CS440X B09: Software Security Engineering Assignments

CS 440X (B09): Software Security Engineering
Assignments and Grading

Course grades will be based on homeworks, projects, and class participation using the following weights. There will be no exams.

Exploiting/Patching Projects: 40% (20% each)
Course Project: 25%
Case Study Presentation: 15%
Case Study Analysis: 15%
Participation: 5%

Assignments

Details on assignments will be posted when term starts

Project 1: Turnout-Web -- Three due dates starting Tuesday, November 3

Project 2: Turnout-C -- Three due dates starting Tuesday, November 17

Course Project

The class project is to implement a web-based social network with auction site. Three due dates starting Thursday, December 3.

Case Studies

During the term, we will explore 15 security-related domains or tools, attempting to understand both the technical and social security issues in each. You are required to work on two of these topics: you will present one to the class (working with another student) and provide a written critique of the presentation given on the other.

The topics vary: some study languages or tools that guard against security problems, some look at modern security problems, some study problems with nontrivial security implications. Precisely two students will present on each topic. The topic list is on the course wiki within myWPI. Edit the wiki page to sign up to present. You do not need to sign up for your second (critique) topic at this time.

Expectations for presentations and critiques (including starting references)

Student-driven Participation

This is a very hands-on class, with less formal lecturing than you are probably used to. You will be experimenting with breaking and patching code, learning about best practices in security, and exploring security-related questions and tools. I expect you to actively participate in learning and sharing material with other students though in-class presentations, in-class discussions, wiki postings, and the discussion board.

Sample actions you can take to earn participation credit (feel free to propose others):

Participate in class discussions
Post a review of a security-related current event to the wiki.
Engage in discussion of other students' reviews on the wiki/DB.
Post links to interesting new content to the wiki/DB

Participation credit will be earned based on both the effort required and the quality of your work. For example, commenting on someone else's review is worth less than writing the original review. A poorly-written review, or a review that you essentially copied from the web is worth less than a thoughtful review that frames the issue against the themes raised in the course (a review plagiarized from the web runs you afoul of the academic honesty policy).

The participation system is designed to let you focus on topics within software security and communication styles that are most important to you. Overall, I want you to demonstrate self-driven learning and conveying material to others. Both are essential when you work as part of a team learning a new area.