Course information

Readings

We'll use Security Engineering 2e, by Ross Anderson, Wiley 2008 for several readings and possibly a video or two. This great book is now fourteen years old, and Anderson worked out a deal with his publisher to make each edition available for free online after four years. Lucky us. You can, of course, still buy the book itself if you wish—it's a 1000-page beast.

We'll also read a wide range of miscellaneous online papers, news stories, tutorials, technical specifications, etc.

Grading

Your grade will be based on your performance on homework (50%) an in-class midterm exam (25%) and a take-home final (25%). The final will be posted by May 27 and due on the last day of finals (June 6).

Late homework policy

Each homework assignment will be given a due date and time. For most assignments, the due date will be a class day (MWF), and you may assume the due time is 11:59PM Central.

Here's my official late policy: work handed in after the due time but within 24 hours will be docked 25%. Anything handed in later will receive a score of 0.

Consult me at least 24 hours before an assignment is due if you have extraordinary circumstances preventing you from handing in your work on time. Note that "I have to attend a funeral" and "I am participating in a national championship" are examples that I normally consider to be extraordinary circumstances, whereas "I have a paper due in another class" and "my comps presentation is tomorrow" are not. In emergencies, contact me as soon as you are able.

In practice during the COVID era, I have been quite a bit more lenient about extensions than the previous two paragraphs would suggest. But there are two good reasons for you to consistently do your work on time without requesting extensions: you'll keep up with the class material and won't fall behind, and you won't force me to make difficult judgments about fairness when you ask me for extensions.

Takehome exams are due by the due time, and will receive no credit otherwise except in very unusual circumstances.

Collaboration

Working with your classmates is generally a good thing. Sharing insights can be fun, and can enhance everybody's learning. The main danger of collaborating on course work is in allowing your collaborator to do all the work, and thus all the learning.

For homework assignments, you may create your write-ups alone or with one classmate. If you work with a partner, you should submit one copy of your work with both names listed in your submission. If you would like me to assign you a partner for any given assignment, let me know via Slack direct message and I'll do my best to connect you with somebody.

In most cases, you'll submit your work using a GitHub repository. When you're working with a partner, you can put the submission in either one of your repositories, and I'll be able to find it. That said, it's very important to put your names in a comment at the top of source code or at the top of a PDF or whatever. Similarly, when I ask you to use a specific file name or put things in a specific folder, it's important for you to do so. I try to automate whatever is automatable when I'm writing feedback for you, and by following my specifications, you can make my job a lot easier and less error-prone.

For takehome exams, of course, you must work alone, using only the resources I explicitly allow.

If you have any doubts about what constitutes acceptable collaboration, let me know.

Using stuff you find online

Here are some thoughts on using other people's code. Read that document, please. And to reiterate: cite your sources and check with me if you think you might be straying into plagiarism territory.

My thoughts on non-code resources are consistent with the guidance provided by Carleton's Writing Center. Learning from many sources is great. It's important, however, not to claim other people's work as your own, even implicitly.

Questions about general or specific issues in this realm? Talk to me!

Slack

We will use a Slack workspace to share questions and answers, ideas, interesting security-related articles, etc. I have invited you via your Carleton email address to join the Slack group, so you should have received an invitation email by now. If not, let me know.

I recommend that you choose a way to check for Slack updates at least daily. Because I am part of several on-going Slack groups, I just keep the Slack desktop app running and hidden. Many of my students and other collaborators prefer the mobile Slack app, which is fine, too.

GitHub

We will use public GitHub repositories for homework submission. See the Week 1 lab on this subject for instructions on getting set up.

Rough schedule

The rough ordering of topics in the course is shown below. Independently of these topics, we'll slip in some attention to security history, current security news, and practice on developing the