Students completing this course will learn how to:
Ultimately, students should leave able to design, build, and assess secure software systems.
The ECE department is accredited by ABET to ensure the quality of your education. ABET defines 7 Educational Objectives that are fulfilled by the sum total of all the courses you take. The following list describes which objectives are fulfilled by 18-335/732 and in what manner they are fulfilled. ABET numbers objectives from 1 to 7. Those objectives not fulfilled by this course have been omitted from the following list.
Your final grade will be determined by:
There will be three in-class, closed book exams during the course of the semester. Each will cover a disjoint portion of the class topics.
You will be responsible for all materials presented in lectures and recitations. You should not expect that all lecture or recitation materials will be given to you in written form. We strongly encourage you to be active in class discussions, in recitation, and Piazza, but your actual participation grades will be based on the quantitative measures described below. Note that these measures include a grace policy designed to accomodate the inevitable conflicts that tend to arise each semester. If you have to miss lecture or recitation, please do not ask to be excused; the missed participation points will be automatically deducted from your grace budget.
Students may not independently record lectures or recitations without explicit permission in writing from the instructor. Violations will result in your failing the course. Exceptions will be granted in accordance with university guidelines for accessibility concerns, but even then such recordings may not be shared publicly or privately and must be deleted at the end of the semester.
To facilitate additional learning that might come from revisiting a previous lecture, we aim to make videos of the lectures privately available online via Canvas (look for the “Panopto Recordings” tab). The time taken for Zoom and ECE to transcode the videos can vary, so they may not be available immediately after the lecture slot. These videos are only for students in the class and should not be shared.
Your class participation score will be based on the use of Piazza polls. Most classes will begin with 1-2 questions about the previous lecture. These will be answered on your own. There will also be questions during the lectures. For these, you will typically be allowed to confer with a partner before answering. Overall, there will typically be 4-5 questions each class. To lower the pressure and to account for inevitable conflicts or technical glitches that cause you to miss class, we will drop the lowest 30% of your answers. In other words, if during the entire course, we have 100 questions, then if you get credit for 70 of the questions, you will receive full credit for the class participation portion of your grade.
Most recitations will involve a group activity that you should be able to complete during recitation (the goal is not to give you more homework!). If you complete the activity by the end of recitation, you will receive 5 points. If by the end of recitation, you can show us that you made substantial progress on the activity, then you will receive 4 points. Otherwise, you will receive 0 points. We will drop the lowest of your recitation activity scores.
Note that class and recitation participation points are meant to provide both you and me with important feedback on how well you are learning the material. In this regard, they serve the same purpose as homeworks or exams, just at a more frequent, lower-stakes level. Hence, just like on homeworks and exams, conferring with others is not permitted (unless otherwise announced) nor should you enter answers on others’ behalf. Violations will be handled in accordance with the Cheating Policy below.
Because our class will include a discussion component, it’s important that we maintain an open and respectful environment in class. You can vehemently disagree with someone while still respecting them and remaining civil. Everyone is coming to the class from a different background, and we will be covering some very advanced topics, so there will be topics where some people are better informed than others, but that should be an opportunity for learning, not for grandstanding or belittling others. If you do feel uncomfortable in class for any reason (including something we might do or say) please let us know.
There will be three homework assignments/projects during the semester, the first of which will have multiple phases. The homework assignments are designed to give you hands-on experience with both attacks and defenses. It can be hard to appreciate the strengths and weaknesses of the methods and tools that we learn about without getting your hands dirty!
Topics covered include:
Most assignments will be done in teams of 2-3 students. These teams will be randomly assigned.
We realize that this will lead to some logistical coordination challenges, but this is very good experience for real-world software development! Almost no one develops serious software on their own, and you rarely get to pick your colleagues at a company. Most companies, let alone open-source projects, will have many geographically distributed employees, so learning how to coordinate in such environments is crucial. We encourage you to use tools like Slack, Skype, Google Docs, and Office 365 to coordinate with each other.
Each project will be assessed once for the whole group, but there will also be a peer evaluation component where you can assess how the other members of your team contributed (and vice versa).
Grading will typically be automated or semi-automated, and you can turn your assignment in early and multiple times without penalty. We encourage you to do this, so you can see how you’re doing on the assignment. By the time you turn in your final submission, there should be very little mystery in what you grade will be.
It’s important to turn your assignments in on time, as late assignments make it difficult to return everyone else’s graded assignments in a timely manner. We encourage you to start early, as security tasks, like most programming tasks, often take longer than you expect! To accomodate unexpected life events, we will give you 3 late days. No more than 1 can be used on any given assignment (each component of the Build It, Break It, Fix It homework counts as one assignment), so assignments will not be accepted more than 24 hours after the due date. For group projects, if the group decides to use a late day, all members of the group are charged one day. After the 3 late days are used up, we will not grant any additional extensions, so use your late days wisely.
The final third of the course (Languages) will use a new textbook Program Proofs. You will need to order the textbook in advance, as it may take 3-4 weeks to arrive. It should cost $25-30, depending on where you are shipping it. See Canvas for the necessary link.
The earlier parts of the course draw on recent research that is not covered by textbooks. However, the lecture schedule includes links to research papers and/or book chapters on which the lectures are based. We strongly recommend you to do the readings, especially those that are not labeled as optional. These will provide greater depth, detail, and examples than we can cover in class. While quizzes, exams, and homeworks will, in theory, be doable based only on lecture content, doing the readings will make all of the above much easier.
Slides from each lecture will also be posted online after the corresponding lecture, so there’s no need to try to replicate them in your notes during the lecture.
We will be using Piazza (via Canvas) for discussions outside of class. Rather than emailing general questions to the TAs or instructors, we encourage you to post your questions on Piazza, so everyone can benefit from the answer and any discussions around it.
To get in touch with us for topics or questions specific to you,
you can use private posts on Piazza, or you can email us.
We typically aim to respond within 24 hours, unless it’s an emergency. Latency
will be higher on the weekends.
You can also drop by Bryan’s office, CIC 2121, anytime, but he may or may not be there or in a meeting. You can schedule a specific meeting time via email, or come by during the formal office hours listed on the main page
Students are expected to complete each assignment by working only within their assigned group, and they should be able to explain all of the work that they hand in. Copying code, or text from other students (or sharing yours with them) or online sources is not allowed. However, students are encouraged to discuss assignments (in person or via Piazza) with each other at a sufficiently high level to avoid the risk of duplicating implementation or proof. Examples of this would be discussing algorithms and properties referred to in the assignment, helping other students with questions about a programming language or tool required to complete the assignment, discussing a general technique, or referring to an online source with useful information. If you have questions about whether something might be an issue, contact the course staff before discussing further. Please refer to the Carnegie Mellon Code for information about university policies regarding academic conduct.
Take care of yourself. Do your best to maintain a healthy lifestyle this semester by eating well, exercising, avoiding drugs and alcohol, getting enough sleep and taking some time to relax. This will help you achieve your goals and cope with stress.
All of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful.
If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. Counseling and Psychological Services (CaPS) is here to help: call 412-268-2922 and visit their website. Consider reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.
If you have questions about this or your coursework, please let us know.