Assignments and labs will be posted on this page throughout the quarter. All dates are tentative until the assignment/lab is officially posted.
We will use Gradescope "quizzes" to support in-class activities in every lecture. These form the basis of your participation grade. We will not count in-class activities during the first week of class while enrollment stabilizes.
You are required to complete all activities. We expect that you complete these activities during class, from the lecture room. However, we will accept submissions for up to half of the in-class activities a week late, to allow for illness/etc. You do not need to request an extension for these, just submit late!
You don't need to write essays here, and you don't even need to get the answer right (though you should learn the right answer from the lecture/discussion). Grading is on the basis of "did the submission attempt to answer the question?" Submissions that are unrelated to the question or say "I don't know" will not receive credit.
If you run into technical or other difficulties, please let us know!
Unless otherwise specified, submit labs through Gradescope. We will assume you are using late days unless you tell us otherwise.
Lab 1 is about binary exploitation. You'll need to read some C code, use gdb, and write a series of exploits!
Lab 2 is all about web application security. You'll need to write a small amount of PHP and JavaScript.
The final project will combine aspects of the labs and homeworks and require you to identify vulnerabilties, evaluate their severity, and patch them. It is split into 3 parts, with part A designed to introduce you to the code you'll be examining with more guidance than parts B and C.
A core part of the course is reading, summarizing, and discussing research papers on computer security and privacy topics. For each week, we will have one paper assigned as required reading, with a writeup due before each class. During class we will have a discussion period where you will talk about questions you had while reading the paper.
What to submit for your summary:Each security reading review should cover the following material in full sentences (not just bullets.) The summarization components are welcome to be succinct, but should capture all relevant points.:
You must submit evaluations as a PDF file. You should upload the evaluations to gradescope. Your evaluation for each reading should be between 1 and 1.5 pages (450-700 words), be single-spaced, use 12pt font, and have at least 1 inch margins. (It's okay for the metadata (name, date, paper title) to be outside the margins, e.g., in the header of the page.) For the sake of your TAs' eyes :) please stick to 12pt font. (Longer than 700 words is acceptable, but please don't aim to fill two whole pages.)
You are welcome to, and in fact encouraged to, discuss the papers with other students in the class or the course instructors. However, you must write the evaluations on your own.
Some note about reading papers and writing about them:You can find one version of advice on how to read a CS research paper here. You are also welcome to come discuss the reading process or the papers themselves with the course staff.
Looking for more to read? Most of our papers are from the top computer security and privacy conferences like USENIX Security [2020, 2021, 2022] or IEEE Security and Privacy (aka Oakland) [2020, 2021, 2022] or ACM Conference on Computer and Communications Security (CCS) [2021, 2022, 2023] Non-security-centric conferences also will often have security-centric papers.