Course information

Readings

No textbook required.

We'll read a wide range of miscellaneous online papers, news stories, tutorials, technical specifications, etc.

We may occasionally read portions of the second edition of Ross Anderson's Security Engineering (scroll down to "The Second Edition (2008)" for the relevant chapter links), As you can see on that link, Anderson worked out a deal with his publisher to make each edition available for free online after about four years; the third edition should become free to read on April 1, 2024. But most of the 2008 edition is still great and relevant. Lucky us. (You may, of course, buy the book itself if you wish—it's a 1000-page beast, so in addition to learning from it, you could use it to hold your door open, keep papers from blowing away, fight off burglars, etc.)

Grading

Your grade will be based on your performance on homework (50%), an in-class midterm exam (25%), and a takehome final (25%). The final will be posted by November 10 and due on the last day of finals (November 20).

Late homework policy

Each homework assignment will be given a due date and time. For most assignments, the due date will be a class day (MWF), and you may assume the due time is 11:59PM Central.

Here's my official late policy: work handed in after the due time but within 24 hours will be docked 25%. Anything handed in later will receive a score of 0.

Consult me at least 24 hours before an assignment is due if you have extraordinary circumstances preventing you from handing in your work on time. Note that "I have to attend a funeral" and "I am participating in a national championship" are examples that I normally consider to be extraordinary circumstances, whereas "I have a paper due in another class" and "my comps presentation is tomorrow" are not. In emergencies, contact me as soon as you are able.

The takehome exam will be due by the due time, and will receive no credit otherwise except in very unusual circumstances.

Collaboration

Working with your classmates is a good thing. Sharing insights is fun, and can enhance everybody's learning. The main danger of collaborating on course work is in allowing your collaborator to do all the work, and thus all the learning.

For homework assignments, you may create your write-ups alone or with one classmate. If you work with a partner, you should submit one copy of your work with both names listed in your submission. If you would like me to assign you a partner for any given assignment, let me know via Slack direct message and I'll do my best to connect you with somebody.

In most cases, you'll submit your work using a GitHub repository. When you're working with a partner, you can put the submission in either one of your repositories, and I'll be able to find it. That said, it's very important to put your names in a comment at the top of source code or at the top of a PDF or whatever. Similarly, when I ask you to use a specific file name or put things in a specific folder, it's important for you to do so. I try to automate whatever is automatable when I'm writing feedback for you, and by following my specifications, you can make my job a lot easier and less error-prone.

For exams, of course, you must work alone, using only the resources I explicitly allow.

If you have any doubts about what constitutes acceptable collaboration, let me know.

Using stuff you find online

Here are some thoughts on using other people's code. Read that document, please. And to reiterate: cite your sources and check with me if you think you might be straying into plagiarism territory.

My thoughts on non-code resources are consistent with the guidance provided by Carleton's Writing Center. Learning from many sources is great. It's important, however, not to claim other people's work as your own, even implicitly.

Questions about general or specific issues in this realm? Talk to me!

What about LLMs?

Educators at all levels and in all disciplines are experimenting to try to figure out the long-term implications of large language models like ChatGPT, Bard, LLaMa, Claude, etc. In computer science, we're also thinking about code generation tools like CoPilot, tabnine, etc.

This term, let's look for and talk with each other about opportunities to use the LLMs to help us learn and do our work effectively. I want you learning, and if ChatGPT can help that to happen, let's figure out how and share our ideas. Questions about what's OK and not OK?—just talk to me.

Slack

We will use a Slack workspace to share questions and answers, ideas, interesting security-related articles, etc. I have invited you via your Carleton email address to join the Slack group, so you should have received an invitation email by now. If not, let me know.

I recommend that you choose a way to check for Slack updates at least daily. Because I am part of several on-going Slack groups, I just keep the Slack desktop app running and hidden. Many of my students and other collaborators prefer the mobile Slack app, which is fine, too.

GitHub

We will use public GitHub repositories for homework submission. See the Week 1 lab on this subject for instructions on getting set up.

Rough schedule

The rough ordering of topics in the course is shown below. Independently of these topics, we'll slip in some attention to security history, current security news, and practice on developing your security mindset.