| Instructors | Ian Goldberg | Diogo Barradas |
| Office Hours (online) |
Mondays 3:30–4:30 pm or by appointment |
Thursdays 2:00–3:00 pm or by appointment |
| iang@uwaterloo.ca | diogo.barradas@uwaterloo.ca | |
| Lectures |
Section 1: Mon,Wed 10:00–11:20 am, MC 2034 Section 2: Mon,Wed 1:00–2:20 pm, MC 1056 |
|
| LEARN | Course site on LEARN | |
| Piazza | Course page on Piazza | |
This syllabus is a guideline for the course and not a contract. As such, its terms may be altered when doing so is, in the opinion of the instructor(s), in the best interests of the class.
Because we cannot predict what COVID will do and how the university will react, we are committing to making the course definitely available remotely the whole term no matter what. You will not be required to be in any particular place for this course; there will be no in-person exams, and lecture content will be both livestreamed and recorded so as to not encourage anyone to come to class while potentially sick.
If we're in a place where courses are offered remotely again, then that will be the only delivery mechanism; otherwise, we'll be livestreaming the course in Bongo from the classroom, so if you really really want to watch the instructors sit in front of a computer streaming the lecture, you are technically allowed to do so. We expect most students will participate online, and we encourage you to participate synchronously (joining the Bongo room live, as opposed to watching the recordings later).
Office hours will also be held online.
This course provides an introduction to security and privacy issues in various aspects of computing, including programs, operating systems, networks, databases, and Internet applications. It examines causes of security and privacy breaches, and gives methods to help prevent them.
Students completing this course should be better able to produce programs that can defend against active attacks, and not just against random bugs.
Third or fourth year CS students (CS 458), or first year CS graduate students (CS 658)
CS 350 (Operating Systems). Familiarity with C.
Grades will be calculated as follows for undergraduate students:
Assignments: The three assignments contain both written and programming exercises and cover the new material in the course since the previous assignment.
Please start working on the assignments in advance of the deadlines. To motivate you to do so, we may require you to submit milestones for some or all of them.
Late submissions for Assignments 1, 2, or 3 will be accepted only up to 48 hours after the original due date. There is no penalty for accepted late submissions. Assignments can be submitted multiple times, and the last one will be used for marking. Course personnel will not normally give assistance for assignments after their original due dates.
The 48 hours grace period does not apply to the due dates for the self-tests, blog task (sign-up, publishing, comments), the final assessment, or the CS 658 proposal and research survey paper; no lates will be accepted for them.
You must notify your instructor(s) well before the due date of any severe, long-lasting problems that prevent you from completing an assignment on time.
Assignments 1, 2, and 3 are due at 3:00 pm Eastern Time on their respective due dates. These assignments are to be submitted electronically with the "submit" command, see the 'Course Mechanics' section below. Assignments submitted by other means will not be accepted. Assignment 1, 2, and 3 comments and marks will be returned using infodist. Again, see the 'course mechanics' section below.
The final assessment will be available from 8 am on Aug 2, until 5 pm on Aug 3, on Crowdmark. You must submit your responses within 2.5 hours of accessing the assessment, but not later than 5 pm on Aug 3. The final assessment is written-only (no programming) but covers material from the whole term. There will be no assistance from course staff for the final assessment. If your score in the final assessment is below 50%, you cannot pass the course.
Self-tests: Self-tests are meant to help you keep up with the material, that is, to assess and improve your understanding of basic concepts. You can attempt each self-test as often as you like during its availability period; your last grade on each self-test will be the one recorded (although course personnel can see every attempt). The availability and deadline information will be posted on LEARN. Late self-tests cannot be made up for any reason, including students signing up for the class late. (Students who join the class on or after the due date of the first self-test will instead be excused from that particular self-test.) Again, the 48 hours grace period does not apply to the due dates for the self-tests.
Blog task: The blog task is intended to acquaint students with the latest developments in computer security and privacy. You will need to sign up on infodist (see 'Course mechanics' below) for a week to publish your blog post, by the blog task scheduling deadline (see LEARN). Late blog post submissions will not be awarded any marks. Please go through the link above for the blog task description and grading rubric.
Students registered in CS 658 must write a research survey paper on a topic related to computer security or privacy. You should read Keshav's How to Read a Paper to efficiently read a paper and conduct a literature survey. In writing your paper, you must become familiar with the research literature relevant to your topic. Your focus should be on academic venues, such as the USENIX Security Symposium , ACM CCS, IEEE Symposium on Security and Privacy, Privacy Enhancing Technologies Symposium (PETS) or the NDSS Symposium. You should email your topic, proposal, and paper to the instructors.
If you have an assignment that you would like to have reappraised, please follow the instructions given on Piazza to submit your request. Include a clear justification for your claims. The appeals deadline is one week after the respective graded item is first made available. Note that for the final assessment, the entire assessment will be remarked, and the assigned grade may go up or down as a result. If your appeal is concerned with a simple calculation error, please see the TA(s) during their office hours.
