This course will introduce students to the fundamentals of computer security. We will focus on software security, applied cryptography, network security, OS security, and privacy. A recurring theme will be security definitions, what kinds of security vulnerabilities may arise, and how to spot and fix vulnerabilities. The course will be structured into three broad sections: Software Security, Cryptography, and Networks/System Security.

Exams

There will be three exams in the course: One for each of the course's main sections.

Homeworks

There will be 10 homework assignments containing a variety of problems covering both theoretical and practical components of security.

Letter Grade Assignment
I will use standard, "rounded" grade percentages as follows:

• 90 – 100: A
• 80 – 90: B
• 70 – 80: C
• 60 – 70: D
• < 60: R

Grade Weighting
The total points possible are allocated as follows:

• 40% Homework
• 20% Best Exam Score
• 20% Second Best Exam Score
• 10% Third Best Exam Score
• 5% Class Participation
• 5% Recitation Participation

Regrade Requests
We occasionally make mistakes while grading (we're only human!). If you find a mistake which you would like corrected:

• If the graded item was returned on Gradescope, use the Gradescope regrade request feature.
• If the graded item was returned some other way, please contact the instructor.

In both cases, include all relevant details for your regrade request.

Regrades must be requested within two weeks of the time when the contested grade was released.

Note: Regrade requests will result in the entire problem being regraded, not just the incorrectly graded part.

Late Days
Late days interfere with the ability of course staff to quickly turn around assignment grades and solutions, since we cannot give out solutions or graded assignments until everyone has turned in their work. However, we understand that unforseen circumstances may arise. Thus, each student has a budget of three late days for the semester, of which at most one can be used on any single assignment. Once your budget of late days has been used up, no further days will be granted, and late homework will be marked as a zero.

Extensions
Outside of the late day policy mentioned above, we cannot give individual extensions on assignments or assessments. However, there are a few exceptions.

• Medical Emergencies: If you are sick to the point that you cannot attend class or do work, go to the doctor! If you have a short illness (such as food poisoning or the flu) you should simply use a late day (for homework) or a dropped quiz for a quiz. Students who have prolonged medical emergencies may obtain extensions from the instructors after coordinating with the Office of Health and Wellness. Please see the medical excuse guidelines available on Scotty.

• Family/Personal Emergencies: If you are having a family or personal emergency (such as a death in the family or a mental health crisis), reach out to your academic advisor immediately! They can help support you in your time of need, and will also reach out to all of your instructors (including me) to request extensions for you.

• University-Approved Absences: If you are attending a university-approved event off-campus (such as a multi-day athletic/academic trip organized by the university), you may request an extension for the duration of the trip. You must provide confirmation of your attendance, usually from a faculty or staff organizer of the event.

Please note that extensions must be requested before the assignment/assessment deadline.

Attendance is required

You will be responsible for all materials presented in lectures and recitations. You should not expect that all lecture or recitation materials will be given to you in written form. We strongly encourage you to be active in class discussions, in recitation, and Piazza.

Class Participation Score

Your class participation will be based on attendance and participating in in-class activities. Class participation, overall, will be graded out of 50 points, and an absence will be a -5. In addition, failure to participate in in-class activities (such as polls) may result you being marked absent.

Recitation Participation Score

Many recitations will involve an activity that you should be able to complete during recitation (the goal is not to give you more homework!). If you complete the activity by the end of recitation, you will receive 5 points. If by the end of recitation, you can show us that you made substantial progress on the activity, then you will receive 4 points. Otherwise, you will receive 0 points.

Optional Bonus Participation:

One of the fun/scary parts of computer security is that security problems are constantly in the news!
One time during the semester, if you choose, you can add a post to Piazza about such a news item, as long as no one else has already covered that particular bit of news. In your post, succinctly and in your own words explain how the news relates to the class, what the underlying security flaw was (i.e., don’t just say “TwitBook got hacked”, say “An attacker exploited an XSS vulnerability in a library that TwitBook’s site relies on”), and how it could have been prevented, ideally using techniques we have covered in class. Include any relevant links to the news coverage, and ideally any underlying technical details (e.g., the relevant entry in a CVE database). Be sure to tag you post with the “News” folder. A good news post will be worth 4 participation points, which will be added to the lowest of your class or recitation participation scores.

Most lectures will be accompanied by optional and required readings. Optional readings provide further depth and/or explanation which can be quite helpful for improving your understanding of the topic or for approaching certain homework questions, but the material in optional readings will not be required for exams. The required readings we will expect you to have read. These readings reinforce and sometimes add depth to what’s covered in class. We won’t explicitly test you specifically on the required readings, but the content that was covered both in class and in required readings can be in quizzes and exams.

The course staff will strive to treat all students ethically and fairly. We, in turn, expect the same from all students.

