CSE 599 G/H (Autumn 2007)

Computer Security and Privacy

Enrollment Options

Course Overview

The following describes the course requirements in more detail:

• Reading the papers

  The goal of this course is to help you prepare for research in computer security, as well as for research in other domains for which there will be a security component. We will therefore read a number of important papers in the field. Reading the papers will help you prepare for the classroom discussions, which in turn will help you contribute to everyone's overall learning experience, including your own. You may skip any appendices.

• Writing evaluations

  To help motivate the classroom discussions, everyone enrolled in the course must submit a short evaluation of each assigned reading. There will be at most two assigned readings per class; if there are two, I generally try to make sure that only one is a full paper. Your evaluations should have the following form:

  • Your name.
  • Paper title and author(s).
  • One-sentence paper summary.
  • The (two) most important new ideas in the paper, and why.
  • One or two ways the paper could be improved, and why.
  • Two important, open research questions on the topic, and why they matter.

  For the last three bullets, the why is very important.

  The evaluations must be submitted by 11am on the day of the class. You may submit evaluations as a text, PDF, or PostScript file. You should upload the evaluations to the online Catalyst system (link below). If you choose to submit a PDF or PostScript file, then your evaluation for each reading must be less than one page long, be single-spaced, use 12pt font, and have at least 1 inch margins; I expect for most paper evaluations to be approximately 1/2 to 3/4 pages long. If you submit a text file, then please be sure that the length of your evaluation corresponds roughly to the above criteria for PDF/PostScript submissions.

  The writing evaluations will be graded on a scale of 0, 1, or 2. For very thoughtful (but still concise, at most one 1-page) evaluations, you may receive a 3.

  I realize that some times are busier for people than others, e.g., right before a conference submission deadline or a midterm in another class. Therefore, you are allowed four free reviews, meaning that you do not have to submit a review for four papers of your choice. However, you are still expected to know the materials in these four papers, so please make sure you eventually read them.

• Participating in class

  One of the best ways to deeply understand a topic is to discuss the topic with others. Therefore, everyone is expected to actively participate in the classroom discussions. You may use your paper evaluations as the basis for discussion, but please do not feel a need to limit your comments to what you wrote in your evaluations. I encourage everyone to ask questions about or offer clarifications for confusing parts of the papers, and to think about the limitations of or possible extensions to the works being discussed. I may also ask individuals to answer specific questions about the assigned readings.

• Project

  Those enrolled in the course for a letter grade (CSE 599 G) will do a course research project. The goal of the project is to help give you a deeper understanding of how to think about and solve a real problem from a computer security perspective. A related goal is to help you mature as a researcher, independent of what research area you eventually settle in. We'll talk more about these goals in class.

  You may choose a research project related to any area of computer security, including areas not directly covered in this course. A conference-style report for your project is due at the beginning of the final exam period (10:30am, 12/13/2007). You will also give a short presentation during the course final exam period. We will have several milestones along the way, just to make sure everything is going smoothly. I also encourage you to just stop by my office and talk with me about your project.

  You may work in groups of 1--3 people. You may choose your own groups, or I can form groups for you if you haven't already done so by the end of the second week of class (10/5/2007).

  I strongly encourage you to be ambitious and have fun with your projects. While certainly not required, I suspect that some of the projects will evolve into conference or workshop publications; if you're interested in exploring such a possibility, please feel free to ask for options and recommendations. Also, if you have a project that might require special resources, please contact me as soon as possible.

  The following is a more detailed description of the project timeline and requirements:

  • Now: Topic selection.
    Start thinking about what kinds of projects interest you and with whom you might like to collaborate. I suggest taking a look at the course schedule and talking with other students about mutual areas of interest. You might also check out this list of sample project ideas. If you would like me to help you find a project that fits your interests, please let me know.
  • 10/5: Group selection (11:59pm)
    Send me the names and email addresses of all the people in your group. If you have not found someone to work with and would prefer not to work in a group of size 1, then please send me a brief summary of your interests and, if at least two people email me with similar interests, I will "arrange" a group for you by 10/8. ("Arrange" is in quotes because I will introduce you to each other, but you are certainly not obliged to stay together as a group.)
  • 10/16: Proposal due (11:59pm)
    Each group will submit a 2--3 page proposal describing the research project that you plan to work on. I expect to see sections on:
    • Problem definition and motivation. What are the goals of your project and why are these goals important?
    • Your approach for addressing the problem that you defined above.
    • How you plan to evaluate your approach.
    • An initial discussion of related work. If appropriate, also explain how your approach is different from existing approaches.
    • A list of milestones and dates.
    If you are proposing a new system, you should briefly describe your threat model. You should submit the proposal as a PDF or PostScript file. Please us the Catalyst system (link below) to upload your project proposal. Each proposal should be single-spaced, with a single column and 12pt font, and have at least 1 inch margins.

