Announcements

All announcements will be on EdStem.

Class Info

Office hours:

Vasanta

Monday 1 - 3.00PM

Tuesday 1 - 3.00PM

Zoom, By Appointment

See the pinned post on EdStem for details on booking an appointment via zoom.

Weekly Lab Sessions

Section A

Wednesday 1.15 - 2.45PM

Section B

Wednesday 3.00 - 4.30PM

Welcome to CS88, Security and Privacy! This course will introduce fundamental ideas in security and privacy. The structure of this course may be different from many other at Swarthmore. We will be using a teaching model called Peer Instruction, which places a strong emphasis on classroom discussion and student interaction.

The course is composed of the following:

  • Readings and Videos: The readings serve as a first exposure to new topics, where students learn the basics of the material.

  • Class meetings: The classroom material will cover the difficult concepts and facilitate student discussions.

  • Labs: There are several lab programming assignments (mostly in C) that will explore various aspects of security.

  • Midterms: There will be two midterms instead of a final for this course.

  • Project: There will be a significant end-of-year project culminating in a presentation during Finals Week.

All assessment submissions should follow the Swarthmore Academic Integrity guidelines.

iClickers: This course will use iClickers to facilitate feedback and discussion during class. For many upper level courses including CS88, clicker will commonly be used in class. Clickers may be purchased at the college bookstore or online. Please register your device as soon as you get it. Registering allows me to give you credit for quizzes and class participation. We will begin using clickers for credit at the start of week 2!

Goals for the course

By the end of the course, we hope that you will have developed the skills to:

  • Adopt a "Security Mindset"

  • Learn how computers systems and systems in general can be attacked.

  • Understand and apply security principles to prevent attacks and/or limit their consequences.

  • Become an educated consumer of security and privacy policies, systems and their implementations.

  • Understand Security and Privacy in teh borader context of law, policy and ethics.

Required Textbook

There is no required textbook for this course. We will do readings from various sources listed below. The following are recommended textbooks that are also available from the Cornell Library on reserve:

  • Security Engineering, 2nd Edition. Ross Anderson. Free Online

  • Gray Hat Hacking, 3rd Edition. Harper et. al. Free Online

  • Security in Computing, 5th Edition. Charles P. Pfleeger, Shari Lawrence Plfeeger and Jonathan Margulies

  • Computer Security, 3rd Edition. Dieter Gollmann

Class Schedule

This is a tentative schedule; it may change as we go. You should read the assigned sections before class to prepare for class discussion points.

WEEK   DATE   ANNOUNCEMENTS TOPIC & READING LAB ASSIGNMENTS
1

Aug 30

 

Class Slides

Required Reading

Lab 0

Sep 01

Labor Day (Sep 05)

2

Sep 06

 

Class Slides

Required Reading

Lab 1

Sep 08

Add/Drop Ends (Sep 09)

3

Sep 13

 

Class Slides

Required Reading

Sep 15

 
4

Sep 20

 

Class Slides

Required Readings & Videos

Optional Reading: * Tuesday: Red Hat: Stack Smashing Protection

Lab 2a

Sep 22

 
5

Sep 27

 

Class Slides

Required Reading

Optional Reading

Lab 2b

Sep 29

 
6

Oct 03

Midterm-1

Oct 04

 

Class Slides

Required Readings

  • Tuesday
  • Thursday

Lab 3

Oct 06

 
7

Oct 11

 

Class Slides

Required Reading

  • Tuesday:
  • Thursday:

Oct 13

 
8

Oct 18

 

Class Slides

Required Reading

Lab 4

Oct 20

 
9

Oct 25

 

Class Slides

Required Reading

  • Tuesday: Textbook: 4.3.4 - 4.3.5, 5.6
  • Thursday: Textbook: 5.1, 5.3 (before OSPF)

Oct 27

 
10

Nov 01

 

Class Slides

Required Reading

Project

Nov 03

 
11

Nov 08

 

Class Slides

Required Reading

Nov 10

 
12

Nov 14

Midterm-2

Nov 15

 

Class Slides

Nov 17

 
13

Nov 22

 

Class Slides

  • Tuesday: Project Discussion
  • Thursday: Project Discussion

Nov 24

Thanksgiving

14

Nov 29

 

Class Slides

  • Tuesday: Project Discussion
  • Thursday: Project Discussion

(continued)

Dec 01

 

 

15

Dec 06

 

About Course Work

Class Policy

This course will have pre-recorded class videos and readings that are required before class. There will be a short reading quiz based on that day’s required videos/readings. In-class we will break into smaller discussion groups and go over 10-15 minute discussion questions, that take a deeper look at the class material. You’re expected to actively participate in your smaller discussion groups. The homework quizzes will heavily be based on class discussions.

Class Attendance: Participation in class discussions accounts for your participation grade.

