CSE360: Software Security
||Tue/Thu 9:45 – 11:05|
||Basic understanding of Computer Architecture, Networks, and OS|
There is a mandatory readings for each class. It is your responsibility to read the paper and write a ~400 word critical response.
In the first paragraph:
- State the problem that the paper tries to solve.
- Summarize the main contributions.
In one or more additional paragraphs:
- Evaluate the paper’s strengths and weaknesses.
- Discuss something you would have done differently if you had written the paper.
- Suggest one or more interesting open problems on related topics.
Your most important task is to demonstrate that you’ve read the paper and thought carefully about the topic.
Paper responses are due before the start of class.
Ethics, Law, and University Policies
To defend a system, you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in the class is that you must respect the privacy and property rights of others at all times, or else you will fail the course.
Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. The EFF provides helpful advice on vulnerability reporting and other legal matters. If in doubt, we can refer you to an attorney.
Please review the Divison of Information Technology policies on responsible use of technology resources, as well as the code of student responsibility. As members of the university, you are required to abide by these policies.