  • 11/6: Project checkpoint (11:59pm)
    Upload a short progress report to the Catalyst system. The progress report should explicitly address the milestones established in your original proposal, discuss which milestones you have met, and propose a new set of milestones if it appears that your original milestones are no longer appropriate. (As a side note: don't worry too much if your new milestones are different from your original milestones -- since these are research projects, it's totally natural for milestones to change and research directions to evolve. That said, I do expect to see progress since your original proposal.)

    In your progress reports, you should reflect on what you have accomplished and draw preliminary conclusions from your results. If appropriate, you should also explicitly state any additional experiments or evaluations you may need to perform in order to strengthen your preliminary conclusions or answer open questions left by your preliminary conclusions.

  • 11/29: Draft reports (11:59pm)
    
  Each group should submit a draft of their written report. (See below for what a final report should look like. The draft should be uploaded to the Catalyst system.

  It's OK if you haven't completed your research by now. See the next bullet for why you're turning in a draft two weeks before the final report is due. Your draft should clearly specify what you plan to do over the next two weeks.

  • 12/6: Peer reviews due (11:59pm)
    
  I will plan to read each of your drafts and give you comments. But I will also give your draft to several other students in the class, which means you will also get comments from your peers. Consequently, you will all have the opportunity to read and review drafts from other groups. This process can be very educational unto itself, much akin to a miniature "program committee meeting."

  You will be expected to read the draft reports that I give you (at most three) and write detailed reviews of those papers. You are to upload those reviews to the Catalyst system by 11:59pm on 12/6/2007. The reviews you write should be anonymous (i.e., not include your name or other identifying information).

  I will then collect those reviews and send them to the authors of the relevant reports. There are several reasons we're doing this, but the main goals are to (1) help you (as reviewers) gain more experience in evaluating in-progress (as opposed to completed) research and (2) help everyone improve the quality of their final written report.

  • 12/13: Final report and electronic presentation due (10:30am)
    Each group will submit a short (at most 12 page) written report, as well as a slide deck, to the Catalyst system. Please submit the report and the slide deck as separate PDF or PostScript files. If your report is written in single-column format, then your report should be single-spaced, use 12pt font, and have at least 1 inch margins. If you wish to submit in a two-column format, you may use a 10pt font, but please make sure that if one were to reformat the paper into single-column, 12pt format, the length of the body would be less that 12 pages. You may include an appendix beyond 12 pages, but your paper must be intelligible without it.

    Your report should be structured like a conference paper, meaning that your report should contain a well-motivated introduction, a discussion of related work (with citations), a description of your methodology, a discussion of your results, and so on.

    Everyone should also submit a short summary of their contributions to the project (not required for groups of size 1). This should be at most a page long, and can reference the final report.

  • 12/13: Presentations (10:30am)
    Each group will give a short presentation of their work during the final exam period. All group members should participate in the presentation. The length of the presentations will depend on the number of projects in the course, but I anticipate that each presentation will be 12 to 15 minutes long, and certainly no longer than 20 minutes.

  There are numerous resources on the Internet about how to write a good research paper. If you haven't already read them, you might find the following resources helpful:

  • Advice on Research and Writing
  • Writing Technical Articles
  • Armando's Paper Writing and Presentations Page
  • Mihir Bellare's Collection of Resources

  The peer reviews (12/6) and final report and slide deck (12/13) must be submitted on time in order to be graded; i.e., late peer reviews, final reports, and slide decks will receive a zero grade. If you submit other project materials late (proposal, checkpoint, draft), you will be marked down 25% for each day that the material is late. When computing the number of days late, we will round up; so material turned in 1.25 days late will be downgraded 50%.

  But please be aware of the following: If you do submit your draft written report late, then we will very likely not be able to distribute your draft to peer reviewers and you will not benefit from their reviews when preparing your final written report. (This is in order to be fair to the peer reviewers, who should have as much time as possible to read their assigned papers.) In short, I highly encourage all of you to submit all your materials on time.

Submitting materials and checking grades

To check your grades on your MyUW page:

1. Go to http://myuw.washington.edu.
2. Login with your UW NetID (this is not the same as your CSE NetID in general).
3. At the top of your MyUW page, click "Change Content".
4. On the next page, click "Browse & Choose".
5. On the next page, check the box next to the CSE channel and click "Save".
6. Finally, reload your front page again, and you should see your 599 grades in a new box.

Grading

• 25%: Midterm
• 40%: Project (CSE 599G only)
  • 8%: Proposal
  • 5%: Checkpoint
  • 5%: Draft
  • 12%: Final written report
  • 5%: Slides for final presentation
  • 5%: Oral portion of final presentation
• 20%: Assignments
  • 15%: Reading evaluations
  • 5%: Peer reviews of project drafts
• 15%: Class participation