We'll use Security Engineering 2e, by Ross Anderson, Wiley 2008 often. This great book is now thirteen years old, and Anderson worked out a deal with his publisher to make each edition available for free online after four years. Lucky us. You can, of course, still buy the book itself if you wish--it's a 1000-page beast.
We'll also read a wide range of miscellaneous online papers, news stories, tutorials, technical specifications, etc.
Your grade will be based on your performance on homework (60%) a midterm exam (20%, format not yet determined) and a take-home final (20%) (the final may turn out to be a final project instead of an exam—stay tuned, but in any case it will be due on the last day of finals).
Each homework assignment will be given a due date and time. For all or nearly all assignments, the due date will be either a Tuesday (in which case you may assume the due time is 11:59PM Central) or a Friday (5:00PM Central).
Work handed in after the due time but within 24 hours will be docked 25%. Anything handed in later will receive a score of 0.
Consult me at least 24 hours before an assignment is due if you have extraordinary circumstances preventing you from handing in your work on time. Note that "I have to attend a funeral" and "I am participating in a national championship" are examples that I normally consider to be extraordinary circumstances, whereas "I have a paper due in another class" and "my comps presentation is tomorrow" are not. In emergencies, contact me as soon as you are able.
Takehome exams are due by the due time, and will receive no credit otherwise except in very unusual circumstances.
Working with your classmates is generally a good thing. Sharing insights can be fun, and can enhance everybody's learning. The main danger of collaborating on course work is in allowing your collaborator to do all the work, and thus all the learning. Since I'm going to ask you to mostly work in pairs this term, you'll want to take care not to fall into collaboration's traps.
In most cases, you'll submit your work using a GitHub repository. When you're working with a partner, you can put the submission in either one of your repositories, and I'll be able to find it. That said, it's very important to put your names in a comment at the top of source code or at the top of a PDF or whatever. Similarly, when I ask you to use a specific file name or put things in a specific folder, it's important for you to do so. I try to automate whatever is automatable when I'm writing feedback for you, and by following my specifications, you can make my job a lot easier and less error-prone.
For takehome exams, of course, you must work alone, using only the resources I explicitly allow. If you have any doubts about what constitutes acceptable collaboration, let me know.
We will use a Slack group to share questions and answers, ideas, interesting security-related articles, etc. I have invited you via your Carleton email address to join the Slack group, so you should have received an invitation email by now. If not, let me know.
I recommend that you choose a way to check for Slack updates at least daily. Because I am part of several on-going Slack groups, I just keep the Slack desktop app running and hidden. Many of my students and other collaborators prefer the mobile Slack app, which is fine, too.
We will use public GitHub repositories for homework submission. See the Week 0 lab on this subject for instructions on getting set up.
The rough ordering of topics in the course is shown below. Independently of these topics, we'll slip in some attention to security history, current security news, and practice on developing the