This is graduate course in computer security and privacy. This is a quals course in the applications area.
This course has no official prerequisites. In particular, an undergraduate computer security course is not required, though it is permitted to take both CSE 484 (or equivalent) and CSE 564. Students having taken an undergraduate computer security course may find that some material will overlap, but CSE 564 is more focused on cutting-edge research in computer security and privacy.
The course will consist of readings and discussion, a security review assignment, workshopping of projects, and an independent research project. Please see the course schedule for more detailed due dates.
Course grades will be assigned as follows:
Submitting materials. Reading discussion board posts should be submitted to the course Forum (URL TBD). All other materials should be submitted in PDF form to the course Dropbox (URL TBD).
Late policy. Unless otherwise noted, late materials will be marked down 25% for each day that they are late. When computing the number of days late, we will round up; so material turned in 1.25 days late will be downgraded 50%. Reading discussion board posts will receive half-credit if they are submitted after 8am and no credit if they are submitted after class.
Collaboration policy. Reading discussion board posts are to be done individually. Security reviews may be done individually or in groups of two people. Workshopping of projects may be done in groups of 2-3 people. Projects should be done in groups of 2-3 people (please talk with me about possible exceptions). If you work with someone else on any assignment, please include their name and UW NetID on the materials that you turn in.
Checking grades. Grades will be posted to the course Gradebook (URL TBD).
A major part of the course will be a group discussion of the various papers. The goal will be to develop your ability to uncover the broader implications of research papers, develop a historical perspective and an understanding of the context in which security research papers exist, and to bring you to the forefront of computer security and privacy research.
Prior to each class, you must post to the class discussion board about the readings. Your post should contain something original beyond what others have posted (so there is a benefit to posting early). You may post a summary of the paper, an evaluation of its merits, open research questions on the topic, questions you would like to discuss in class, or anything else you find interesting. It is easy to be critical about research, so I encourage every post that contains a criticism to also contain a positive counterperspective, or a positive perspective on some other aspect of the paper.
Discussion board posts must be made by 8am the day of each class. They will be graded on a scale of 0-2, where 0 means "missing", 1 means "adequate", and 2 means "good". Posts will receive half-credit if they are submitted after 8am and no credit if they are submitted after class. Throughout the quarter you may miss posts for four papers of your choice without penalty (note that there are generally two papers assigned per class). However, you are still expected to know the materials in these four papers and to be able to discuss them in class.
In addition, a group of three students will lead the initial discussion of each paper, starting with a short recap of the principal results and the strengths of the paper. We will assign discussion leaders for each class at the first class of the second week of the quarter (after course enrollment fluctuation).
A key goal of this course is to get you to start thinking about the world in a different way -- to develop what we call the "security mindset". Toward this goal, we will have a small assignment called a "security review" targeted at getting you to think about security on a regular basis, and in contexts where you might not normally think about security.
Your goal with the security reviews is to evaluate the potential security and privacy issues with new technologies, evaluate the severity of those issues, and discuss how those technologies could potentially address those security and privacy issues.
The ideal mode of operation is as follows: You might be reading a news source and see the announcement for a new product or service. You immediately start thinking about the security implications and issues associated with the new technology. You then formalize your thoughts (in the framework described below) and submit your writeup to the course Dropbox.
Your security review should contain:
These security reviews should be short (2-3 pages). They should be submitted as PDF files to the course dropbox, with 12pt fonts, in single-column format with 1-inch margins.
You can find some sample security reviews here.
You work individually or in a group of two people. If you work in a group, then the PDF that you upload to the Catalyst dropbox must include the names and UW NetIDs of both authors on the first page.
Late security reviews will be marked down 25% for each day that the material is late. When computing the number of days late, we will round up; so material turned in 1.25 days late will be downgraded 50%.
You should submit
There will be a course research project. The goal of the project is to help give you a deeper understanding of how to think about and solve a real problem from a computer security perspective. A related goal is to help you mature as a researcher, independent of what research area you eventually settle in. We'll talk more about these goals in class.
You may choose a research project related to any area of computer security, including areas not directly covered in this course. A conference-style report for your project is due during the final exam period. You will also give a short presentation during the course final exam period. We will have several milestones along the way, just to make sure everything is going smoothly. Please also feel free to stop by office hours or schedule an appointment to talk with me about your project.
The project will be due in six steps:
(1) Form project groups by 01/12/2018 at 4:30pm: You may work in groups of 2-3 people. You may use the class discussion board to connect with potential group members. In rare cases it maybe possible to work a group of size 1; please contact me if you wish to explore this option. Please submit your project groups to the course staff (the instructor and TA) via email.
(2) Project proposals due by 01/19/2019 at 4:30pm: Each group will submit a 2-3 page project proposal, including a problem definition, motivation, planned approach and evaluation, and a list of milestones and dates. Please feel free to stop by office hours or schedule an appointment to talk about ideas.
(3) Project checkpoints due by 02/09/2018 at 4:30pm: Each group should submit a short (2-3 page) progress report. The progress report should explicitly address the milestones established in your original proposal, discuss which milestones you have met, and propose a new set of milestones if it appears that your original milestones are no longer appropriate. In your progress reports, you should reflect on what you have accomplished and draw preliminary conclusions from your results.
(4) Project draft due by 03/02/2018 at 4:30pm: Each group should submit a draft of their written report. The formatting of the draft report should match that of a final report. (See below for what a final report should look like.) The draft may include placeholders for new results, but should have as complete as possible, including related work.
(5) Projects presentations on 3/12/2018 (between 2:30 and 6pm) (to be confirmed): All group members should participate in the presentation. The length of the presentations will depend on the total number of projects in the course, but I anticipate that each presentation will be 10 to 15 minutes long, and certainly no longer than 20 minutes. You will be asked to attend at least two presentations other than your own.
(6) Final project reports due by 03/12/2018 at 8pm: Each group will submit a short (at most 12 page) written report to the course dropbox. Please submit the report as a PDF file. Your report should be in single-column format, single-spaced, with 12pt font and at least 1 inch margins. Separately, each group member should also submit a short (up to 1 page) summary of their contributions to the project.
All materials should be submitted in PDF form to the course dropbox. You will be marked down 25% for each day that the material is late. When computing the number of days late, we will round up; so material turned in 1.25 days late will be downgraded 50%. The Final presentation and project report cannot be late.
The projects mentioned here may be the same as, or different than, the projects described in the above section. The projects mentioned here may be projects that you are working on for another class, for your own research, or for any other purpose.
The process will be the following: On 01/24/2018, teams will submit their groups for the "Workshopping of Projects". On 01/31/2018, teams will present their projects to the review teams; teams will also submit their presentation materials. On 02/02/2018, the review teams will present their findings and recommendations back to the project teams or the whole class (details TBD based on class size and the number of projects); the teams will also submit their review materials.
These course components cannot be late. The group size here could be 1-3 people.