Policies
Communication
We will be using Piazza for discussions outside of class. Rather than emailing general questions to a professor or TA, we encourage you to post your questions on Piazza, so everyone can benefit from the answer and any discussions around it.
Grading
For each exam (and only for the exams), we will curve the scores (upward only) to a normal distribution.
We translate your final class percentage into a letter grade as follows:
- 89.5 – 100: A
- 79.5 – 89.4: B
- 69.5 – 79.4: C
- 59.5 – 69.4: D
- < 59.5: F
The total points possible are allocated as follows:
- 40% Homework
- 20% Best exam score
- 20% Second best exam score
- 10% Third best exam score
- 5% Class Participation
- 5% Recitation Participation
Electronics
Studies show that multitasking with electronics in the classroom can have a significant negative impact not just on your understanding, but also on the learning of students around you. Hence, aside from the in-class polls discussed below, students may not use any electronic devices in lecture (no cell phones, laptops, tables, etc.) without explicit permission in writing from the instructor. Students are expected to take notes, but to do so manually (e.g., with pencil and paper). Exceptions will be granted in accordance with university guidelines for accessibility concerns.
Participation
Attendance is required (if not always strictly recorded)
You will be responsible for all materials presented in lectures and recitations. You should not expect that all lecture or recitation materials will be given to you in written form. We strongly encourage you to be active in class discussions, in recitation, and Piazza, but your actual participation grades will be based on the quantitative measures described below. Note that these measures include a grace policy designed to accomodate the inevitable conflicts that tend to arise each semester. If you have to miss lecture or recitation, please do not ask to be excused; the missed participation points will be automatically deducted from your grace budget.
Recording (audio or video)
Students may not independently record lectures or recitations without explicit permission in writing from the instructor. Violations will result in your failing the course. Exceptions will be granted in accordance with university guidelines for accessibility concerns, but even then such recordings may not be shared publicly or privately and must be deleted at the end of the semester.
To facilitate additional learning that might come from revisiting a previous lecture, we aim to make videos of the lectures privately available online via Canvas (look for the “Zoom” tab). The time taken to transcode the videos can vary, so they may not be available immediately after the lecture slot. These videos are only for students in the class and should not be shared.
Class Participation Score
Your class participation score will be based on the use of in-class polls. Most classes will begin with 1-2 questions about the previous lecture. These will be answered on your own. There will also be questions during the lectures. For these, you will typically be allowed to confer with a partner before answering. Overall, there will typically be 4-5 questions each class. To lower the pressure and to account for inevitable conflicts or technical glitches that cause you to miss class, we will drop the lowest 30% of your answers. In other words, if during the entire course, we have 100 questions, then if you get credit for 70 of the questions, you will receive the full 5% participation score.
Recitation Participation Score
Most recitations will involve a group activity that you should be able to complete during recitation (the goal is not to give you more homework!). If you complete the activity by the end of recitation, you will receive 5 points. If by the end of recitation, you can show us that you made substantial progress on the activity, then you will receive 4 points. Otherwise, you will receive 0 points. We will drop the lowest 25% of your recitation activity scores.
Participation Ethics
Note that class and recitation participation points are meant to provide both you and me with important feedback on how well you are learning the material. In this regard, they serve the same purpose as homeworks or exams, just at a more frequent, lower-stakes level. Hence, just like on homeworks and exams, conferring with others is not permitted (unless otherwise announced) nor should you enter answers on others’ behalf. Violations will be handled in accordance with the Cheating Policy below.
Optional Bonus Participation
One of the fun/scary parts of computer security is that security problems are
constantly in the news!
One time during the semester, if you choose, you can add a post to Piazza about
such a news item, as long as no one else has already covered that particular bit
of news. In your post, succinctly and in your own words explain how the news
relates to the class, what the underlying security flaw was
(i.e., don’t just say “TwitBook got hacked”, say “An attacker exploited
an XSS vulnerability in a library that TwitBook’s site relies on”),
and how it could have been prevented, ideally using techniques we have covered in class.