Lab Policy

This course features regular lab assignments that account for the largest component of your course grade. Lab attendance is required by all students, unless you have already completed and submitted the lab assignment for the week. While you must attend the lab session for which you are registered, you may optionally attend additional lab sessions, however, students registered for the lab will have priority.

Changing Lab Sections: Right now, we have an even number of folks in each lab section. If you would like to switch sections please send out a post on EdStem so someone can swap with you.

Lab Due Dates

Lab assignments will typically be assigned during the lab sections on Wednesday will generally be due by midnight on Tuesday 1-2 weeks later. The assignments for this course are designed to expose you to real-world systems. They are probably going to be more complex than most other course related work. You are strongly encouraged to start early! If you can get in the habit of starting early you will be much better off.

Lab Partnerships

For this course, there will be 1 individual lab, and 5 paired labs. You may choose your own lab partner for each lab, there will be a Edstem post to record your choice the week before the lab is out. If you have not chosen a lab partner by Friday the week before, I will assign a lab partner for you.

Working with Partners: For partnered lab assignments, you should follow these guidelines:

  • The expectation is that you and your partner are working together side by side, virtually, for most, if not all, of the time you work on partnered lab assignments. You and your partner should work on all aspects of the project together: initial top-down design, incremental testing and debugging, and final testing and code review.

  • If you are pair programming, where one of you types and one of you watches and assists, then you should swap roles periodically, taking turns doing each part. There may be short periods of time where you each go off and implement some small part independently. However, you should frequently come back together, talk through your changes, push and pull each other’s code from the git repository, and test your merged code together.

  • You should not delete or significantly alter code written by your partner when he or she is not present. If there is a problem in the code, then meet together to resolve it. If there is any issue with the partnership, please contact Vasanta.

Partnerships where partners work mostly independently rarely work out well and rarely result in complete, correct and robust solutions. Partnerships where partners work side-by-side for all or most of the time tend to work out very well.

You and your partner are both equally responsible for initiating scheduling times when you can meet to work together, and for making time available in your schedule for working together.

Absence / Assignment Extension Policy

To help with cases of minor illnesses, or other short-term time limitations, we will drop your three lowest reading and participation grades. You are still responsible for the material, and you should review any missed materials via the class recordings as soon as you can.

Each student may use up to 2 late days per lab assignment, up to a total sum of 5 late days on labs for the semester, no questions asked. Late days do not apply to reading quizzes, participation grades. A late day is a considered a full 24-hours (i.e., 15 minutes late is the same as 23 hours late). In the case of labs, late days are counted against all lab partners.

In the rare case in which only one partner has unused late days, the partnership can use the late days, barring a consistent pattern. If you continuously find yourself needing late days on the assignment, please reach out to your Professor to discuss this.

To use your extra time, you must email your professor after you have completed the lab and pushed to your repository. You do not need to inform anyone ahead of time. When you use late time, you should still expect to work on the newly-released lab during the following lab section meeting. The professor will always prioritize answering questions related to the current lab assignment.

If you feel that you need an extension on an assignment or that you are unable to attend class for two or more meetings due to a medical condition (e.g., extended illness, concussion, hospitalization) or other emergency, you must contact the dean’s office and your instructors. Faculty will coordinate with the deans to determine and provide the appropriate accommodations.

Grading

Grades will be weighted as follows:

35%

Lab assignments (3%, 8%, 8%, 8%, 8%)

35%

Midterm-1 (15%) and Midterm-2 (20%)

15%

Final project

10%

Class & Lab Attendance (5%), Reading Quizzes (5%)

5%

EdStem Participation

How to Succeed in CS 88

  • Attend class.
    Class attendance is mandatory. In class, we will do a deep dive into the more challenging details of the material. Example case-studies in class will directly contribute to your ability to complete homeworks and midterms.

  • Do the required readings/listen to videos before you come to class.
    In-class group participation will carry grades, so please come prepared with your readings and videos. This will make for an interesting and lively debate in class.

  • Ask questions if you don’t understand.

    • This means both during class and while doing lab assignments.

    • This class continually builds on previous material, so if you don’t understand something one week, it will continue to be a problem the next week, and the week after that, and so on.

    • If you need help, ask your classmates (make sure you have read the "Academic Integrity" section below first), post on EdStem, or come talk with me during my office hours.

  • Start the lab assignments early.

    • The assignments for this course are designed to expose you to real-world systems. They are probably going to be more complex than most other assignments from earlier courses.

    • Get in the habit of starting early you will be much better off. If you get stuck on a lab issue early (i.e., not two hours before it is due), there will be time to look for help.

    • In addition, if you start early enough, you can take a break, go do something else, and come back later. I find I always have at least a few new ideas when I come back to a problem after a break. If you wait until the last minute, you can’t do this.

