A list of deliverables and dates is below. Some details (e.g., dates, or what we ask for) are subject to change as the quarter progresses. We will provide finalized instructions in class.
All assignments are to be done in groups unless otherwise noted. It is sufficient for one group member to submit via Catalyst; please note the names and UW Net IDs of all group members in your submission.
Please submit your files to this Dropbox: https://catalyst.uw.edu/collectit/dropbox/franzi/39445
Name: Project proposal
Type: Slides/Presentation
Deadline: Jan 4, 12pm
Percent of Total Grade: 1% (for slides and in-class presentation)
Before the first class, please prepare (individually, not in groups) a one-slide pitch for a possible project.
Sample projects include: password manager, secure email or messaging client, secure escrow for passwords in case of emergencies, mobile money application, web shopping cart, electronic voting system, two-factor authentication system, fake news detector.
You may use the above list as inspiration, and your idea does not need to be original -- that is, it can be a better version of something that already exists (e.g., secure email client). It should be something that you're excited about building and that has a non-trivial need for security.
Name: Group selection and tentative project plan
Type: In Class
Deadline: Jan 4, 5pm
Percent of Total Grade: 1%
Submit via Catalyst: (1) List of people in your group, and (2) Short description (one sentence to one paragraph) of your tentative project.
Name: Draft of Section 2-4
Type: Design Doc
Deadline: Jan 11, 12pm
Percent of Total Grade: 2.5%
See the design doc template for more details. This is a draft and does not need to be fully polished. These draft documents will be shared with other groups so that they can complete the threat modeling assignment for the following week.
Name: Presentation of Sections 2-4 of design doc
Type: Slides/Presentation
Deadline: Jan 11, 12pm
Percent of Total Grade: 1% (for slides and in-class presentation)
The slide deck should be short, not just a re-hash of what's in the document. Target a 10 minute presentation with 5 minutes for Q&A. These slides will be shared with other groups so that they can complete the threat modeling assignment for the following week.
Name: Implementation plan and git setup
Type: Implementation
Deadline: Jan 18, 12pm
Percent of Total Grade: 1.75%
(1) Submit a 1-2 page document containing a preliminary implementation plan. Includes planned time schedule and people assignments for different components of the project. The planned time schedule should note which portions (if any) of the implementation have already been completed.
(2) Get your gitlab setup working, do test comments. Please give the instructors access to the repository.
Name: Threat model analysis of other projects
Type: Peer Analysis
Deadline: Jan 18, 12pm
Percent of Total Grade: 5%
Document containing threat model analysis for each other group’s project (based on their draft documents and the slides that they presented last week). Please use the template provided here.
Name: Presentation of peer threat model analysis
Type: Slides/Presentation
Deadline: Jan 18, 12pm
Percent of Total Grade: 1% (for slides and in-class presentation)
Prepare ~1 slide for each other group’s project, summarizing your threat model analysis of that project. Target about 2 minutes per slide to present.
Name: Threat model reflection
Type: In Class
Deadline: Jan 18, 5pm
Percent of Total Grade: 2%
This reflection should be a ~1 page written summary of the feedback you received from other groups, which (if any) new threats arose that you hadn’t already thought of, and what you found valuable about the peer threat modeling process.
Name: Revisions to Sections 2-4
Type: Design Doc
Deadline: Jan 25, 12pm
Percent of Total Grade: 5%
Revisions to these sections of the design doc based on the peer threat modeling process of the previous weeks.
Name: Summary of implementation accomplishments so far
Type: Implementation
Deadline: Jan 25, 12pm
Percent of Total Grade: 1.75%
Submit a summary (~1 page, based on your implementation plan) of what you have accomplished up until now. If your recent efforts have been more focused on design than implementation, that is fine -- please just explain what you've been working on.
Name: Summary of work done during class time, and updated implementation plan
Type: Implementation
Deadline: Jan 25, 5pm
Percent of Total Grade: 1.75%
Today’s class is a work day. After class, please submit two documents to the Catalyst dropbox: (1) a (~1-paragraph) summary of what you did during the class period and (2) a revised implementation plan taking into account the progress you have made so far.