Include any relevant links to the news coverage,
and ideally any underlying technical details (e.g., the revelant
entry in a CVE database).
Be sure to tag you post with the “News” folder.
A good news post will be worth 10 homework points,
which will be added to your overall homework score.
To spread these out during the semester, bonus credit will only be given for the first 10 news posts in any given calendar week (i.e., Monday-Sunday), and only during the regular lecture portion of the semester (i.e., not during finals period). Hence, we encourage you to post early on, so that you are not shut out at the end of the semester.
Readings
Most lectures will be accompanied by optional and required readings. Optional readings provide further depth and/or explanation which can be quite helpful for improving your understanding or approaching certain homework questions, but the material in optional readings will not be required for exams. Each class with a required reading will be accompanied by a “quiz” on Canvas. The “quiz” will ask you to summarize the key points of the reading and report on any aspects you found confusing. To ensure we can respond to such confusion during lecture, the “quiz” will be due a few hours before the corresponding lecture. Late answers will not be accepted nor can late days be used. Providing reasonable answers to both questions on the quiz will be worth 2 points. Scores from quiz responses will be considered as part of your homework score. To account for the vicissitudes of life, we will drop your two lowest reading scores.
Resources
Many of the lecture slides rely on PowerPoint animation to better convey the concepts. Hence, when reviewing the slides at a later point, they work best if you actually click through the presentation, instead of just looking at the slides statically. CMU provides you with a free, downloadable copy of PowerPoint. If you run into trouble with that, you can also use PowerPoint in a virtual machine, or via Virtual Andrew. You can also view them via a free online viewer or mobile app.
Before each lecture, we provide you with a lecture guide (see the lecture schedule for links). These include a variety of questions you should be able to answer by the end of the lecture. The notes are not a substitute for attending lecture; they are merely intended to help you focus on important topics that the lecture will cover. Note that material that does not appear in the lecture notes is still fair game for homeworks and exams.
No Late Days
Late days interfere with the ability of course staff to quickly turn around assignment grades and solutions. We cannot give out solutions or graded assignments until everyone has turned in their work. With weekly assignments, including some that build on each other, delaying grading would be too detrimental to the class as a whole. Hence, we will not be offering late days this semester, and late homework will not be graded. The only exceptions will be for family emergencies or exceptional circumstances. We do not offer exceptions for personal scheduling issues such as interviews, class load, etc. We still encourage you to complete the homework, since it will be good preparation for the exams.
However, we realize that you have a lot to juggle during the semester, so to lower the stakes on homework, we will discount the overall homework grade by approximately 50 points. In other words, if all of the homework together is worth N points, then as long as you achieve at least N - 50 points, you will receive 100% of the homework portion of your class grade.
Also see the Optional Bonus Participation above for another way to boost your homework score.
Ethics, and Cheating
The course staff will treat all students ethically and fairly. We, in turn, expect the same from all students.
Any lapse in ethical behavior will immediately result in −1,000,000 points, as well as be immediately reported to the appropriate university disciplinary unit. Really. No matter what. The course staff looks at students who cheat or plagiarize as far beneath someone who fails the course.
This course will follow CMU’s policy on cheating and plagiarism. Note that the policy gives several examples of what constitutes cheating and plagiarism. If you have any questions, you should contact the instructors.
Students should behave ethically. This means obeying the law, but that is not enough. Behaving ethically means you avoid activities that do harm or may do harm to people, the environment, or other computers. In short, don’t be a nuisance.
Note just because you can do something (or you read about others doing it) does not make it ok. For example, scanning a network may not be illegal (I am not a lawyer, so I shy away from definitive statements). However, scanning can crash computers. For example, we know of several very popular commodity-grade IP cameras that crash when you scan them. Sure, the camera software is buggy. But is there any reason for you, not being a professional, to crash a camera monitoring a baby? Launching exploits, “testing” the security of a system without explicit permission from all necessary parties, and so on are all unethical for the purpose of this course.
