COS 432/ECE 432 - Spring 2025

Course Description

🎯 Learn how to design a secure system, probe systems for weaknesses, write code with fewer security bugs, use crypto libraries correctly, protect (or breach!) privacy, and use your powers ethically.

Main topics: basic cryptography, system security, network security, firewalls, malware, web security, privacy technologies, cryptocurrencies, human factors, physical security, economics, and ethics of security.

Staff and office hours

Instructor
Prof. Prateek Mittal
pmittal@princeton.edu
Office hours: By appointment

Assistant Instructor
Tinghao Xie
thx@princeton.edu
Office hours: TBA

Assistant Instructor
Minhao Jin
minhaoj@princeton.edu
Office hours: TBA

Assistant Instructor
Constantine Doumanidis
doumanidis@princeton.edu
Office hours: Mondays 4:30-6:30 pm

Undergraduate Assistant/Grader
Anya Kalogerakos
am0815@princeton.edu
Office hours: TBA

Undergraduate Assistant/Grader
Mirabelle Weinbach
mlw4@princeton.edu
Office hours: TBA

Undergraduate Assistant/Grader
Sofia Marina
sm8765@princeton.edu
Office hours: TBA

Undergraduate Assistant/Grader
Akash Selvakumar
as2601@princeton.edu
Office hours: TBA

It is almost always more appropriate to post your question about the assignments, lectures, or other course materials on Ed rather than emailing an individual staff member.

Calendar

💡 Please follow this calendar for up-to-date information (e.g., lectures, office hours, precepts, assignments)

Textbook

There is no required or suggested textbook in this course, because there is no one book that covers the right material in an up-to-date fashion. Some good books about security, in case you are interested, are listed on the Resources page.

Lectures

Lectures meet on Tuesday and Thursday 11:00am - 12:20pm in McCosh Hall 10.

Assignments Policy

Collaboration. Some assignments are individual assignments while other assignments must be done in groups (of two or three partners). Refer to the collaboration policy so that you collaborate only as authorized.

Electronic submission. Assignments are submitted electronically through Gradescope. You may submit as many times as you'd like until the deadline; we will grade your most recent submission. Group submissions must have all group members attached to the submission. Resubmitting a group assignment requires reattaching all group members.

Expectations. COS 432/ECE 432 is a 400-level course with expectations to match. Students should not only expect to be held to higher standards, but should also expect less hand-holding in general than they may find in 300-level courses and below. Students should not expect course staff via Ed or office hours to perform code reviews for correctness/security as a substitute for their own unit testing/secure design review or directly provide/confirm answers to assignment problems. For assignments with a programming component, course staff reserves the right to run hidden test cases that will not be revealed until grades are returned. Please do not ask course staff to reveal any information about hidden tests. Course staff are happy to help explain course concepts, clarify assignment specifications provided they are not intentionally vague, provide a starting hint, and offer suggestions for unit testing. Some course staff are also happy to provide modest debugging assistance once students understand the solution at a high level, but ultimately students are responsible for debugging their own code.

Regrades. If you believe that the course staff made an objective error in grading, then you may submit a regrade request. Subjective disagreements with rubric items or their values are not grading errors. Any other questions or discussions related to assignment grading should be directed to Ed or office hours. Regrade requests must be submitted through Gradescope; any requests sent through email, office hours or Ed, will be ignored. Regrade requests are due one week after assignment grades are returned.

Late policy. Assignments that are submitted after the specified due date will lose 10% of the full assignment grade for every day (or partial day) of lateness. However, you do have three (3) late days, and you may use one or more of these late days on an assignment. We won't apply late days automatically in this course. If you wish to use late days on a submission, you must explicitly note that with your submission. Please submit a LATEDAY.txt file with your submission and state "I/We would like to use X late day(s) on this assignment." Each late day taken will extend the due date of the submission by 24 hours. For group assignments, you may use X late days if and only if all group members can use X late days on the assignment. You may not use partial late days or share late days with group members. We won't accept homework more than seven days late.

Extensions. We will grant extensions only in the case of unforeseeable circumstances like medical emergencies, as documented by your Dean or Director of Studies and our approval.

Grading

The grade breakdown is 70% assignments (equally weighted) + 25% final exam + 5% class participation. There is no midterm exam.

Collaboration Policy

This course permits many forms of collaboration, including help from course staff, classmates, and lab TAs. However, you must be careful to collaborate only as authorized below. Here is a summary, where ✔ means YES and ❌ means NO. If you have any questions, please contact the course staff.

activity	your group	course staff	COS 432/ ECE 432 grads	classmates	AI chatbots	other
discuss concepts with ...	✔	✔	✔	✔	✔	✔
acknowledge collaboration with ...	✔	✔	✔	✔	✔	✔
expose solutions to ...	✔	✔	❌	❌	❌	❌
view solutions from ...	✔	❌	❌	❌	❌	❌
plagiarize code from ...	❌	❌	❌	❌	❌	❌

Your solutions. On individual assignments, you must individually compose all of your solutions. The term solutions refers to any of the products created when completing a programming assignment, such as source code (including comments) and any text files. It includes both finished and unfinished products, regardless of correctness or completeness.

You must never expose solutions to anyone who is taking COS 432/ECE 432 now or who might take COS 432/ECE 432 in the future. Do not post solutions in public code repositories.
If you leave your computer unattended, be sure to protect it with a password.
You must never receive or view someone else's solutions to a programming assignment (or variant of an assignment).
You may not use AI composition software (such as ChatGPT or GitHub Copilot) to create or debug code.
Attempting to decompile or otherwise gain information about the implementation of any provided solution archives or binaries is an explicit violation of this policy.

Working Groups. Some assignments require you to work in groups. Here are the rules regarding group work.

A group must consist of either two or three people. Solutions turned in by a group of one person, or by a group of four or more people, will receive no credit.
You can work in different groups on different assignments.
Each group should submit a single solution, which should be clearly labeled with the names of the group's members. Only one member of the group needs to submit the group's solution. There is no need to submit redundant copies for the other members.
The members of a group will all receive the same grade on an assignment, reflecting the quality of the group's collective solution to the assignment.
It is up to you to divide up the work within your group, and to make sure that the other members of your group meet their commitments. (If a member of your group is consistently irresponsible, let us know and we'll take appropriate action.)
If you have trouble finding a group, let us know and we will help you.

Why Work in Groups? There are several reasons for our decision to make you work in groups.

In the real world, people work in groups. We want you to learn how.
We think that students learn more by doing hard assignments than by doing easy ones. Giving group assignments lets us give harder assignments without overworking you.
Security problems require you to deal with engineering tradeoffs and make difficult design decisions. We hope that you'll debate these decisions within your group, and that the debates will be educational.

A note about StackExchange, Wikipedia, and online forums. Many of the topics in this course require self-teaching. This includes a lot of searching online for documentation and information about algorithms, technologies, and techniques. Unfortunately, this includes a wide gray area between learning and plagiarism. Don't be afraid of searching for and using online resources that teach you how to do something that is not a direct requirement of an assignment.

For example, you are free to find and implement a method that converts integers to byte arrays in an assignment about cryptography; just make sure to cite your source and thoroughly understand the implementation, as your graders will not be lenient with copied code that is buggy. If you find yourself searching for implementations of a security-related algorithm, then you are likely violating the collaboration policy. When you are unsure, ask one of the staff members.

Plagiarism. As members of the University community, students are bound by the rules and procedures described in Rights, Rules, Responsibilities.

All the rules above continue to apply after assignments are graded and after the end of the semester.