Policies

Communication

We will be using Ed Discussions for discussions outside of class. Rather than emailing general questions to a professor or TA, we encourage you to post your questions on Ed Discussions, so everyone can benefit from the answer and any discussions around it.

Grading

For each exam (and only for the exams), we will curve the scores (upward only) to a normal distribution.

We translate your final class percentage into a letter grade as follows:

The total points possible are allocated as follows:

Electronics

Studies show that multitasking with electronics in the classroom can have a significant negative impact not just on your understanding, but also on the learning of students around you. Hence, aside from the in-class polls discussed below, students may not use any electronic devices in lecture (no cell phones, laptops, tables, etc.) without explicit permission in writing from the instructor. Students are expected to take notes, but to do so manually (e.g., with pencil and paper). Exceptions will be granted in accordance with university guidelines for accessibility concerns.

Participation

Attendance is required (if not always strictly recorded)

You will be responsible for all materials presented in lectures and recitations. You should not expect that all lecture or recitation materials will be given to you in written form. We strongly encourage you to be active in class discussions, in recitation, and Ed Discussions, but your actual participation grades will be based on the quantitative measures described below. Note that these measures include a grace policy designed to accomodate the inevitable conflicts that tend to arise each semester. If you have to miss lecture or recitation, please do not ask to be excused; the missed participation points will be automatically deducted from your grace budget.

Recording (audio or video)

Students may not independently record lectures or recitations without explicit permission in writing from the instructor. Violations will result in your failing the course. Exceptions will be granted in accordance with university guidelines for accessibility concerns, but even then such recordings may not be shared publicly or privately and must be deleted at the end of the semester.

To facilitate additional learning that might come from revisiting a previous lecture, we aim to make videos of the lectures privately available online via Canvas (look for the “Zoom” tab). The time taken to transcode the videos can vary, so they may not be available immediately after the lecture slot. These videos are only for students in the class and should not be shared. Finally, there are sometimes glitches with the recording system so we do not guarantee that lecture videos will always be posted.

Class Participation Score

Your class participation score will be based on the use of in-class polls. Most classes will begin with 1-2 questions about the previous lecture. These will be answered on your own. There will also be questions during the lectures. For these, you will typically be allowed to confer with a partner before answering. Overall, there will typically be 4-5 questions each class. To lower the pressure and to account for inevitable conflicts or technical glitches that cause you to miss class, we will drop the lowest 30% of your answers. In other words, if during the entire course, we have 100 questions, then if you get credit for 70 of the questions, you will receive the full 5% participation score.

Recitation Participation Score

Most recitations will involve a group activity that you should be able to complete during recitation (the goal is not to give you more homework!). If you complete the activity by the end of recitation, you will receive 5 points. If by the end of recitation, you can show us that you made substantial progress on the activity, then you will receive 4 points. Otherwise, you will receive 0 points. We will drop the lowest 25% of your recitation activity scores.

Participation Ethics

Note that class and recitation participation points are meant to provide both you and me with important feedback on how well you are learning the material. In this regard, they serve the same purpose as homeworks or exams, just at a more frequent, lower-stakes level. Hence, just like on homeworks and exams, conferring with others is not permitted (unless otherwise announced) nor should you enter answers on others’ behalf. Violations will be handled in accordance with the Cheating Policy below.

Optional Bonus Participation

One of the fun/scary parts of computer security is that security problems are constantly in the news! One time during the semester, if you choose, you can add a post to Ed Discussions about such a news item. The news must be recent (within the last 3 months), and it cannot be about news that someone else has already posted about. In your post, succinctly and in your own words explain how the news relates to the class, what the underlying security flaw was (i.e., don’t just say “TwitBook got hacked”, say “An attacker exploited an XSS vulnerability in a library that TwitBook’s site relies on”), and how it could have been prevented, ideally using techniques we have covered in class. Include any relevant links to the news coverage, and ideally any underlying technical details (e.g., the revelant entry in a CVE database). Plagiarizing in your post (e.g., by copying text from online news sources without attribution) or using an AI assistant to write the summary for you will be treated as an academic integrity issue. We reserve the right to ask you about the content of your post to confirm that you have read and understood the material. Be sure to tag you post with the “News” folder. A good news post will be worth 10 homework points, which will be added to your overall homework score.

To spread these out during the semester, bonus credit will only be given for the first 10 news posts in any given calendar week (i.e., Monday-Sunday), and only during the regular lecture portion of the semester (i.e., not during finals period). Hence, we encourage you to post early on, so that you are not shut out at the end of the semester.

Readings

Most lectures will be accompanied by optional and required readings. Optional readings provide further depth and/or explanation which can be quite helpful for improving your understanding or approaching certain homework questions, but the material in optional readings will not be required for exams. Each class with a required reading will be accompanied by a “quiz” on Canvas. The “quiz” will ask you to summarize the key points of the reading and report on any aspects you found confusing. To ensure we can respond to such confusion during lecture, the “quiz” will be due a few hours before the corresponding lecture. Late answers will not be accepted nor can late days be used. Providing reasonable answers to both questions on the quiz will be worth 2 points. Scores from quiz responses will be considered as part of your homework score. To account for the vicissitudes of life, we will drop your two lowest reading scores.

Resources

Many of the lecture slides rely on PowerPoint animation to better convey the concepts. Hence, when reviewing the slides at a later point, they work best if you actually click through the presentation, instead of just looking at the slides statically. CMU provides you with a free, downloadable copy of PowerPoint. If you run into trouble with that, you can also use PowerPoint in a virtual machine, or via Virtual Andrew. You can also view them via a free online viewer or mobile app.

