Teaching

Since 2013, I have taught Computer Security, Network Security, and related courses at Portland State University.

Introduction to Computer Security (CS 491/591)

I’ve taught the Intro Sec course more than any other. It’s intended to give the student a broad introduction to the topic, and more than anything, to develop some basic intuition for understanding why and how things break. The course consists of roughly three units:

  1. Software (In)Security
  2. The Basics of Applied Cryptography
  3. System Security

Network Security (CS 496/596)

Network Security might be my favorite course of all. I get to teach it usually about once every year. In this course, we cover:

  1. Threat models for network adversaries
  2. Vulnerabilities in network protocols and systems
  3. A crash course in applied cryptography
  4. End-to-end security protocols
  5. Network authentication
  6. Network monitoring and intrusion detection
  7. Advanced topics

Students report that the best part about Net Sec (and also the worst) is the programming lab. Every week or two, the students get a new set of programming problems to solve. I set up a collection of hand-crafted services on a special network, and it is the students’ job to interact with these services to obtain a “flag” for each problem. (The flag is just a random string of bytes that the student turns in to me to prove that they completed the exercise.)

Sometimes the task is simply to establish a connection with the service, using whatever protocol it speaks (e.g. TCP or a simplified version of SSL/SSH/etc). In other cases, the service is intentionally vulnerable, and the student must “trick” it in some way to reveal the flag (e.g. by launching a replay attack on the Needham-Schroeder protocol).

Graduate Security Seminar (CS 576)

I co-teach the grad security course with Wu-chang Feng. It is always a blast. Wu and I choose a selection of recent research papers, focused around 2 or 3 topics each year. Then each time we meet, the class is responsible for reading two of the papers, and someone presents them in front of the class. Each student does two paper presentations over the course of the term, usually working in pairs with another student. After the presentations, we have an open free-form discussion about the strengths and weaknesses of the paper and about any other questions that it raises. It’s a great way to get ideas flowing, and a great way to come up to speed in a new area.

Special Topics

I have also taught or co-taught a handful of other courses, including

  • CS 410/510 Special Topic: Computer Security
  • CS 494/594 Internetworking Protocols
  • CS 305 Social, Ethical, and Legal Implications of Computing
  • CS 410/510 Special Topic: Multimedia Security
  • CS 410/510 Special Topic: Blockchain Applications and Development

These special topics and one-offs have been some of the most interesting.

I’m also looking forward to developing a new course on Privacy in the Electronic Society.