Project Milestone 5: Final Release

Due: Friday, May 13, 2:00 pm through CMS.
Presentation: Friday, May 13, 2:00–4:30 pm.

Complete a final project sprint and ship your completed system to the course staff.

Submission

Submit the following PDFs:

• Your updated Requirements Document. (Note that you might still have uncompleted system backlog items for your final release; that's a fact of life when it comes to building software systems.)
• Your updated Assurance Document.
• Your slides from your presentation (described below).
• Your final sprint report. (This will, as usual, be a separate assignment in CMS.)

Submit a zip file containing the source of your system. Include a plain text file named "README" in root of your source detailing how to compile and execute your system on our own machines.

Finally, at the time of your presentation, submit two stapled hardcopies of your slides. Either black and white or color is fine. We prefer that you print your slides at a size that is large enough to be easily readable. Around 2 to 4 slides per page is probably good.

Your submission will be evaluated on the quality of your documents, system, and source code; and on the extent to which your system fulfills its purpose, realizes its security goals, and involves the Essential Security Elements. The originality, difficulty, and non-artificiality of your project will also influence the evaluation.

Presentation

Your group will present your completed system to the whole class and course staff on Friday, May 13, 2–4:30 pm. This is the time reserved by the University for the course's final exam. All students are required to be present the entire 2.5 hours. The presentations will take place in Upson 315.

Timeliness is essential. There are five groups, and each group's presentation will last 30 minutes. If any group were to run over, we wouldn't be able to finish. So all time limits will be rigorously enforced.

Plan to use your own laptop to present. The group member in charge of that laptop should (i) plan to arrive early—the room will be open to us at 1:30 pm—to test their laptop with the projector in Upson 315 and (ii) have a backup plan in case, for whatever reason, the laptop and projector will not work together.

Rehearse your presentation well, because quality counts and time is tight. The presentation may be given by one member of your group, or you may "tag team."

Your presentation will proceed in three phases.

Phase 1. You will give an uninterrupted talk of no more than 12 minutes using slides. When it comes to slides, less is more: use short, telegraphic phrases, and use figures instead of text where possible. Your talk should address the following topics:

1. Your group personnel.
2. Your system's purpose and most important functional requirements.
3. Your threat analysis.
4. Your most important security goals.
5. The design of the security of your system, including any trade-offs you made and any shortcomings you're aware of in your final system.
6. Your assurance argument—that is, why we should believe that your system is secure.

Hints: (i) Structure your talk as 6 sections that parallel the 6 topics. (ii) Don't assume knowledge your audience doesn't have—most of your audience has never seen your system before. (iii) Script the talk, so that you know exactly what you plan to say. But bear in mind that no one enjoys a talk in which it sounds like the speaker is simply reading from a script.

Phase 2. You will demo your system. The demo should last no more than 8 minutes. Your audience will be especially unimpressed by any failures that are seen during the demo. We will have two projectors available, which should be helpful for demoing on two laptops simultaneously.

Hints: Enforce a feature freeze well before the demo, so that you can devote sufficient effort to finding and fixing faults. And enforce a code freeze the day before the demo, so that you don't accidentally introduce new faults at the last minute.

Phase 3. We will hold a question and answer session. The audience (including your classmates and the course staff) ask; you answer. Anything about your system is fair game, including requests for you to demo something new about your system. Questions may be directed to any member of your group.

Hint: Get enough sleep the night before. It's really hard to answer questions in front of an audience when you haven't slept.

This presentation will receive a letter grade, unlike previous presentations (which were pass/fail). You will be evaluated on the content and quality of the presentation: your slides and delivery, whether the demo robustly works and illustrates your security functionality, and your performance during the Q&A session. All members of the group will receive the same letter grade for the presentation; however, individual performance during the Q&A will be noted and used in assigning final grades on the completed project, per the project overview.

Final Hints

Back when I was a TA for CS 5430, I wrote some sarcastic advice on how to fail your project, based on mistakes I saw students making year after year. Although the project was organized somewhat differently back then—in particular, there were only two milestones, requirements and implementation—the advice is still relevant.

You should look through it and reflect on whether your system makes any of these mistakes.