Before each lecture, we provide you with a lecture guide (see the lecture schedule for links). These include a variety of questions you should be able to answer by the end of the lecture. The notes are not a substitute for attending lecture; they are merely intended to help you focus on important topics that the lecture will cover. Note that material that does not appear in the lecture notes is still fair game for homeworks and exams.

Late Days

Late days interfere with the ability of course staff to quickly turn around assignment grades and solutions, since we cannot give out solutions or graded assignments until everyone has turned in their work. However, we understand that unforseen circumstances may arise. Thus, each student has a budget of three late days for the semester, of which at most one can be used on any single assignment. Once your budget of late days has been used up, no further days will be granted, and late homework will be marked as a zero.

The only exceptions will be for family emergencies and exceptional circumstances, such as hospitalization and longer-term illness. To prevent misuse, requests for such exceptions will need to be documented by emailing the professor and cc’ing your academic advisor. We do not offer exceptions for personal scheduling issues such as interviews, class load, etc.

Ethics, and Cheating

The course staff will treat all students ethically and fairly. We, in turn, expect the same from all students.

Any lapse in ethical behavior will immediately result in −1,000,000 points, as well as be immediately reported to the appropriate university disciplinary unit. Really. No matter what. The course staff looks at students who cheat or plagiarize as far beneath someone who fails the course.

This course will follow CMU’s policy on cheating and plagiarism. Note that the policy gives several examples of what constitutes cheating and plagiarism. If you have any questions, you should contact the instructors.

Students should behave ethically. This means obeying the law, but that is not enough. Behaving ethically means you avoid activities that do harm or may do harm to people, the environment, or other computers. In short, don’t be a nuisance.

Note just because you can do something (or you read about others doing it) does not make it ok. For example, scanning a network may not be illegal (I am not a lawyer, so I shy away from definitive statements). However, scanning can crash computers. For example, we know of several very popular commodity-grade IP cameras that crash when you scan them. Sure, the camera software is buggy. But is there any reason for you, not being a professional, to crash a camera monitoring a baby? Launching exploits, “testing” the security of a system without explicit permission from all necessary parties, and so on are all unethical for the purpose of this course.

Collaboration

Students are encouraged to talk to each other about class concepts. For assignments, assistance should be limited to discussion of the problem and at most sketching general approaches. Each student must turn in his or her own solution, derived from his or her own thoughts. Course staff may verify a student did the prescribed work by asking for a verbal explanation, and failure to correctly re-explain a submitted solution is considered a strong indication of cheating.

Student Outcomes

The ECE department is accredited by ABET to ensure the quality of your education. ABET defines 7 Educational Objectives that are fulfilled by the sum total of all the courses you take. The following list describes which objectives are fulfilled by 18-330 and in what manner they are fulfilled. ABET numbers objectives from 1 to 7. Those objectives not fulfilled by this course have been omitted from the following list.

  1. An ability to identify, formulate, and solve complex engineering problems by applying principles of engineering, science, and mathematics. The course poses many problems (on homework, during exams, and for in-class exercises) for students to formulate and solve using good engineering practice. Students will use mathematical and engineering concepts to identify flaws in software and solve the complex problems necessary to secure it.
  2. An ability to apply engineering design to produce solutions that meet specified needs with consideration of public health, safety, and welfare, as well as global, cultural, social, environmental, and economic factors. Poor computer design and engineering are the root causes of most security vulnerabilities in deployed systems today. As society increasingly relies on software in critical situations, these vulnerabilities translate into threats to safety and economic well being. This course will examine approaches, mechanisms, and tools used to make computer systems more secure.
  3. An ability to communicate effectively with a range of audiences. Students practice their communication skills during team-based exercises in class and recitation, as well as the basic written communication of problem solutions on homework and exams.
  4. An ability to recognize ethical and professional responsibilities in engineering situations and make informed judgments, which must consider the impact of engineering solutions in global, economic, environmental, and societal contexts. As in many engineering domains, designing secure systems involves extensive tradeoffs. Students will learn to assess and weigh these tradeoffs, including the impact they have on end users.
  5. An ability to function effectively on a team whose members together provide leadership, create a collaborative and inclusive environment, establish goals, plan tasks, and meet objectives. Students will work in teams during exercises in lectures and recitations.
  6. An ability to acquire and apply new knowledge as needed, using appropriate learning strategies. In multiple homework assignments, students must analyze new systems, identify vulnerabilities, and develop custom exploits. This requires developing new knowledge, including use of the tools to perform the analysis.

Work Life Balance

Take care of yourself. Do your best to maintain a healthy lifestyle this semester by eating well, exercising, avoiding drugs and alcohol, getting enough sleep and taking some time to relax. This will help you achieve your goals and cope with stress.

All of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful.

If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. Counseling and Psychological Services (CaPS) is here to help: call 412-268-2922 and visit their website. Consider reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.

If you have questions about this or your coursework, please let us know.

Commitment to Diversity

Every individual must be treated with respect. The ways we are diverse are many and are critical to excellence and an inclusive community. They include but are not limited to: race, color, national origin, sex, disability, age, sexual orientation, gender identity, religion, creed, ancestry, belief, veteran status, or genetic information. We at CMU, will work to promote diversity, equity and inclusion because it is just and necessary for innovation. Therefore, while we are imperfect, we will work inside and outside of our classrooms, to increase our commitment to build and sustain a community that embraces these values.

It is the responsibility of each of us to create a safer and more inclusive environment. Bias incidents, whether intentional or unintentional in their occurrence, contribute to creating an unwelcoming environment for individuals and groups at the university. If you experience or observe unfair or hostile treatment on the basis of identity, we encourage you to speak out for justice and support in the moment and and/or share your experience anonymously using the following resources:

All reports will be acknowledged, documented and a determination will be made regarding a course of action. All experiences shared will be used to transform the campus climate.