  • Completing your labs.

The only effective way to learn the material and consistently do well in the labs is to get into the regular habit of: Discussing the top-down design of your code with your lab partner, before you start coding. Writing descriptive function comments as you go along. ** Incrementally coding and testing with GDB and Valgrind.

+ This process, will make you a sought after computer scientist once you graduate.

  • Attend CS88 Labs.
    Lab Attendance is mandatory, and the labs constitute the largest portion of your grade. You should be there!

  • Seek help early and often.
    Because course material builds on previous material, it is essential to your success in this class that you keep up with the course material. If you are having difficulty with a programming assignment, if you didn’t follow something covered in class, if you feel you need some extra help understanding or practicing some of the course material, or if you just want to discuss something from a class, an assignment, or the text, please come to my office hours.

Policies

Legality and Ethics

In this class, you will learn about various security vulnerabilities and about implementing and launching various attacks, and possible countermeasures and controls used to prevent such attacks. This is not an invitation to perform these attacks. You are expected to perform your labwork using the virtual machines as directed by the lab assignments. You shoud not try or consider trying these exercises on any real system or network. To do otherwise would risk a violating Swarthmore College policies, PA and U.S. laws, and very likely illegal in most other countries. This applies whether or not you utilize Swarthmore College computing systems and/or networks. Apart from obeying the law, behaving ethically means you avoid activities that do harm or may do harm to people, the environment, or other computers. Note that just because you can do something, that is potentially technically legal, but is in any way harmful or a nuisance, or is without explicit permission from all necessary parties, is unethical for the purpose of this course.

The goal is to foster discovery, experimentation, and exploration, but in a safe, ethical, and respectful manner, always. If you have any questions or concerns, do not hesitate to contact the course professor directly. Please sign the ethics policy form agreeing to this policy by the end of the first week of course to continue to be enrolled in the course: Ethics Form

Language adapted from Dave Levine, UMD; Charles Palmer, Dartmouth; and Bryan Parno, CMU

Academic Integrity

Academic honesty is required in all your work. Under no circumstances may you hand in work done with (or by) someone else under your own name. Your code should never be shared with anyone; you may not examine or use code belonging to someone else, nor may you let anyone else look at or make a copy of your code. This includes, but is not limited to, obtaining solutions from students who previously took the course or code that can be found online. You may not share solutions after the due date of the assignment or make them publicly available anywhere (e.g. public GitHub repository).

Discussing ideas and approaches to problems with others on a general level is fine (in fact, we encourage you to discuss general strategies with each other), but you should never read anyone else’s code or let anyone else read your code. All code and written homeworks you submit must be your own with the following permissible exceptions: code distributed in class, code found in the course text book, and code worked on with an assigned partner. In these cases, you should always include detailed comments that indicates on which parts of the assignment you received help, and what your sources were.

Failure to abide by these rules constitutes academic dishonesty and will lead to a hearing of the College Judiciary Committee. According to the Faculty Handbook:

"Because plagiarism is considered to be so serious a transgression, it is the opinion of the faculty that for the first offense, failure in the course and, as appropriate, suspension for a semester or deprivation of the degree in that year is suitable; for a second offense, the penalty should normally be expulsion."

The spirit of this policy applies to all course work, including code, homework solutions (e.g., proofs, analysis, written reports), and exams. Please contact me if you have any questions about what is permissible in this course.

Exam Integrity

Students must strictly adhere to the following policy, which applies to all exams taken in a Computer Science course at Swarthmore:

Exam takers must place all non-essential items at the front of the room (or other designated area). Unless otherwise permitted, students may not have any electronic devices or course materials in their possession during the entirety of the exam. This includes cell phones, tablets, laptops, smart watches, course notes, articles and books, among others. These items should be placed at the front of the room near the proctor. If you need to leave the room during the exam, you must obtain permission from an instructor first. Any non-permitted discussion or aide in regards to exam material will result in immediate forfeiture of the exam and a report to the College Judiciary Committee. Please discuss any concerns or accommodations with your instructor prior to starting the exam.

Academic Accommodations

If you believe you need accommodations for a disability or a chronic medical condition, please contact Student Disability Services via email at studentdisabilityservices@swarthmore.edu to arrange an appointment to discuss your needs. As appropriate, the office will issue students with documented disabilities or medical conditions a formal Accommodations Letter. Since accommodations require early planning and are not retroactive, please contact Student Disability Services as soon as possible. For details about the accommodations process, visit the Student Disability Services website. You are also welcome to contact me privately to discuss your academic needs. However, all disability-related accommodations must be arranged, in advance, through Student Disability Services.

To receive an accommodation for a course activity you must have an official Accommodations Letter and you need to setup a meeting with me to work out the details of your accommodation at least two weeks prior to any activity requiring accommodations.