Lecturers

Prof Clark Thomborson (Supervisor), <cthombor@cs.auckland.ac.nz>

Prof Jim Goodman, <jgoo052@cs.auckland.ac.nz>

Published prerequisites

Acceptable prerequisites

Scheduled Lecture and Tutorial Times

Lectures: Computer Science Seminar room 303.279, TuWeFr 9-10.

Tutorials: 17 March through 28 May in Computer Science Tutorial room 303.110, Mo 9-10 and We 10-11.

Required Reading

Description

Content

Each student will prepare and deliver an oral presentation based on a published article chosen from a reading list provided by the instructors in the first week of lectures.  There will be two or three different oral presentations (from different students) on each article in the reading list; every student in class is expected to have read the article before the lecture period in which these oral presentations are delivered.  Each student will present a draft of their oral presentation in a tutorial session one week before their scheduled presentation to the class; the instructors will offer constructive comments and suggestions for revision after this draft presentation.

Each student will write a 10-page term paper, which may be based either on additional reading or on practical work undertaken during the term.

Policies on Plagiarism, Direct Quotation, Paraphrase, Academic Writing, and Collaboration

We follow departmental and University policies on academic honesty.  Please see Section 5.6 of the 2003 Undergraduate Handbook for Computer Science (http://www.cs.auckland.ac.nz/handbook/CS-2003-PG-handbook.pdf): "... Plagiarism is the inclusion in your assignment [term paper, project report, or seminar presentation] of material copied or closely paraphrased from someone else's writings (including textbooks and assignments by other students[, and commentary found on the world-wide web]) without an explicit indication of the source of the material.  It is considered to be cheating....  Departmental penalties for plagiarism extend from a zero grade on the assignment to an overall coursework grade of zero.  Formal disciplinary proceedings may also be instituted through the University Disciplinary Committee, which may lead to cancellation of paper credits, suspension or expulsion from the University.  [If you explicitly indicate the source of your direct quotations or close paraphrases, you cannot be accused of plagiarism.  However] submitting someone else's work or ideas is not evidence of your own understanding of the material and cannot earn you marks."

We will discuss plagiarism, quotation, and paraphrase in class lecture, both in the theoretical context of intellectual property and also in the practical context of academic writing for our class assignments.  We will give some general advice on the appropriate use of direct quotation and paraphrase.  We also teach a few other "tricks of the trade" in technical writing, because in prior years we have found that few of our entering students are highly skilled in academic writing.  Students may earn an "A+" in our course, even if they turn in work that has grammatical errors.  We are less lenient on spelling errors, as we expect students to use a spell-checker on their oral presentation slides and term reports.  We will not give a passing grade to a student who shows no ability to use technical terms with precision, spelling these carefully and using them in a way that clearly demonstrates their understanding of software security technology.

We encourage our students to discuss class readings and lecture notes freely with each other, for we believe that any person who asks a carefully-considered question about a technical topic is worthy of respect and assistance.  Any person who forms a careful response to a carefully-considered question is likely to find that they gain a clarity of understanding that they lacked before they formed their response.  Accordingly, we encourage our students to practice their oral presentations with each other, and to give each other feedback freely on what they think is (or isn't) understandable, interesting, relevant or well-structured.  We encourage students to read each other's draft term papers, and offer constructive comments and gentle criticism.  However this feedback must not be so extensive as to deny anyone the chance to "do their own work".  We insist that each student come to their own conclusions about the material they read for this class, and to communicate these conclusions to us in their oral and written work, for this is the basis on which we form our assessment of each student's accomplishment in our course.

Assessment

60% exam, 25% written project, 15% oral presentation. The questions on the exam will be based on the material in the class readings, with emphasis on the topics and discussions in lecture by instructors and by students.  If you write a term paper for your "project", it must demonstrate your critical and appreciative understanding of at least three professional publications. If you write a project report, it must demonstrate your competence and creativity in practical work. Your oral presentation must be a coherent explanation of an advanced topic in software security, demonstrating a critical and appreciative reading and understanding of one professional publication.

Tentative Schedule

• Week 1:
  • Tuesday 4 March. First day of lectures. Collect student information sheets (handout 2). Distribute the first set of readings (handout 3, available in hardcopy only).
  • Wednesday 5 March. Discuss C. Pfleeger, "Is there a security problem in computing?", Chapter 1 of Security in Computing, 2nd edition, Prentice Hall, 1997. Also discuss Department of Computer Science Computer System Regulations and University of Auckland Computer System Regulations.
  • Friday 7 March. Discuss: "Patent Law Basics", Office of Technology Transfer, University of Arizona, 14 December 1998 (available: http://www.ott.arizona.edu/patbasics.htm, February 2001); K. Nichols, "The Age of Software Patents", IEEE Computer, April 1999; IEEE Computer, June 1999; P. Samuelson, "Encoding the Law into Digital Libraries", Comm. ACM, April 1998.
• Week 2 (10 - 14 March). Select papers and dates for student oral presentations in Weeks 3-9. Discuss how to prepare an oral presentation. Discuss term project requirements. Select class representative.
• Week 3 (17 - 21 March). Ethical issues in security. Watermarking, tamper-proofing and obfuscation: tools for software protection. On Wednesday, 10-page excerpts are due from students presenting in week 4; these excerpts will be photocopied by the instructor and handed out to the class on Friday. All students are expected to read the excerpts before they are presented in class by other students.
• Weeks 4 - 5 (24 - 28 March, 31 March - 4 April). Student oral presentations: two per day, each presentation will be 10 minutes in length, with a 10-minute discussion period. Assignment 1 due: Term paper or project proposal (one sentence).
• Week 6 (7 - 11 April). Selection of topic for your term papers. How to write a title, synopsis and abstract. Choices of form.
• Week 7 (28 - 2 May). Student oral presentations. Assignment 2 due, for term paper: first draft of title, synopsis, and references. For term project: first draft of title, goal statement, resources required (software & hardware), and proposed methodology.
• Weeks 8 - 9 (5 May - 16 May). Student oral presentations. A step-by-step method for writing a first draft of your term paper. Sample final exam (an ungraded midterm test). Assignment 3 due: title and abstract, for publication on class website; and a detailed outline of your term paper or project report.
• Week 10 - 13 (19 May - 6 Jun). Student oral presentations. Student oral presentations. Discussion of student answers to sample final exam. Course overview. Assignment 4 due: final version of your term paper.

Warning

We will discuss vulnerabilities in widely-deployed computer systems. This is not an invitation for you to exploit these vulnerabilities! Instead you are expected to behave responsibly. Don't break into computer systems that are not your own. Don't attempt to subvert any security system in any other way, for example by taking over someone else's "digital identity". See Department of Computer Science Computer System Regulations and University of Auckland Computer System Regulations.