CIS 4510/5510: Computer and Network Security
Fall 2025
Instructor: Sebastian Angel
Room: Berger Auditorium (in Skirkanich Hall)
Time: MW 10:15 AM–11:45 AM
Course Description
This course introduces the principles and practical considerations of computer and network security. It covers the following:
- Basic concepts: threat models, security principles
- Software Attacks: buffer and integer overflow, format string vulnerabilities, stack smashing, reverse engineering with Ghidra and IDA
- Software Defenses: stack canaries, DEP, ASLR, shadow stack, fat pointers, isolation, fuzz testing
- Applied cryptography: symmetric and asymmetric encryption, MACs, PRGs, PRFs, PRPs, digital signatures, hash functions
- Basics of networks and the Web: TCP/IP, BGP, DNS, HTTP, cookies
- Network and Web attacks: BGP Hijacking, DNS forgery, SQL injection, CSRF, XSS
- Network security: firewalls, packet filtering, certificates, TLS 1.3
- Broader issues: surveillance, censorship, anonymity, legal issues, ethics
Prerequisites
- CIS 1600: Mathematical Foundations of Computer Science
- CIS 2400: Introduction to Computer Systems
Even though NETS students are not required to take CIS 2400, it is a prerequisite for this course.
Course Staff
| Name | Office hours (location) |
|---|---|
| Sydnie-Shea Cohen | TBD |
| Joseph Katz | TBD |
| Neha Peddinti | TBD |
| Cameron Shaw | TBD |
| Praneel Varshney | TBD |
Textbook
There is no required textbook for this course. The following books (available for free) are good extra sources:
- Operating Systems: Three Easy Pieces by Remzi and Andrea Arpaci-Dusseau
- Security Engineering by Ross Anderson
- A Graduate Course in Applied Cryptography by Dan Boneh and Victor Shoup
- Handbook of Applied Cryptography by Menezes, van Oorschot, and Vanstone
Assignments, quizzes, and exams
There will be 5 projects to be completed individually.
- Project 1: Pwnnsylvania platform, x86_64 assembly, pwntools
- Project 2: Fuzzing, advanced debugging with gdb, reverse engineering with Ghidra/IDA
- Project 3: Buffer overflows, integer overflows, format string exploits
- Project 4: Hash collisions, RSA signatures, length extension attacks
- Project 5: SQL injection, CSRF, XSS
There are two non-cumulative exams.
There will be 1 short ungraded quizz each week to be completed online through Canvas. These are optional but highly encouraged. The purpose of these quizzes is to keep you on track throughout the semester and make sure that you are understanding the material.
Late submissions
You can submit a project late by 2 days at the cost of a 10% late penalty. You can submit a project late by more than 2 days at the cost of a 50% late penalty until the last day of classes. If you have an extenuating circumstance, you must contact the course staff before the assignment is due.In person project audits
After each project, a random selection of students will be asked to come in person and solve a variant of one of the challenges for which they submitted a solution in the project. If the student is unable to complete the challenge in person, the student will receive no credit for that particular challenge and will be asked to complete a different challenge from the project (if they submitted other answers). Failure to complete 3 challenges will result in a 0 for the entire project.Grading
- Projects: 50%
- Exam 1: 25%
- Exam 2: 25%
Academic Honesty
We encourage you to discuss the problems and your general approach with other students in the class. However, the answers you turn in must be your own original work, and you must adhere to Penn’s Code of Academic Integrity.
For more information, see the Office of Student Conduct.
Students with disabilities
The University of Pennsylvania provides reasonable accommodations to students with disabilities who have self-identified and received approval from the Office of Student Disabilities Services (SDS). If SDS has approved your request for accommodations, please discuss with me the necessary arrangements for your accommodations. SDS services are free and confidential.