ECE424
ECE424/CS463 (Computer Security II) is a 4-credit-hour course that satisfies the Technical Elective requirement for ECE majors and also counts as an Advanced Computing Elective for CEs. It is offered on-and-off during the fall and/or spring, the most recent semesters being Fall 2024, Spring 2024 and Spring 2023.
Content Covered
ECE424 builds up on concepts learned in ECE422. While in ECE422, we're exposed to a bit of everything, ECE424 concentrates on fewer topics in more detail. The emphasis is shifted from following commonplace security practices to analyzing key issues in Computer Security and thinking of novel and creative ways to address them. We start off with the more traditional security topics, i.e., formal security evaluation technqiues, DoS attacks, botnets, and spam. After those first few weeks however, the lectures focus on more recent issues in the field. The class covers Social Networking, DRM, Anonymity on the Internet, Information Flow and Leakage, Identification issues, and flaws in VoIP. The content covered in the last few weeks of the semester depends on the professor. Professor Gunter has been known to focus the last few weeks on Cloud Security, Smart Grid Security, and security in the Healthcare industry.
Prerequisites
CS 461/ECE422 - Computer Security I is the officially listed prerequisite. However, if you already have some knowledge of IT Security, you shouldn't have any problem taking this class without Security I. An ability to think creatively and analyze systems creatively is ultimately what is important in this class and in this field. Students coming in from ECE should be forewarned that all programming in this class is done in Java and requires a working knowledge of Socket Programming for server-to-client communication. Make sure you know how to do this beforehand, or you will end up spending a lot of time on the first MP.
When to Take It
Please check the Illinois Course Guide regularly for updates regarding semesters when this class is offered. Though Security II was typically offered both in the Fall and Spring semesters, this is no longer the case, as there have been changes in faculty lately. Students should not take this course until they have some significant programming experience as the MP's require good programming and debugging skills. Ideally, you should take Computer Security II immediately after Computer Security I, while the material is still fresh in your head.
Course Structure
The class consists of two 90 minute lectures a week. Attendance is mandatory, and points are awarded for student discussion. There are three machine problems.
The MP's vary by semester as they depend on the professor and his/her research interests. For the semester of Spring 2013, students were asked to create an application capable of encrypting files using AES-128 and uploading them to a server. The goal of the machine problems was to create an encrypted service that would prevent all unauthorized access to the data, even from the server admin. The first MP was an individual assignment asking students to implement this basic client-server setup. For the second MP, students could work in up to groups of three, and were required to make improvements to the application to allow authorized users to search the files while they were stored on the server. Finally, the third and last MP asked students to minimize leakage about the files; i.e. metadata leakage using the paper published on Searchable Symmetric Encryption (Curtmola, Garay, Kamara, Ostrovsky).
Expect to spend about 10 hours on the first MP for the entirety of the assignment, but a lot more if you are not familiar with Java and socket programming. The last two MP's are a lot more challenging and may require up to 10 hours of work per teammate per week while they are going on. A good team is essential to these assignments. Lastly, there are no midterms for this class. There is one final exam.
Instructors
In the last few years, Computer Security II has been taught mostly by Professors Carl Gunter and Gang Wang. It is now taught by Professor Varun Chandrasekaran in Fall 2024.
Life After
If you are interested in Computer Security and if you have already taken Computer Security I and the Computer Security Lab, consider taking CS563 - Advanced Computer Security. Please keep in mind that this is a graduate level course, and that you will need to seek permission from the ECE department before you can receive Tech Elective credit for this course. There is also plenty of research in Security at the U of I; consider doing undergraduate research.
With recent shifts to the cloud and with how everything is becoming digitalized, there is an increasing need for experts in Computer Security. Job openings are on the rise in both the private and public sector.