Lecturer

Published prerequisites

Acceptable prerequisites

Scheduled Lecture Times

Tutorials

Tutorial sessions will be held during weeks 4 - 11; times and rooms will be arranged in the second week of classes.  Students are invited (but not required) to rehearse their oral presentations during these tutorials.  The instructor will offer feedback and suggest improvements.

Required Reading

Please note that the licenses of some of our Library's online databases do not grant permission to make additional copies, even for classroom use -- students will have to download these articles through http://www.library.auckland.ac.nz/.

Description

Content

Assessment

If you write a term paper for your "project", it must demonstrate your critical and appreciative understanding of at least three professional publications, at least one of which must be a required reading for this course.  You must also cite and (at least briefly) discuss any other required class readings that are closely related to the topic of your term paper.

If you write a project report for your "project", it must demonstrate your competence and creativity in practical work. You must cite and (at least briefly) discuss at least two required class readings that are relevant to your term project.

Your "seminar" must be a coherent explanation of an advanced topic in software security, showing your careful reading and understanding of one professional publication.  Lecture slides from student oral presentations will be posted to the Assignments area of the class website.

Policy on Plagiarism, Direct Quotation, Paraphrase, and Academic Writing

We follow departmental and University policies on academic honesty. 

The departmental cheating policy at http://www.cs.auckland.ac.nz/CheatingPolicy.html is, in part: "... The Computer Science Department uses many ways to check that the work students submit for marking is their own and was not produced by, or copied from, someone else... Turnitin.com may be used on essays and reports. This detects similarity to online material and submitted works in its own database... All assignments deemed to be too similar are automatically allocated a zero mark. All students who submitted these assignments are entered in the duplicate assignment register. A standard email (see below) is sent to these students. Repeat offenders may be referred to the University Disciplinary Committee. ..." 

The Postgraduate Handbook for Computer Science, at http://www.cs.auckland.ac.nz/handbook/current/PostgraduateHandbook/generalInfo.html, contains the following comments on plagiarism.  "... Plagiarism is the inclusion in your assignment of material copied or closely paraphrased from someone else's writings (including textbooks and assignments by other students) without an explicit indication of the source of the material. The University takes a serious view of plagiarism..." 

The University cheating policy, and some discussion of quotation and paraphrase, is available at http://www.auckland.ac.nz/cir_teaching/index.cfm?action=display_page&page_title=Plagiarism_Cheating.

We will discuss plagiarism, quotation, and paraphrase in class lecture, both in the theoretical context of intellectual property, and also in the practical context of academic writing for our class assignments.  If you accurately cite the source of your direct quotations or close paraphrases, you cannot be accused of plagiarism.  However submitting someone else's work or ideas is not evidence of your own understanding of the material, and such submissions will not earn you marks.

We will give some general advice on the appropriate use of direct quotation and paraphrase.  We also teach a few other "tricks of the trade" in technical writing, because in prior years we have found that few of our entering students are highly skilled in academic writing.

Students may earn an "A+" in our course, even if they turn in work with minor grammatical errors.  Major grammatical errors may cause us to misunderstand the author's intent, and we will assign low marks when we are not sure of a student's understanding of the material they are presenting in their paper.  Students should take special care with the spelling of technical terms, especially acronyms, for an incorrect spelling can cause great confusion in the mind of a reader who thinks the author is referring to some other technical term with a similar spelling!  Passing marks are given only when a student's work clearly demonstrates their understanding of the software security technologies, techniques, and analyses discussed in this course.

Additional Resources

The Library http://www.library.auckland.ac.nz/instruct/instruct.htm offers resources and tuition on searches and citations.

Our University offers some support in the use of the English language by non-native speakers, see https://www.delna.auckland.ac.nz/support.php.

The Student Learning Centre http://www.slc.auckland.ac.nz/ offers resources and workshops on writing and oral presentations.

Aegrotat / Compassionate Consideration information is available at http://www.auckland.ac.nz/exams.

Tentative Schedule

Note: the date listed for student presentation #x is the earliest possible date on which this presentation may occur; later dates are possible if our schedule slips.  Students will be assigned numbers by a random process during the first week of classes.