Paul van Oorschot, Computer Security and the Internet: Tools and Jewels, 2nd edition, Springer, 2021, ISBN: 978-3-030-83410-4 (hardcopy), 978-3-030-83411-1 (eBook) https://people.scs.carleton.ca/~paulv/toolsjewels.html
This text book is freely available for download from the author's web page.
Charles P. Pfleeger, Shari Lawrence Pfleeger, and Jonathan Margulies, Security in Computing, 5th edition, Prentice-Hall, 2015, ISBN 0-13-408504-3 http://www.informit.com/store/security-in-computing-9780134085043
Additional readings will be assigned, and will appear on the course website; readings marked as mandatory contain required material for the course. You must read these mandatory readings; those marked before class must be read before the date of the corresponding lecture.
It is your responsibility to keep up with all course-related information posted to LEARN, the course Piazza site, and the course website.
Piazza: Please direct all communication to the discussion forums in Piazza. This includes questions on materials in lectures, assignments, and general logistics.
Etiquette:
Email: Important course information will generally be posted to LEARN, but may also be sent to your uwaterloo.ca email address. For personal matters, such as an illness, please email the instructors directly. We will only reply back to email from your uwaterloo.ca email address, for privacy rules.
In this course, you will be exposed to information about security problems and vulnerabilities with computing systems and networks. To be clear, you are not to use this or any other similar information to test the security of, break into, compromise, or otherwise attack, any system or network without the express consent of the owner. In particular, you will comply with all applicable laws and UW policies, including, but not limited to, the following:
Violations will be treated severely, and with zero tolerance.
Students are encouraged to talk to one another, to the TAs, to the instructor(s), or to anyone else about any of the assignments. Any assistance, though, must be limited to discussion of the problem and sketching general approaches to a solution. Each student must write his or her own solutions, including code and documentation if appropriate, for the assignments. Consulting another student's solution is prohibited, and submitted solutions may not be copied from any source. In particular, submitting assignments copied in whole or in part from assignment submissions to a previous offering of this course, or from any offering of any other course, is forbidden, even if a student is resubmitting his or her own work. These and any other forms of collaboration on assignments constitute cheating. If you have any questions about whether some activity constitutes cheating, please ask the instructor(s).
Avoiding Academic Offenses: Most students are unaware of the line between acceptable and unacceptable academic behaviour, especially when discussing assignments with classmates and using the work of other students. For information on commonly misunderstood academic offenses and how to avoid them, students should refer to the Faculty of Mathematics Academic Integrity site.
The general University policy:
Academic Integrity: In order to maintain a culture of academic integrity, members of the University of Waterloo community are expected to promote honesty, trust, fairness, respect and responsibility. [Check the Office of Academic Integrity for more information.]
Grievance: A student who believes that a decision affecting some aspect of their university life has been unfair or unreasonable may have grounds for initiating a grievance. Read Policy 70, Student Petitions and Grievances, Section 4. When in doubt, please be certain to contact the department’s administrative assistant who will provide further assistance.
Discipline: A student is expected to know what constitutes academic integrity to avoid committing an academic offence, and to take responsibility for their actions. [Check the Office of Academic Integrity for more information.] A student who is unsure whether an action constitutes an offence, or who needs help in learning how to avoid offences (e.g., plagiarism, cheating) or about “rules” for group work/collaboration should seek guidance from the course instructor, academic advisor, or the undergraduate associate dean. For information on categories of offences and types of penalties, students should refer to Policy 71, Student Discipline. For typical penalties, check Guidelines for the Assessment of Penalties.
Appeals: A decision made or penalty imposed under Policy 70, Student Petitions and Grievances (other than a petition) or Policy 71, Student Discipline may be appealed if there is a ground. A student who believes they have a ground for an appeal should refer to Policy 72, Student Appeals.
It is our intent that students from all diverse backgrounds and perspectives be well served by this course, and that students’ learning needs be addressed both in and out of class. We recognize the immense value of the diversity in identities, perspectives, and contributions that students bring, and the benefit it has on our educational environment. Your suggestions are encouraged and appreciated. Please let us know ways to improve the effectiveness of the course for you personally or for other students or student groups. In particular:
AccessAbility Services, located in Needles Hall North, Room 1401, collaborates with all academic departments to arrange appropriate accommodations for students with disabilities without compromising the academic integrity of the curriculum. If you require academic accommodations to lessen the impact of your disability, please register with AccessAbility at the beginning of each academic term.
The Faculty of Math encourages students to seek out mental health support if needed.
On-campus Resources:
Off-campus Resources:
We acknowledge that we live and work on the traditional territory of the Attawandaron (Neutral), Anishinaabeg, and Haudenosaunee peoples. The University of Waterloo is situated on the Haldimand Tract, the land promised to the Six Nations that includes ten kilometres on each side of the Grand River.