Foundations of Cybersecurity (CY 2550 - 03)

Class Information

General Information

Professor: Cristina Nita-Rotaru
Classroom: Knowles Center 010
Time: TF: 1:35 pm - 3:15 pm
Office Hours: See the pinned Office Hours on Piazza
Teaching Assistant: Talha Ongun
TA Office Hours: See the pinned TA Office Hours thread on Piazza
Class Forum: On Piazza
IMPORTANT This webpage is for Section 03 only.

Course Description

Major security breaches routinely make headline news and impact the lives of millions of people. Cybercrime is a multi-million dollar, mature business. Advanced, persistent threats posed by nation-state adversaries are beginning to impact critical infrastructure, and even democratic processes themselves. As technology becomes embedded in ever more facets of our lives, society, business, and government, the need for cybersecurity experts to protect our infrastructure grows.

This course presents an overview of basic cybersecurity principles and concepts, including systems and communications security. The high-level goal is to introduce the breadth of topics in the cybersecurity space to students, and begin training them to apply these ideas through understanding of defensive mechanisms and attacker strategies.

The course will cover essential security properties like confidentiality and integrity, as well as desirable properties like least privilege and defense in depth. Concepts will be illustrated with practical tools, systems, and applications that exemplify them. Hands-on projects will introduce students to key security tools and libraries.

Readings will introduce students to the history of hacking and cybersecurity, as well as contemporary threats. Students will learn how to develop threat models that characterize attacker capabilities, goals, and the costs of different defensive strategies.

The course will also introduce students to legal, ethical, and human factors issues associated with cybersecurity.


The official prerequisite for this course is CS 2500. Students are expected to be able to implement relatively straightforward programming assignments, i.e. ones that will not require hundreds of lines of complicated code. In-class examples will be using Python.

Basic knowledge of the Unix/Linux command line is essential. You should know how to write code using emacs/vim, write a makefile, compile code using makefiles, use SSH and SCP, write very simple shell scripts, check for running processes, kill runaway processes, and create compressed archives.

Since CS 3650 (Computer Systems) and CS 3700 (Distributed Systems) are not prerequisites, students will not be expected to complete assignments that deal with assembly code, operating system internals, or low-level network protocols. Binary exploitation will be taught in CS 3740 (Systems Security) and CS 4740 (Network Security).

Class Forum
The class forum is on Piazza. Piazza is the best place to ask questions about projects, programming, debugging issues, exams, etc. To keep things organized, please tag all posts with the appropriate hashtags, e.g. #lecture1, #project3, etc. Piazza will be used to broadcast announcements to the class.
In this class, you will learn about security techniques and tools that can potentially be used for offensive purposes; "hacking" in other words. It is imperative that students only use these tools and techniques on systems they own (your personal computers) or systems that are sanctioned by the instructor. NEVER perform attacks against public systems that you do not control. As we will discuss in class, it is ethically problematic to attack systems that you do not own, and may violate the law.
The grade will be based on several (about 7/8) programming projects (PP) and (about 5) in-class quizes (QQ). Grade is computed as follows: Grade = 75%*PP + 25%*QQ. There are no midterm or final exams.
Programming projects
You can use any language you want.
Reading list and resources
  • Learning the Linux Command Line, A beginners guide by Martin Petrauskas: [pdf]
  • Lectures for the undergraduate introduction to C course I taught at Purdue: [www]
  • Unix programming links: [www]
  • Docker tutorial by Asad Salman: [ www]

Academic Integrity

Academic Honesty and Ethical behavior are required in this course, as it is in all courses at Northeastern University. There is zero tolerance to cheating.

You are encouraged to talk with the professor about any questions you have about what is permitted on any particular assignment.


Lecture slides will be posted below for public access as the class progresses. There are no slides currently posted. Class platform is Canvas available through mynortheastern. Grades will be available on Canvas. All class communication will take place on Piazza.

Week Lectures Topics Projects
Week 1
L1 Sept. 7 first day of class.
Introduction. Class policy. History of cybersecurity.

P1 assigned, due Sept. 20
Week 2
(Sept 12)
Intro to Linux and git.
CRYPTO: Attack models. Historical ciphers, frequency analysis. One-time pad,Perfect secrecy.

CRYPTO: Computational security. Block ciphers and modes of operation.
Week 3
(Sept. 19)
CRYPTO: Public-key Cryptography: Diffie-Hellman key exchange, RSA encryption. P1 Due Sept. 20
Week 4
(Sept. 26)

CRYPTO: Digital signatures; hash functions
Week 5
(Oct. 3)
Authentication and Passwords. 2FA, Biometrics.
P2 due Oct3.
Quiz 1
Week 6
(Oct. 10)

Ethics: Ethics, law.
Week 7
(Oct. 17)
Systems Security: Access control.
Systems Security: Usenix security
Week 8 L10
Systems Security: Building secure systems.
Week 9 L14
Systems Security: Exploits.
Week 10 L16
Network security: Internet Security
Week 11
L18 Network security: Botnets.
No class on Friday. Veteran's Day.
Week 12 L19
Wireless Security: WiFi, Bluetooth, Cellular
No class on Friday. Thanksgiving break.
Week 13 L22
Privacy: Anonymous communication
Privacy: Machine learning, data, etc
Week 14 L24 Final review. Dec. 7 last day of class.

Copyright© 2022 Cristina Nita-Rotaru. Send your comments and questions to Cristina Nita-Rotaru