CSE 564 Computer Security and Privacy (Spring 2011)

Course Overview

This is graduate course in computer security and privacy. This is a quals course in the systems area.


Course grades will be assigned as follows:

Schedule (Approximate, Subject to Slight Changes)

Approximate schedule:

Security review deadlines:

Project deadlines:

Program Committee deadlines (for the regular papers, not project reports written by other students in the class):

Program Committee deadlines (for projects reports written by other students in the class):

The CSE 564 Program Committee

Welcome to the CSE 564 Program Committee! We will read, evaluate, and discuss a number of papers in this course. Since one of our key goals is to help prepare you for a research career (whether in security or some other area), we will model the class after a conference program committee. This means that we will assign some (though not all!) of you to review each paper that we plan to discuss in class. After all the assigned reviews are in, the assigned reviewers should skim all the other reviews for the paper. During class we will call on one or more of the reviewers to "present" the paper. We will then have a general discussion about the paper.

The following describes the "program committee" requirements in more detail:

Research Project

There will be a course research project. The goal of the project is to help give you a deeper understanding of how to think about and solve a real research problem from a computer security perspective. A related goal is to help you mature as a researcher, independent of what research area you eventually settle in. We'll talk more about these goals in class.

You may choose a research project related to any area of computer security, including areas not directly covered in this course. A conference-style report for your project is due at the end of the final exam period. You will also give a short presentation during the final week of classes. We will have several milestones along the way, just to make sure everything is going smoothly. Our hope is that the course research project can complement your existing research interests and directions, or start you on a new long-term research direction.

You may work in groups of 2--3 people. You may choose your own groups, or we can form groups for you if you haven't already done so by the deadline below. In rare cases it maybe possible to work in a group of size 1; please contact us if you wish to explore this option (this option is primarily intended for people who are actively exploring a research project with others outside this course, in which case you won't actually be working by yourself -- it just happens to be that you're the only person on the project enrolled in the course).

We strongly encourage you to be ambitious and have fun with your projects. While certainly not required, we suspect that some of the projects will evolve into conference or workshop publications. If you have a project that might require special resources, please contact us as soon as possible.

The following is a more detailed description of the project timeline and requirements:

There are numerous resources on the Internet about how to write a good research paper. If you haven't already read them, you might find the following resources helpful:

The slide deck, the draft reports, the peer reviews, and the final report must be submitted on time in order to be graded; i.e., late slide decks, draft reports, peer reviews, and final reports will receive a zero grade. If you submit other project materials late (proposal, checkpoint), you will be marked down 25% for each day that the material is late. When computing the number of days late, we will round up; so material turned in 1.25 days late will be downgraded 50%.

Security Reviews

Another key goal of this course is to get you to start thinking about the world in a different way -- to develop what we call the "security mindset." Toward this goal, we will have several small assignments (called "security reviews") targeted at getting you to think about security on a regular basis, and in contexts where you might not normally think about security. For more background, we've written a little about the security mindset here: http://cubist.cs.washington.edu/Security/2007/11/22/why-a-computer-security-course-blog/.

Your goal with the security reviews is to evaluate the potential security and privacy issues with new technologies, evaluate the severity of those issues, and discuss how those technologies could potentially address those security and privacy issues.

You are required to submit two security reviews over the course of the quarter. The deadlines appear near the top of this page. The ideal mode of operation is as follows: You might be reading Slashdot or some other news source and see the announcement for a new product or service. You immediately start thinking about the security implications and issues associated with the new technology. You then formalize your thoughts (in the framework described below) and submit your writeup to the Catalyst forum and the Catalyst dropbox.

Each security review should contain:

These security reviews should be short (around 1000 words). The security reviews should be posted to the course's Catalyst forum and a PDF of the review should be uploaded to the Catalyst dropbox.

You work individually or in a group of two people. If you work in a group, then the PDF that you upload to the Catalyst dropbox must include the names and UWNetIDs of both authors on the first page.

Each security review should evaluate a different technology -- your security review should not analyze a technology that was previously analyzed by another security review in this course.

As with parts of your course project, you may submit your security reviews late. However, you will be marked down 25% for each day that the material is late. When computing the number of days late, we will round up; so material turned in 1.25 days late will be downgraded 50%.