Name: Short update presentation #1
Type: Slides/Presentation
Deadline: Feb 1, 12pm
Percent of Total Grade: 1% (for slides and in-class presentation)
Prepare 1-2 slides updating us on your implementation progress, new problems/challenges encountered, design changes made, and any changes to the implementation plan/timeline. Target a 5-10 minute presentations with 5 minutes for Q&A or discussion.
Name: Draft of Section 5
Type: Design Doc
Deadline: Feb 8, 12pm
Percent of Total Grade: 5%
See the design doc template for more details.
Name: Demo presentation
Type: Slides/Presentation
Deadline: Feb 8, 12pm
Percent of Total Grade: 4% (for slides and in-class presentation)
At this point, you should have completed your preliminary implementation to the point of being able to give a demo (live or video) in class.
Name: Draft of Section 6.1
Type: Design Doc
Deadline: Feb 15, 12pm
Percent of Total Grade: 5%
See the design doc template for more details.
Name: Code prepared to share with analysis team
Type: Implementation
Deadline: Feb 15, 12pm
Percent of Total Grade: 10.5%
You should have code, documentation, and a test environment ready to hand off to another team that will be doing a security analysis of your project. Please submit a short document explaining to the other team where to get your code and how to run it. (This document can be a copy of, or heavily based on, Section 5.1 of your design doc.)
Name: Peer analysis doc + issues noted via gitlab
Type: Peer Analysis
Deadline: Feb 22, 12pm
Percent of Total Grade: 10%
Use this template for a peer security analysis document. Please also open issues on the project’s gitlab repository for anything that you identify through your analysis.
Name: Presentation of peer analysis
Type: Slides/Presentation
Deadline: Feb 22, 12pm
Percent of Total Grade: 1% (for slides and in-class presentation)
Prepare a 10 minute presentation summarizing the security analysis you’ve done of another group’s project. Target a 10 minute presentations with 5 minutes for Q&A or discussion.
Name: Peer security analysis reflection
Type: In Class
Deadline: Feb 22, 5pm
Percent of Total Grade: 2%
Submit a ~1 page document summarizing the issues found by the other group’s analysis of your project. Include a prioritization of those issues and assignments to team members to address them.
Name: Short update presentation #2
Type: Slides/Presentation
Deadline: Mar 1, 12pm
Percent of Total Grade: 1% (for slides and in-class presentation)
Please prepare a small number of slide(s) updating us on your progress, what you’ve fixed, and any challenges you’ve faced. Target a 5-10 minute presentation with 5 minutes for Q&A or discussion.
Name: Issues addressed and updated in gitlab
Type: Implementation
Deadline: Mar 8, 12pm
Percent of Total Grade: 8.75%
Address as many of the security issues raised by the peer analysis as you can, or explain why you have explicitly chosen not to address some of these issues. Use gitlab issues to ask for more details from the analysis team if necessary, and to track your progress. Describe your work in Section 6.2 of the design doc. (NOTE: CHECK FOR UPDATED TEMPLATE.)
Name: Final presentation
Type: Slides/Presentation
Deadline: Mar 8, 12pm
Percent of Total Grade: 5% (for slides and in-class presentation)
Final presentations should include a summary of the whole design, testing, and fixing process, as well as a live or video demo of your final product. Target a 20 minute presentation with 5 minutes for Q&A or discussion.
Name: Finished design doc (Sections 1, 6.3 are new)
Type: Design Doc
Deadline: Mar 15, 11:59pm
Percent of Total Grade: 7.5%
See the design doc template for more details.
Name: Finished code + test environment
Type: Implementations
Deadline: Mar 15, 11:59pm
Percent of Total Grade: 10.5%
Complete all git commits to your project code, documentation, and test environment. We should be able to clone and run your project.
Name: Final reflection
Type: Misc
Deadline: Mar 15, 11:59pm
Percent of Total Grade: 3%
Individually, not in groups, submit a final reflection. This reflection should include:
(1) Notes on other presentations: suggestions for improvement if the project were to continue,
(2) Notes on own project: what would you still do if the project were to continue, and
(3) Reflections on the overall process: what worked well, didn’t work work, would you do differently next time.
Name: Summary of individual contribution
Type: Misc
Deadline: Mar 15, 11:59pm
Percent of Total Grade: 2%
Individually, not in groups, submit a ~1 page summary of your individual contribution to your group’s project.