Students completing this course will learn how to:
Ultimately, students should leave able to design, build, and assess secure software systems.
Your final grade will be determined by exams (40%), class participation (15%), and homework assignments (45%).
There will be three in-class, closed book exams during the course of the semester. Each will cover a disjoint portion of the class topics.
Of the three exams, only the two with the highest grades will count towards your overall class grade. In other words, we will drop your lowest score.
Class participation will be determined by in-class quizzes (10%) and participation in class discussions (5%). Attending class is crucial to understanding the course material, and it strongly correlates with receiving a good grade for the course.
This is a broad, fast-moving class. To encourage everyone to stay current on the material, to quickly identify gaps in understanding, and to ensure we start lectures on time, there will be a quick quiz at the beginning of each lecture. The quiz will be short and should be easy if you paid attention in the previous lecture.
To accomodate times when you need to miss class, or otherwise have a tough time with a quiz, we will drop your lowest three quiz scores.
To encourage participation in our class discussions, a portion of your grade will be based on your regularly asking and/or answering questions. If you’re not comfortable doing this in class, then doing it via Piazza also counts.
Because our class will include a discussion component, it’s important that we maintain an open and respectful environment in class. You can vehemently disagree with someone while still respecting them and remaining civil. Everyone is coming to the class from a different background, and we will be covering some very advanced topics, so there will be topics where some people are better informed than others, but that should be an opportunity for learning, not for grandstanding or belittling others. If you do feel uncomfortable in class for any reason (including something we might do or say) please let us know.
To ensure no one misses out on discussion items in class, we will ask
everyone (18-732 students only; 18-335 students are exempt) to
sign up to take the official notes for each lecture. We aim to have 2 students
assigned to a given lecture for note taking, and 1-2 to edit and proof read their notes.
A link to the online sign-up sheet will be posted on Piazza.
For your assigned lecture, please focus your notes on items that are not in the slides, since those will be posted. For example, try to include questions asked during the lecture, and the answers that were provided. Include deviations or enlargements on the slide content, and the key insights needed to understand a slide.
Once you have assembled, edited, and proof read your notes (pay attention to grammar and spelling!), please post a single, unified summary on Piazza. This summary must be posted within 24 hours of the lecture.
Successfully completing your scribe work will count towards your class participation grade.
There will be three homework assignments/projects during the semester, the first of which will have multiple phases. The homework assignments are designed to give you hands-on experience with both attacks and defenses. It can be hard to appreciate the strengths and weaknesses of the methods and tools that we learn about without getting your hands dirty!
Topics covered include:
Each assignment will be done in teams of 2-3 students. These teams will be randomly assigned, and we will try to ensure that everyone will work with a remote partner at least once. We realize that this will lead to some logistical coordination challenges, but this is very good experience for real-world software development! Almost no one develops serious software on their own, and you rarely get to pick your colleagues at a company. Most companies, let alone open-source projects, will have many geographically distributed employees, so learning how to coordinate in such environments is crucial. We encourage you to use tools like Slack, Skype, Google Docs, and Office 365 to coordinate with each other.
Each project will be assessed once for the whole group, but there will also be a peer evaluation component where you can assess how the other members of your team contributed (and vice versa).
Grading will typically be automated or semi-automated, and you can turn your assignment in early and multiple times without penalty. We encourage you to do this, so you can see how you’re doing on the assignment. By the time you turn in your final submission, there should be very little mystery in what you grade will be.
It’s important to turn your assignments in on time, as late assignments make it difficult to return everyone else’s graded assignments in a timely manner. We encourage you to start early, as security tasks, like most programming tasks, often take longer than you expect! To accomodate unexpected life events, we will give you 5 late days. No more than 2 can be used on any given assignment, so assignments will not be accepted more than 48 hours after the due date. After the 5 late days are used up, we will not grant any additional extensions, so use your late days wisely.
There is no textbook for the course, but the lecture schedule includes links to research papers and/or book chapters on which lectures are based. We strongly encourage you to do the readings, especially those that are not labeled as optional. These will provide greater depth, detail, and examples than we can cover in class. While quizzes, exams, and homeworks will, in theory, be doable based only on lecture content, doing the readings will make all of the above much easier.
Slides from each lecture will also be posted online after the corresponding lecture, so there’s no need to try to replicate them in your notes during the lecture.
The Friday recitation sessions will primarily be an informal question and answer session. This is your chance to ask questions to help you fully understand material covered in class. You can also ask questions about the homework assignments. We may occasionally have a more structured recitation to dive deeper into a specific topic or tool, but these will be announced in advance.
We will be using Piazza (via Canvas) for discussions outside of class. Rather than emailing general questions to the TAs or instructors, we encourage you to post your questions on Piazza, so everyone can benefit from the answer and any discussions around it.
To get in touch with us for topics or questions specific to you,
you can use private posts on Piazza, or you can email us.
We typically aim to respond within 24 hours, unless it’s an emergency. Latency
will be higher on the weekends.
You can also drop by Lujo’s office, CIC 2203, anytime, but he may or may not be there or in a meeting. You can schedule a specific meeting time via email, or come by during the formal office hours listed on the main page
Students are expected to complete each assignment by working only within their assigned group, and they should be able to explain all of the work that they hand in. Copying code, or text from other students (or sharing yours with them) or online sources is not allowed. However, students are encouraged to discuss assignments (in person or via Piazza) with each other at a sufficiently high level to avoid the risk of duplicating implementation or proof. Examples of this would be discussing algorithms and properties referred to in the assignment, helping other students with questions about a programming language or tool required to complete the assignment, discussing a general technique, or referring to an online source with useful information. If you have questions about whether something might be an issue, contact the course staff before discussing further. Please refer to the Carnegie Mellon Code for information about university policies regarding academic conduct.
Take care of yourself. Do your best to maintain a healthy lifestyle this semester by eating well, exercising, avoiding drugs and alcohol, getting enough sleep and taking some time to relax. This will help you achieve your goals and cope with stress.
All of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful.
If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. Counseling and Psychological Services (CaPS) is here to help: call 412-268-2922 and visit their website. Consider reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.
If you have questions about this or your coursework, please let us know.