• Week 1:
  • 19 July. First day of lectures. Discuss:
    • Handout 1, General Information
    • Handout 2, Selection of Oral Presentations
  • 21 July - 23 July.  Discuss:
    • Handout 3, List of Suggested Articles for Oral Presentations
    • Handout 4, Randomly Assigned Student Numbers
    • Handout 5, First set of Lecture Slides
    • B. Lampson, "Computer Security in the Real World", IEEE Computer 37:6, 37-46, June 2004
    • "Department of Computer Science Computer System Regulations",  in Undergraduate Computer Science Handbook, The University of Auckland, 2004 (available: http://www.cs.auckland.ac.nz/handbook/ugrad/UG.DoCSCSR.html, July 2004)
    • "IT Acceptable Use Policy", Version 1.3, The University of Auckland, 2004 (available: http://www.auckland.ac.nz/security/ITAcceptableUsePolicy.htm, July 2004)
• Week 2 (26 July - 30 July). Select class representative.  Select papers and dates for student oral presentations in Weeks 5-13. Discuss how to prepare an oral presentation. Discuss term project requirements.
• Week 3 (2 August - 6 August). Finalise the selection of papers and dates for student oral presentations.  Discuss:
  • "What Are Patents, Trademarks, Servicemarks, and Copyrights?", US Patent and Trademark Office, 13 May 2004 (available: http://www.uspto.gov/web/offices/pac/doc/general/whatis.htm, July 2004)
  • "Patent Law Basics", Office of Technology Transfer, University of Arizona, 2001 (available: http://www.ott.arizona.edu/patbasics.htm, July 2004)
  • "Copyright Basics", Office of Technology Transfer, University of Arizona, 2001 (available: http://www.ott.arizona.edu/copybas.htm, July 2004)
  • "Copyright Protection in New Zealand", Ministry of Economic Development, June 2004 (available: http://www.med.govt.nz/buslt/int_prop/info-sheets/copyright-prot.html, July 2004)
  • K. Nichols, "The Age of Software Patents", IEEE Computer 32:4, 25-31, April 1999
  • P. Samuelson, "Encoding the Law into Digital Libraries", Comm. ACM 41:4, 13-18, April 1998
• Week 4 (9 August - 13 August).  Tutorial sessions: Students #1 - #4 give practice oral presentations.  Discuss:
  • Pfleeger, "Ethical issues in computer security," section 11.5 of Security in Computing, 2nd edition, Prentice Hall, 1997.
  • IEEE Code of Ethics, 1990 (available: http://www.ieee.org/portal/index.jsp?pageID=corp_level1&path=about/whatis&file=code.xml&xsl=generic.xsl, July 2004)
  • "The Ten Commandments of Computer Ethics", Computer Ethics Institute, 1992 (available: http://www.brook.edu/its/cei/overview/Ten_Commanments_of_Computer_Ethics.htm, July 2004)
  • RSNZ Code of Ethics, 2003 (available: http://www.rsnz.govt.nz/directory/code_ethics.php, July 2004)
  • C. Mann, "Who will own your next good idea?", The Atlantic Monthly, 57-82, September 1998 (available: http://www.theatlantic.com/issues/98sep/copy.htm, July 2004)
  • H. Rosner, "Steal this software," The.Standard.com, June 19, 2000 (available: http://www.cnn.com/2000/TECH/computing/06/21/steal.software.idg/, July 2004)
  • P. Radatti, "Cybersoft, Incorporated Moral Guidelines," Cybersoft, Inc, 1996 (available: http://www.cybersoft.com/whitepapers/papers/locks.shtml, July 2004)
  • Excerpts from F Woodford, Scientific Writing for Graduate Students, Rockefeller University Press, 1968.
  • A Eisenberg, Writing Well for the Technical Professions, Harper & Row, 1989, pp. 39-40 and 46-51.
• Week 5 (16 August - 20 August). Student oral presentations #1 - #4: two presentations per day, each presentation will be 10 minutes in length, with an 8-minute discussion period.  Tutorial sessions: Students #5 - #10 give practice oral presentations.  Assignment 1 due (in class Friday 20 August): Term paper or project proposal (one sentence).
• Week 6 (23 August - 27 August).  Student oral presentations #5 - #10.
• Term break (30 August - 12 September)
• Week 7 (13 September - 17 September). Tutorial sessions: Students #11 - #14 give practice oral presentations.  Assignment 2 due (in class Friday 17 September): for term paper: first draft of title, synopsis, and references. For term project: first draft of title, goal statement, resources required (software & hardware), and proposed methodology.  Discuss:
  • C. Collberg, C. Thomborson, "Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection", IEEE Transactions on Software Engineering 28:8, 735-746, August 2002.
  • B. Schneier, "Foundations", Chapter 1 in Applied cryptography : protocols, algorithms, and source code in C, 2nd edition, Wiley, 1996.
  • E Papadakis, "Why and What for (Four): The Basis for Writing a Good Introduction", Materials Evaluation 41, Jan 1983, pp. 20-21.
• Week 8 (20 September - 24 September).  Student oral presentations #11 - #14.  Tutorial sessions: Students #15 - #18 give practice oral presentations.
• Week 9 (27 September - 1 October). Student oral presentations #15 - #18. Tutorial sessions: Students #19 - #24 give practice oral presentations.  Friday: Sample final exam (an ungraded midterm test). Assignment 3 due in class Friday 1 October): title and abstract, for publication on class website; and a detailed outline of your term paper or project report.
• Week 10 (4 October - 8 October). Student oral presentations #19 - #24. Tutorial sessions: Students #25 - #30 give practice oral presentations. 
• Week 11 (11 October - 15 October). Student oral presentations #25 - #30.
• Week 12 (18 October - 22 October). Discussion of student answers to sample final exam. Course overview. Assignment 4 due in class Friday 22 October): final version of your term paper.

Warning

We will discuss vulnerabilities in widely-deployed computer systems. This is not an invitation for you to exploit these vulnerabilities! Instead you are expected to behave responsibly. Don't break into computer systems that are not your own. Don't attempt to subvert any security system in any other way, for example by taking over someone else's "digital identity".