CSE360: Software Security

Computer Security
Instructor Amir Rahmati
Office Hours By Appointment
Class Location NCS120
Class Time Tue/Thu 9:45 – 11:05
Prerequisites Basic understanding of Computer Architecture, Networks, and OS
TA Office Hours TBD
TA Office Hour Location TBD


Homework Assignments 40%
Paper Reviews 20%
Midterm Exam 15%
Final Exam 25%

Class Calendar




There is a mandatory readings for each class. It is your responsibility to read the paper and write a ~400 word critical response.

In the first paragraph:

  • State the problem that the paper tries to solve.
  • Summarize the main contributions.

In one or more additional paragraphs:

  • Evaluate the paper’s strengths and weaknesses.
  • Discuss something you would have done differently if you had written the paper.
  • Suggest one or more interesting open problems on related topics.

Your most important task is to demonstrate that you’ve read the paper and thought carefully about the topic.

Paper responses are due before the start of class.

Ethics, Law, and University Policies

To defend a system, you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in the class is that you must respect the privacy and property rights of others at all times, or else you will fail the course.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. The EFF provides helpful advice on vulnerability reporting and other legal matters. If in doubt, we can refer you to an attorney.

Please review the Divison of Information Technology policies on responsible use of technology resources, as well as the code of student responsibility. As members of the university, you are required to abide by these policies.

Amir Rahmati
Amir Rahmati
Assistant Professor

Amir Rahmati is an Assistant Professor in the Department of Computer Science at Stony Brook University. He is the director of Ethos Security and Privacy lab and a member of Stony Brook National Security Institute.