Class name: “Computer Security: Attacks and Defenses”
Taught by: Visiting Assistant Professor of Computer Science Kristopher Micinski
Here’s what Micinski had to say about his class:
The class is broadly about computer security. We expend a lot of energy teaching our students to program. It’s a tough process, since there’s so much stuff to learn! But often our classes have so much material jam-packed in them that students are struggling just to figure out how to write a program that is “correct.”
But security isn’t just about correctness: a program can “do the right thing,” but also be insecure. Think about an app that tells you the restaurants nearby, but also constantly sends your location out to an ad provider. The app technically “works,” but it’s insecure by some people’s definitions.
So the goal of the class is to teach students to think adversarially about the programs they write. Often, they’ll be under a ton of pressure to just get their program written. It’s easy to get lost in the minutiae of coding and forget about the broader design of your system and the ramifications it can have for security.
The way I do this is to teach students the core concepts behind how hacks on programs work. During course projects, students write exploits on software to show how it can be hacked. But then they have to go even further. They have to write code, and that code has to be secure, because later in the course, the students will break each others’ programs. They’ll earn points for finding bugs in other students’ code, and also get points for fixing bugs that other groups find.
At the end of the course, students won’t be expert hackers. If they want to do that, they’ll have to go get a job in the information security industry. But they will have an appreciation for the nuances of software security, and they should have a good idea about the kinds of things to think about as they write programs. They’ll also be in a good position to apply for entry-level roles in the security industry.
My research is in computer security. But since I often work on cutting-edge problems, it’s easy to ignore the practical aspects of day-to-day software security. I’m using this course as a way to force myself to really think about all of these things in a very practical way. I want to see the students at Haverford become some of the best in the nation when it comes to writing secure software. My courses are usually pretty tough, but I’ve often found that the students enjoy the challenge. Hopefully when they leave here and get jobs programming or doing research, they’re the go-to people when it comes to security-related issues.
See what other courses the Department of Computer Science is offering this semester.
Photo of Micinski’s students dismantling computers as part of an in-class assignment by Sarah Jennings ’21.
Cool Classes is a series that highlights interesting, unusual, and unique courses that enrich the Haverford experience.