This course will introduce students to the fundamentals of computer security. We will focus on software security, applied cryptography, network security, OS security, and privacy. A recurring theme will be security definitions, what kinds of security vulnerabilities may arise, and how to spot and fix vulnerabilities. The course will be structured into three broad sections: Software Security, Cryptography, and Networks/System Security.

Exams

There will be three exams in the course: One for each of the course's main sections.

Homeworks

There will be three large scale homework assignments containing a variety of problems ranging from theoretical cryptography to hacking into a buggy web application. The details of those assignments will be released throughout the semester.

I will use standard, "rounded" grade percentages as follows:

• 90 – 100: A
• 80 – 90: B
• 70 – 80: C
• 60 – 70: D
• < 60: R

The total points possible are allocated as follows:

• 40% Homework
• 20% Best Exam Score
• 20% Second Best Exam Score
• 10% Third Best Exam Score
• 5% Class Participation
• 5% Recitation Participation

Attendance is required

Lectures will be held synchronously on Zoom. You will be responsible for all materials presented in lectures and recitations. You should not expect that all lecture or recitation materials will be given to you in written form. We strongly encourage you to be active in class discussions, in recitation, and Piazza.

Class Participation Score

Your class participation will be based on attendance and participating in in-class activities. Class participation, overall, will be graded out of 50 points, and an absence will be a -5. In addition, failure to participate in in-class activities (such as polls) may result you being marked absent.

Recitation Participation Score

Many recitations will involve an activity that you should be able to complete during recitation (the goal is not to give you more homework!). If you complete the activity by the end of recitation, you will receive 5 points. If by the end of recitation, you can show us that you made substantial progress on the activity, then you will receive 4 points. Otherwise, you will receive 0 points.

Participation Ethics

Note that class and recitation participation points are meant to provide both you and me with important feedback on how well you are learning the material. In this regard, they serve the same purpose as homeworks or exams, just at a more frequent, lower-stakes level. Hence, just like on homeworks and exams, conferring with others is not permitted (unless otherwise announced) nor should you enter answers on others’ behalf. Violations will be handled as academic integrity violations.

Optional Bonus Participation:

One of the fun/scary parts of computer security is that security problems are constantly in the news!
One time during the semester, if you choose, you can add a post to Piazza about such a news item, as long as no one else has already covered that particular bit of news. In your post, succinctly and in your own words explain how the news relates to the class, what the underlying security flaw was (i.e., don’t just say “TwitBook got hacked”, say “An attacker exploited an XSS vulnerability in a library that TwitBook’s site relies on”), and how it could have been prevented, ideally using techniques we have covered in class. Include any relevant links to the news coverage, and ideally any underlying technical details (e.g., the relevant entry in a CVE database). Be sure to tag you post with the “News” folder. A good news post will be worth 4 participation points, which will be added to the lowest of your class or recitation participation scores.

Recording (audio or video)

Students may not independently record lectures or recitations or post the recordings from Zoom without explicit permission in writing from the instructor. Violations will result in your failing the course. Exceptions will be granted in accordance with university guidelines for accessibility concerns, but even then such recordings may not be shared publicly or privately and must be deleted at the end of the semester.

Most lectures will be accompanied by optional and required readings. Optional readings provide further depth and/or explanation which can be quite helpful for improving your understanding or approaching certain homework questions, but the material in optional readings will not be required for exams.

If the professor feels that students are not doing the required readings, then short quizzes may be added in order to provide proper motivation. The course grade weightings would need to be slightly adjusted in this instance.

The course staff will strive to treat all students ethically and fairly. We, in turn, expect the same from all students.

Any lapse in ethical behavior will immediately result in −1,000,000 points, as well as be immediately reported to the appropriate university disciplinary unit. Really. No matter what. The course staff looks at students who cheat or plagiarize as far beneath someone who fails the course.

This course will follow CMU’s policy on cheating and plagiarism. Note that the policy gives several examples of what constitutes cheating and plagiarism. If you have any questions, you should contact the instructor.

Students should behave ethically. This means obeying the law, but that is not enough. Behaving ethically means you avoid activities that do harm or may do harm to people, the environment, or other computers. In short, don't be a nuisance.