Any lapse in ethical behavior will immediately result in −1,000,000 points, as well as be immediately reported to the appropriate university disciplinary unit. Really. No matter what. The course staff looks at students who cheat or plagiarize as far beneath someone who fails the course.

This course will follow CMU’s policy on cheating and plagiarism. Note that the policy gives several examples of what constitutes cheating and plagiarism. If you have any questions, you should contact the instructor.

Collaboration. Students are encouraged to talk to each other, to the course staff, or to anyone else about any of the assignments. Assistance should be limited to discussion of the problem and sketching general approaches to a solution. Each student must turn in his or her own solution, derived from his or her own thoughts. Course staff may verify a student did the prescribed work by asking for a verbal explanation, and failure to correctly re-explain a submitted solution will results of a score of 0 for that assignment.

Generative AI and Similar Tools. Generative AI tools, such as ChatGPT, may not be used to aid you in solving homeworks. The reason is simple: They shortcut the learning process and prevent you from properly learning the material. The one exception is that you may use a tool like Grammarly for basic spelling/grammar checks. (But if it writes a sentence for you, that's cheating.)

Other Legal and Ethical Issues. Students should behave ethically. This means obeying the law, but that is not enough. Behaving ethically means you avoid activities that do harm or may do harm to people, the environment, or other computers. In short, don't be a nuisance. Note just because you can do something (or you read about others doing it) does not make it ok. For example, scanning a network may not be illegal (I am not a lawyer, so I shy away from definitive statements). However, scanning can crash computers. For example, there are several very popular commodity-grade IP cameras that crash when you scan them. Sure, the camera software is buggy. But is there any reason for you, not being a professional, to crash someone else's camera? Launching exploits, "testing" the security of a system without explicit permission from all necessary parties, and so on are all unethical for the purpose of this course.

Recording (audio or video)

Students may not independently record lectures without explicit permission in writing from the instructor. Violations will result in your failing the course. Exceptions will be granted in accordance with university guidelines for accessibility concerns, but even then such recordings may not be shared publicly or privately and must be deleted at the end of the semester.

Diversity
It is my hope that students from a diversity of backgrounds and perspectives be well served by this course, that students' learning needs be addressed both in and out of class, and that the diversity students bring to this class be viewed as a resource, strength and benefit. It is my intent to present materials and activities that are respectful of diversity: gender, sexuality, disability, age, socioeconomic status, ethnicity, race, nationality, religion, and culture. Your suggestions are encouraged and appreciated. Please let me know ways to improve the effectiveness of the course for you personally or for other students or student groups.
This statement is adapted from The University of Iowa Department of Education.

Accommodations for Students with Disabilities
Carnegie Mellon University is committed to providing reasonable accommodations for all persons with disabilities. To access accommodation services you are expected to initiate the request and submit a Voluntary Disclosure of Disability Form to the office of Health & Wellness or CaPS-Q. In order to receive services/accommodations, verification of a disability is required as recommended in writing by a doctor, licensed psychologist or psycho-educational specialist. The office of Health & Wellness, CaPS-Q and Office of Disability Resources in Pittsburgh will review the information you provide. All information will be considered confidential and only released to appropriate persons on a need to know basis.

Once the accommodations have been approved, you will be issued a Summary of Accommodations Memorandum documenting the disability and describing the accommodation. You are responsible for providing the Memorandum to your professors at the beginning of each semester.

For more information on policies and procedures, please visit Assistance for Individuals with Disabilities on Scotty.

For additional information, please feel free to contact any of the following:

• Amie Rollins, Director of Health and Wellness at amier@andrew.cmu.edu
• Atorina Benjamin, Counseling and Psychological Services at atorinab@qatar.cmu.edu
• Catherine Getchell, Disability Resources Office at getchell@cmu.edu

Take Care of Yourself
We all feel stress at different times and for different reasons, and when we do, it is good to reach out for support. Do your best to maintain a healthy lifestyle by eating well, exercising, getting enough sleep and taking some time to relax. Please know that you are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner, rather than later, can often help your situation from getting more complicated. If you or any of your CMUQ peers are experiencing academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support.

Our Student Affairs staff are here to help:

• Dr. Dalia Rehal, Associate Dean for Student Affairs (CMB 1094), drehal@qatar.cmu.edu, 4454-8545
• Amie Rollins, Office of Health and Wellness (CMB 1103), amier@andrew.cmu.edu, 4454-8680
• Dr. Atorina Benjamin, Counseling and Psychological Services (CMB 1104), atorinab@qatar.cmu.edu, 4454-8525

You can also visit the Ilona Wyers Student Lounge and connect with anyone on the Student Affairs Team. Consider also reaching out to a friend, faculty, staff, or family member you trust for help.

If you would like to speak to a trained professional for mental health support, day or night, call our ProtoCall hotline at 5554 7913, which is staffed by trained mental health care providers.

If the situation is life threatening, call 999.