level fundamental knowledge of computer security and applied cryptography. Students will learn the basic concepts in computer security including software vulnerability analysis and defense, networking security, and applied cryptography. Students will also learn the fundamental methodology for how to design and analyze security critical systems.

Course Content:

  • Basic security principles
  • Basic cryptography: symmetric primitives (block ciphers, stream ciphers, hash functions), asymmetric primitives (public-key encryption and signature algorithms), and recent development in applied cryptography
  • Computer & network security, vulnerability analysis and defense, and OS security



Cryptography: Theory and Practice by Douglas R. Stinson
Introduction to Cryptography with Coding Theory by Trappe and Washington.

Late Policy:

The deadline for any assignment can be extended with a 20% penalty per day. No deadline can be extended by more than two days. so assignments will NOT be accepted 48 hours after the due date unless under special permission.

Collaboration Policy:

Students are encouraged to talk to each other, to the TAs, to the instructor, or to anyone else about any of the assignments. Any assistance, though, must be limited to the clarification of the problem. Each student must write out his or her own solutions to the homeworks. Consulting another student's or group's solution is prohibited, and submitted solutions may not be copied from any source. These and any other form of collaboration on assignments constitute cheating. If you have any question about whether some activity would constitute cheating, please feel free to ask.


Your final grade for the course will be based on the following weights for the individual assignments:

  • 15% Homeworks
  • 30% Class Project
  • 15% Midterm
  • 30% Final Exam
  • 10% Participation

The Midterm and Final Exams will be closed-book.


We may discuss vulnerabilities in widely-deployed computer systems in class. This is not intended as an invitation to go exploit those vulnerabilities. CMU's policy (and my policy) on this should be clear: you may not break into machines that are not your own; you may not attempt to attack or subvert system security. Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse.