CS 231: Computer Security

Course Information

Readings

We'll use Security Engineering 2e, by Ross Anderson, Wiley 2008 often. This great book is now ten years old, and Anderson worked out a deal with his publisher to make each edition available for free online after four years. Lucky us. You can, of course, still buy the book itself if you wish--it's a 1000-page beast.

We'll also read a wide range of miscellaneous online papers, news stories, tutorials, technical specifications, etc.

Grading

Your grade will be based on your performance on homework (60%) an in-class exam (20%) and a take-home final (20%) (the final may turn out to be a final project instead of an exam—stay tuned, but in any case it will be due on the last day of finals).

Late homework policy

Each homework assignment will be given a due date and time. Work handed in after the due time but within 24 hours will be docked 25%. Anything handed in later will receive a score of 0.

Consult me at least 24 hours before an assignment is due if you have extraordinary circumstances preventing you from handing in your work on time. Note that "I have to attend a funeral" and "I am participating in a national championship" are examples that I normally consider to be extraordinary circumstances, whereas "I have a paper due in another class" and "my comps presentation is tomorrow" are not. In emergencies, contact me as soon as you are able.

Takehome exams are due by the due time, and will receive no credit otherwise except in very unusual circumstances.

Collaboration

Working with your classmates is generally a good thing. Sharing insights can be fun, and can enhance everybody's learning. The main danger of collaborating on course work is in allowing your collaborator to do all the work, and thus all the learning. If you want to work together on homework for this class, that's fine with me, but take care not to fall into collaboration's traps.

For homework assignments, you may work alone or with one other person unless I give explicit instructions otherwise. When you work with a partner, you may submit one copy of your work with both names on the paper or in the comments. For takehome exams, you must work alone, using only the resources I explicitly allow. If you have any doubts about what constitutes acceptable collaboration, let me know.

Slack

We will use a Slack group to share questions and answers, ideas, interesting security-related articles, etc. I have invited you via your Carleton email address to join the Slack group, so you should have received an invitation email by now. If not, let me know.

I recommend that you choose a way to check for Slack updates at least daily. Because I am part of several on-going Slack groups, I just keep the Slack desktop app running and hidden. Many of my students and other collaborators prefer the mobile Slack app, which is fine, too. The desktop Slack app is installed on the Math/CS Macs in CMC 304 and 306, in /Applications/CarletonApps/Slack.app.

GitHub

I will use GitHub Classroom to create a git repository for each of you for submission of assignments. You'll need a personal GitHub account first, so if you don't already have one, you'll need to go to https://github.com and create an account, after which I'll be able to include you in the GitHub Classroom.

Rough schedule

The rough ordering of topics in the course is shown below. Independently of these topics, we'll slip in some attention to security history, current security news, and practice on developing the