Computer Security

Practice and Theory

Attacks and Defenses

Upcoming deadlines


Course Number CMSC 311 (Spring 2018) at Haverford College
Instructor Kristopher Micinski
Times Tu/Thur 11:30-13:00 Lecture W 11:30 / 12:30 Labs
Office Hours Tu/Thur after class and by appointment


This course will serve as a broad introduction to the field of computer security from two concurrent perspectives: attacks on systems, and defenses against those attacks. The goal of this course will be to help build intuition so that–when designing systems–you can consider the potential security risks and pick tools that help minimize those risks. To understand how attackers think, we will learn about the attacks they employ, such as:

  • Memory-based attacks (buffer overrun, access space derandomization, return oriented programming)
  • Web attacks (code injection, cross-site request forgery, etc..) and security
  • Systems security (passwords and authentication, process isolation)
  • Reverse engineering
  • Attacks on cryptographic systems and implementations, and basics of SSL/TLS

However, a collection of attacks alone is not sufficient to understand how to build secure systems. So concurrent with attacks, we will also learn the theory behind building defenses into our systems. In labs, we will dissect a number of real-world attacks (such as Heartbleed or WannaCry) and reflect upon what could have been done to prevent them, and how those experiences help inform our choices about system design.

Course Structure

Please read the Syllabus for course information.