Collaboration
Students are encouraged to talk to each other about class concepts. For assignments, assistance should be limited to discussion of the problem and at most sketching general approaches. Each student must turn in his or her own solution, derived from his or her own thoughts. Course staff may verify a student did the prescribed work by asking for a verbal explanation, and failure to correctly re-explain a submitted solution is considered a strong indication of cheating.
Student Outcomes
The ECE department is accredited by ABET to ensure the quality of your education. ABET defines 7 Educational Objectives that are fulfilled by the sum total of all the courses you take. The following list describes which objectives are fulfilled by 18-330 and in what manner they are fulfilled. ABET numbers objectives from 1 to 7. Those objectives not fulfilled by this course have been omitted from the following list.
- An ability to identify, formulate, and solve complex engineering problems by applying principles of engineering, science, and mathematics. The course poses many problems (on homework, during exams, and for in-class exercises) for students to formulate and solve using good engineering practice. Students will use mathematical and engineering concepts to identify flaws in software and solve the complex problems necessary to secure it.
- An ability to apply engineering design to produce solutions that meet specified needs with consideration of public health, safety, and welfare, as well as global, cultural, social, environmental, and economic factors. Poor computer design and engineering are the root causes of most security vulnerabilities in deployed systems today. As society increasingly relies on software in critical situations, these vulnerabilities translate into threats to safety and economic well being. This course will examine approaches, mechanisms, and tools used to make computer systems more secure.
- An ability to communicate effectively with a range of audiences. Students practice their communication skills during team-based exercises in class and recitation, as well as the basic written communication of problem solutions on homework and exams.
- An ability to recognize ethical and professional responsibilities in engineering situations and make informed judgments, which must consider the impact of engineering solutions in global, economic, environmental, and societal contexts. As in many engineering domains, designing secure systems involves extensive tradeoffs. Students will learn to assess and weigh these tradeoffs, including the impact they have on end users.
- An ability to function effectively on a team whose members together provide leadership, create a collaborative and inclusive environment, establish goals, plan tasks, and meet objectives. Students will work in teams during exercises in lectures and recitations.
- An ability to acquire and apply new knowledge as needed, using appropriate learning strategies. In multiple homework assignments, students must analyze new systems, identify vulnerabilities, and develop custom exploits. This requires developing new knowledge, including use of the tools to perform the analysis.
Work Life Balance
Take care of yourself. Do your best to maintain a healthy lifestyle this semester by eating well, exercising, avoiding drugs and alcohol, getting enough sleep and taking some time to relax. This will help you achieve your goals and cope with stress.
All of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful.
If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. Counseling and Psychological Services (CaPS) is here to help: call 412-268-2922 and visit their website. Consider reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.
If you have questions about this or your coursework, please let us know.
Commitment to Diversity
Every individual must be treated with respect. The ways we are diverse are many and are critical to excellence and an inclusive community. They include but are not limited to: race, color, national origin, sex, disability, age, sexual orientation, gender identity, religion, creed, ancestry, belief, veteran status, or genetic information. We at CMU, will work to promote diversity, equity and inclusion because it is just and necessary for innovation. Therefore, while we are imperfect, we will work inside and outside of our classrooms, to increase our commitment to build and sustain a community that embraces these values.
It is the responsibility of each of us to create a safer and more inclusive environment. Bias incidents, whether intentional or unintentional in their occurrence, contribute to creating an unwelcoming environment for individuals and groups at the university. If you experience or observe unfair or hostile treatment on the basis of identity, we encourage you to speak out for justice and support in the moment and and/or share your experience anonymously using the following resources:
- Center for Student Diversity and Inclusion: Email: csdi@andrew.cmu.edu, Phone: (412) 268-2150
- Report-It online anonymous reporting platform: Username: tartans, Password: plaid
All reports will be acknowledged, documented and a determination will be made regarding a course of action. All experiences shared will be used to transform the campus climate.