Whether you plan on heading into graduate studies, or into industry, being able to understand, communicate, and leverage security research is an invaluable skill to have. This class will take us through major security research in many sub-areas, and at the end you will have honed your skills.

Course work includes reading and writing reviews for papers, presenting work to the class, and a final project that is either a practical implementation or research exploration with a report (visit the course project page for more details).

Our planned topics and readings can be found on the readings page. Although, we can cover other topics if we have interest.

Grading

Good news... no exams! Instead your grade will be based on the following breakdown:

• Class Participation (5%) - Each class we will either discuss different sub-areas of security, or you will read a few research papers. After the topic / paper presentations we will discuss strengths, weaknesses, scope, and future research related to it in an open discourse.


• Paper Reviews (20%) - Each week we will read a couple of research papers and you will need to write a review of them. Details of which are on the readings page. Reviews will be due at the start of the class the paper is being presented in (to help you come prepared for discussion!). You will also assess two responses written by your peers, and we will combine peer feedback into the grading of your reviews. The lowest two scores will be dropped from your final grade calculation (to allow some flexibility if you can't get one done or something comes up).


• Paper Presentations (20%) - You will give two - three presentations on papers through the course of the semester. It is your choice as to what papers they are (I'll do a sign up form). This will be a 30ish minute presentation about the paper you read, with 10-15 mins of discussion and questions afterwards. Grading will be a combination of reviews from classmates and mine, yet my focus is more about effort and improvement rather than mastery of details.


• Topic Presentations (20%) - For one of the papers you are presenting, depending on class knowledge, we will do presentations one day a week on the topic that will be covered by the upcoming papers, e.g. networking. I will provide a presentation outline of topics you should cover. Grading will be the same as the paper presentations. I will be available to help you prepare as well, since some of these topics may be brand new to you.


• Presentation Feedback (5%) - For each presentation given in class, you will be required to fill out a google form with feedback and grading your peers. This is purely a completion based assignment. This will be due a few hours after the class of the presentation. This way if you have more comments to make that you couldn't finish in class, you can finish up afterwards.


• Research Project / Exploration (30% breakdown below) - For full details about the project expectations go to the course project page
  • Project Proposal (5%) - Just a formal write-up of what we agree your project will be including some background and your action plan.
  • Presentation (10%) - Presenting your work and findings on or around the last two classes.
  • Write-up (15%) - You will write a report similar in format to the papers we are reading about the cool stuff you do!

Security Resources

Here we'll keep tabs on any cool news we come across, and some great sources for all things security.

Ethics, Law, and being Safe

To defend a system, you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our class policy is that you must respect the privacy and property rights of others at all times, or else you will fail the course.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. The EFF provides helpful advice on vulnerability reporting and other legal matters. If in doubt, we can refer you to an attorney.