Note just because you can do something (or you read about others doing it) does not make it ok. For example, scanning a network may not be illegal (I am not a lawyer, so I shy away from definitive statements). However, scanning can crash computers. For example, we know of several very popular commodity-grade IP cameras that crash when you scan them. Sure, the camera software is buggy. But is there any reason for you, not being a professional, to crash someone else's camera? Launching exploits, "testing" the security of a system without explicit permission from all necessary parties, and so on are all unethical for the purpose of this course.

Collaboration. Students are encouraged to talk to each other, to the course staff, or to anyone else about any of the assignments. Assistance should be limited to discussion of the problem and sketching general approaches to a solution. Each student must turn in his or her own solution, derived from his or her own thoughts. Course staff may verify a student did the prescribed work by asking for a verbal explanation, and failure to correctly re-explain a submitted solution is considered a strong indication of cheating.

Diversity
It is my hope that students from a diversity of backgrounds and perspectives be well served by this course, that students' learning needs be addressed both in and out of class, and that the diversity students bring to this class be viewed as a resource, strength and benefit. It is my intent to present materials and activities that are respectful of diversity: gender, sexuality, disability, age, socioeconomic status, ethnicity, race, nationality, religion, and culture. Your suggestions are encouraged and appreciated. Please let me know ways to improve the effectiveness of the course for you personally or for other students or student groups.
This statement is adapted from The University of Iowa Department of Education.

Accommodations for Students with Disabilities
Carnegie Mellon University is committed to providing reasonable accommodations for all persons with disabilities. To access accommodation services you are expected to initiate the request and submit a Voluntary Disclosure of Disability Form to the office of Health & Wellness or CaPS-Q. In order to receive services/accommodations, verification of a disability is required as recommended in writing by a doctor, licensed psychologist or psycho-educational specialist. The office of Health & Wellness, CaPS-Q and Office of Disability Resources in Pittsburgh will review the information you provide. All information will be considered confidential and only released to appropriate persons on a need to know basis.

Once the accommodations have been approved, you will be issued a Summary of Accommodations Memorandum documenting the disability and describing the accommodation. You are responsible for providing the Memorandum to your professors at the beginning of each semester.

For more information on policies and procedures, please visit Assistance for Individuals with Disabilities on Scotty.

For additional information, please feel free to contact any of the following:

• Amie Rollins, Director of Health and Wellness at amier@andrew.cmu.edu
• Atorina Benjamin, Counseling and Psychological Services at atorinab@qatar.cmu.edu
• Catherine Getchell, Disability Resources Office at getchell@cmu.edu

Take Care of Yourself
Take care of yourself. Do your best to maintain a healthy lifestyle this semester by eating well, exercising, avoiding drugs and alcohol, getting enough sleep and taking some time to relax. This will help you achieve your goals and cope with stress.

If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, I strongly encourage you to seek support. Student Affairs staff are here to help: call 4454 8526 or send Renee Camerlengo an email at reneec@andrew.cmu.edu. Consider reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.

If you or someone you know is feeling suicidal or in danger of self-harm, call someone immediately, day or night at 5554-7913, which is staffed by trained mental health care providers.

If the situation is life threatening, call 999.

Exams
Exams will occur during class time and require you to show your workspace using your webcam. Details will follow as we get closer to exam time.

Video in Lecture
In order to better promote both student and faculty engagement during remote lectures, all lecture participants are required to keep their video on throughout the class (unless otherwise instructed). Students who do not have their video on will be marked absent.

Having your video on and participating during live zoom sessions will support your learning in various ways. It may reduce the feeling of isolation and keep you connected with your colleagues and with the professor. It is also important to note that everyone’s remote classroom and learning experience is greatly improved if every student is visible. Maintaining a rich, interactive, and high-quality remote teaching experience will require us to work together. You are also encouraged to follow the same classroom etiquette as you would during normal in-person class sessions when connecting to virtual classes, such as:

• Dressing up appropriately
• Participating when required (whether by using your audio or the chat feature on Zoom)
• Staying engaged
• Avoiding any parallel work irrelevant to the session

There are legitimate circumstances under which a student may be exempted from this requirement. Students who believe they should be exempted should apply for a waiver. More information about the waiver process is available at the Guidelines for Students on the Use of Video and Audio in Remote Learning page on Scotty.