Introduction to Computer Security Winter 2025

This course teaches the security mindset and introduces the principles and practices of computer security as applied to software, host systems, and networks. It covers the foundations of building, using, and managing secure systems. Topics include standard cryptographic functions and protocols, threats and defenses for real-world systems, incident response, and computer forensics. See the schedule for details.

Professors
Face of Paul Grubbs
Paul Grubbs
Face of Amrita Roy Chowdhury
Amrita Roy Chowdhury
TAs
Face of Edwin Chan
Edwin Chan
Face of Aidan Delwiche
Aidan Delwiche
Face of Santiago Guiza
Santiago Guiza
Face of Lani Quach
Lani Quach
Face of Ben Schwartz
Ben Schwartz
Face of Robert Stanley
Robert Stanley
Face of Alan Zhang
Alan Zhang
Face of Sydney Zhong
Sydney Zhong
Lectures Mon./Wed. 9:00–10:30, 1571 GGBL
We encourage you to attend the lectures in person, but you may also review the slides and videos asynchronously. Students registered for the hybrid lecture section are welcome to attend the in-person section if there are open seats.
Lecture slides and videos will be posted on the day of each class, along with a brief online quiz.
Labs See calendar below. Lab sections will introduce tools and techniques that are important for completing the projects. We encourage you to attend the labs in person, but you may also review the slides and videos asynchronously. You may attend any lab section if there are open seats.
Office Hours See calendar below. Visit any professor’s office hours for help with course concepts and administrative issues. Visit any TA’s office hours for debugging help and assignment grading concerns.
Communication We'll use Piazza for announcements, discussion, and questions about assignments and other course material. Assignments will be submitted electronically, and grades will be returned via Canvas. For administrative issues, email eecs388-staff@umich.edu.
Reference Books
No textbook is required, but if you would like additional references, we recommend:
Security Engineering by Ross Anderson
Cryptography Engineering by Ferguson, Schneier, and Kohno
Resources Security research at Michigan
Other security-related courses
Prerequisites EECS 281 required; EECS 201 and EECS 370 recommended
Calendar The course calendar is displayed below. All listed times are U.S. Eastern. You can also add the class to your personal Google Calendar.

Grading

We'll calculate your course grade based on these components:

Projects and Labs 50% Five projects, each accompanied by a simple lab assignment
Midterm Exam 15% An in-person exam covering the first half of the course (Feb. 27, 5–6:30 p.m.)
Final Exam 30% An in-person exam covering all material from the course (Apr. 25, 7–9 p.m.)
Participation 5% Half from lecture quizzes, half from intellectual contributions during class, lab or on Piazza

Optional Strict Attendance New — Are you a sophisticated akratic? If you think you'd benefit from lecture but know you won't show up unless we make you, have we got a deal for you! By default, attendance is not tracked, but you may opt in to a strict attendance policy under which we'll penalize you for missing class. Email us at any point in the semester to sign up. Once you do, your decision will be irrevocable. We'll track your attendance with a sheet at the front of the lecture room, which you'll be responsible for signing each day. You'll be allowed to miss up to two lectures without penalty, after which we'll reduce your overall course grade by 0.5% each time you fail to sign the sheet, up to a maximum of 5%. Absences will be excused only under extraordinary circumstances with appropriate documentation.

Ethics, Law, and University Policies

Warning To defend a system you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in EECS 388 is that you must not attempt to probe or attack any system without prior explicit permission from the owner, and you must not use attack techniques to violate anyone's privacy; violation of this policy will result in a failing grade for the term.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” It is your responsibility to understand what applicable law prohibits. If in doubt, we can refer you to an attorney.

Please review the university’s policy on Responsible Use of Information Resources for guidelines concerning proper use of information technology at U‑M, as well as the Engineering Honor Code. As members of the university, you are required to abide by these policies.