CS 5430 discusses security for computers and networked information systems. It focuses on principles and techniques for implementing military as well as commercial-grade secure systems. The practicum, CS 5431, sits at the intersection of computer security and software engineering. It is designed to give students practical experience with building and securing a software system.

Prerequisites: For CS 5430, you need to have a broad understanding of organization and programming of computer systems. Students who have taken a senior-level systems course, such as Cornell's CS 4410 and its transitive prerequisites, should be well positioned to take CS 5430. Knowledge of operating systems, computer networks, and cryptography will be helpful. Assignments might require the use of standard tools and languages such as C, Unix, web servers, etc. You either need to be familiar with these technologies or to be committed to investing extra time to learn them as you go. (Part of becoming a professional computer scientist is learning to adapt quickly to new technologies.)

For CS 5431, the foremost prerequisite is that you need to be a programmer. Students who are not already accomplished in a modern high level language will not be equipped to succeed in the practicum. In previous semesters, projects averaged about 5,000 lines of code, with individual students typically contributing around 2,000–2,500 lines of code.

Lectures

Lectures take place on Mondays, Wednesdays, and/or Fridays 10:10-11:25 in Gates Hall G01. This class meets on average twice a week. See the schedule for details.

Practicum

Students in the practicum (CS 5431) will gain additional practical knowledge of security through a semester-long team software development project. The practicum will include additional meeting in Hollister 401 on intermittent Fridays, during which you will demo your projects.

Students enrolled in CS 5431 must also be enrolled in CS 5430.

Instructor

Eleanor Birrell Eleanor Birrell
eleanor@cs.cornell.edu
462 Gates
Office hours Wednesdays 2pm-4pm and by appointment.

She is generally in her office most afternoons when she is in town, so feel free to drop by with quick questions or just to say hi.

TAs

Ethan Cecchetti Ethan Cecchetti
ethan@cs.cornell.edu
440 Gates
Office hours Mondays, 2-4pm in Gates 440.
Zhi Wei Louise Lee Louise Lee


Office hours Mondays, 11:30-1pm in Rhodes 572.
Ruixin Ng Ruixin Ng


Office hours Thursdays, 3-4:30pm in Rhodes 572.
William Ronchetti William Ronchetti


Office hours Sundays, 2-4pm in Rhodes 572.

Assignments

There will be six homework assignments in CS 5430. They may include written problems and programming problems. Assignments in this course are deliberately underspecified, open-ended, and motivated by problems that arise in the real world—messy as it is—as is consistent with the upper-level, professional, and practical orientation of this course. You will have to think on your own, build tools, refine problem specifications, make reasonable and defensible assumptions, and be creative. Success in this course, as in life, depends heavily on you figuring out what's important and concentrating on that.

Extensions will be granted only in exceptional circumstances, such as documented illness. If you believe such a case applies, contact Prof. Birrell. Extensions will not be granted for job interviews, large workloads in other courses, or extra-curriculars.

Unless otherwise specified, assignments may be turned in after the deadline with the following penalty applied to the score received:

  • 1 day late (i.e., immediately after the deadline up to 24 hours later): −10%
  • 2 days late: −25%
  • 3 days late: −50%
  • 3 days late: −100% (we won't grade it)

Exams

There will be no preliminary exams.

The final exam will be held on Saturday, May 19 from 9:00-11:30AM in Gates Hall G01. It will cover all material taught in class this semester.
The exam will focus on concepts, not memorization. You may bring 2 pages of written notes to the exam. Notes must be hard-copies (you may not use a computer during the exam) and must be your own work (no printing out course materials). They may be handwritten, typed, double-sided, tiny font size, etc. Whatever you prefer.

Last year's exam and solution are available on CMS. Be aware that I did not teach this course last year, so question style and content might vary.

Grades

We expect the breakdown for the overall course grade in CS 5430 to be as follows:

Assignments: 66%
Final exam: 32%
Other factors: 2%

We expect the breakdown for the overall course grade in CS 5431 to be as follows:

Project: 98%
Other factors: 2%

Assignments in CS 5430 are weighted equally, and your lowest assignment score will be dropped. However, you must make a resonable attempt on all assignments; you may not just skip one of the assignments. Other factors includes submission of course evaluations, participation on Piazza, and participation in any CMS surveys we might hold.

Sometimes students ask whether the final grade is curved. The answer is that it depends on what you mean by "curved." We do not give out a fixed percentage of A's, B's, etc. In fact, we'd be happy if everyone in the course learned the material well enough to get A's. Historically that has not happened, though, and the median grade in the course has been between B+ and A-.

Regrades

Regrades are intended to correct serious errors in grading, not to dispute judgment calls made by graders. Do feel free to meet with the course staff if you cannot understand the written comments the grader provided on your solution. But the grade on your solution and/or changes to the grade are "out of bounds" topics for discussion at that meeting, with one exception: grading mistakes of a purely arithmetic nature (e.g., the grader wrote that they were deducting 5 points but entered a deduction of 6 into CMS) can be fixed on the spot, without needing to follow the process below.

If you decide that a serious mistake was made in grading your assignment, then we would be happy to fix it. Prepare a written regrade request by filling out this regrade request form. Attach hardcopies of your entire original solution and the entire grading comments. Your request needs to demonstrate that there was an error in grading, and that you understand the correct answer. Then submit that request to the instructor. Be aware that any regrade request may result in rechecking your entire submission, and that often leads to a grade reduction.

The deadline for submitting a regrade request is one week after you receive the original grade. Requests submitted after that will be denied without consideration of their merits.

Academic Integrity

Absolute integrity is expected of every Cornell student in all academic undertakings. If you are unsure about what is permissible and what is not, please ask.

You are responsible for understanding these university, departmental, and course policies:

Integrity includes you being honest about the sources of the work you submit. When you submit work in this course, you are representing it as the work of the stated authors (i.e., the members of the CMS group who submitted it) subject to any exceptions that are clearly stated in the submission itself. To avoid committing plagiarism, simply be sure always to accurately credit your sources. To do otherwise is to commit fraud by claiming credit for the ideas and efforts of others, and that is punishable under the Code of Academic Integrity.

Grades, on the other hand, are about the course staff assessing what you have learned. If you turn in someone else's work for course credit, and forthrightly acknowledge you are doing so, you are not acting dishonestly and are not violating academic integrity. But you also give us no basis for concluding that you have learned the course content. We recommend the following rule of thumb: Never look at any other students' solutions, or have their solutions in your possession, in any portion or form whatsoever. Also never share your solutions with other students.