CS 4401 (A10): Software Security Engineering
Assignments and Grading

Home | Staff | Syllabus | Assignments | MyWPI | Policies

Course grades will be based on projects/assignments, presentations, and class participation using the following weights:

There are no exams.

Assignments

Project 1: Turnout-Web – Three due dates starting Thursday, September 2

Project 2: AdSafe – Two due dates starting Thursday, September 16

Project 3: Crypto Protocols – Due Thursday, September 30

BS/MS Assignment (only for those seeking BS/MS credit): Evaluating PCI – Due Tuesday, Oct 26 (start of B-term)

Project 4: Turnout-C -- Three due dates starting Tuesday, October 5

Presentations/Case Studies

During the term, we will explore 16 security-related domains or tools, attempting to understand both the technical and social security issues in each. You are required to work on two of these topics: you will present one to the class (working with another student) and provide a written critique of the presentation given on the other.

The topics vary: some study languages or tools that guard against security problems, some look at modern security problems, some study problems with nontrivial security implications. Precisely two students will present on each topic. The topic list is on the course wiki within myWPI. Edit the wiki page to sign up to present. You do not need to sign up for your second (critique) topic at this time.

Expectations for presentations and critiques (including starting references)

Student-driven Participation

This is a very hands-on class, with less formal lecturing than you are probably used to. You will be experimenting with breaking and patching code, learning about best practices in security, and exploring security-related questions and tools. I expect you to actively participate in learning and sharing material with other students though in-class presentations, in-class discussions, wiki postings, and the discussion board.

Sample actions you can take to earn participation credit (feel free to propose others):

Participation credit will be earned based on both the effort required and the quality of your work. For example, commenting on someone else's review is worth less than writing the original review. A poorly-written review, or a review that you essentially copied from the web is worth less than a thoughtful review that frames the issue against the themes raised in the course (a review plagiarized from the web runs you afoul of the academic honesty policy).

The participation system is designed to let you focus on topics within software security and communication styles that are most important to you. Overall, I want you to demonstrate self-driven learning and conveying material to others. Both are essential when you work as part of a team learning a new area.