CSCI 780 - Spring 2024
Distributed System Security
Syllabus

Course Description

This course explores a broad set of recent topics in network and distributed system security, including the design and implementation of secure protocols, attacks and defenses, and the growing use of secure hardware and applied cryptography. The course focuses on widely deployed systems, such as TLS, the web's PKI, DNSSEC, Tor, Messaging Layer Security, Bitcoin, and the cloud. Students will discuss recent conference papers, and complete programming assignments using the Go programming language. Prior knowledge of Go is not required.

Prerequisites

Must be a graduate student in Computer Science. I expect students to have some familiarity with systems and networking, network programming, and applied cryptography, but I will review these concepts as needed.

Mechanics

We will use gradescope for programming project submissions. We will use Blackboard for online discussions, posting any video recordings, and tracking grades. Otherwise, the course materials will be published via this website.

Equipment

You are free to develop the programming projects using whatever setup you like. The official setup is of course the gradescope environment, which is a standard Ubuntu Linux 22.04 system with go1.21.6. The projects themselves have very few dependencies.

Readings and Textbooks

Each class we will discuss a research paper. I expect you to read this paper before class and come prepared to have a meaningful discussion.

In addition to the paper readings, we will also learn the Go programming, and use as our textbook:

Learning Go, 2nd Edition
Jon Bodner
O'Reilly Media, Inc
January 2024

An online version of this book is freely available through the W&M library's subscription to O'Reilly Online Learning.

Graded Materials and Grading

Your grade is out of 1000 points. Your final numeric grade will be mapped into a letter grade "on the curve." Generally, 900 points and above is an A; 800 to 899 is a B, and so on. I will adjust this scale downward as necessary.

Note that this class does not have exams or a final.

Attendance and Class Participation (100 pts)

I expect you to attend class regularly, which generally means attending at least 80% of the classes. Class will be in-person only. If you are unable to attend in person (for either the whole semester or an extended period), please let me know and I will make appropriate accommodations.

Paper Presentation (200 pts)

You will lead a 40-50 minute discussion of one of the papers on our schedule's reading list. At the beginning of the semester, I will ask you for a prioritized list of your top three paper choices, and then assign the papers according to everyone's preference. You may find it helpful to prepare slides, but a "chalk talk" is also fine.

You will receive all 200 points if you lead a reasonable discussion for 40-50 minutes. If you are obviously unprepared, or the discussion goes way over or way under the time limits, I will deduct points accordingly. (As a rule of thumb, I will deduct 5 points for every minute you are over or under the time limits.)

Paper Questions (100 pts)

By noon the day of class, you need to email me one question about the next day's paper. Note the following:

  • If we are discussing multiple papers that day, you only need to ask a question about one of the papers of your choosing.
  • If you are presenting the paper that day, do not email me a question. Instead, I will forward to you your classmate's questions the morning before class.
  • Each question you submit is worth 5 points; thus, for full credit you must submit a question for 20 class meetings. There is no extra credit for submitting additional questions.
Programming Projects (300 pts)

I will assign three Go programming projects throughout the semester. Each assignment is worth 100 pts. There are no project extensions: every project is due on its due date. If you received a score of less than 80 points on a project (or simply did not submit), then you can resubmit the project by 11:59pm on May 6 to receive up to 80 points. In other words, the maximum score for a resubmitted programming project is capped at 80.

The programming projects must be completed on your own. The operative rule is that you may consult with your classmates on general issues about an assignment, but code remains private. You should neither show another your program source code, nor look at anothers' source code. Beyond that, you should adopt an "empty hands" attitude toward collaboration: talk about the project as you wish, but leave the conversation with nothing written.

There are a few corollaries to this rule:

  1. Do not post your code on a public repository.
  2. If you copy or lightly adapt source from the Internet or an AI-service, you must cite the URL or service in a comment.
  3. Do not use an AI-service to generate the majority of your project.
  4. If you come to me for help, I will not "eyeball debug" your code; that is, for all but the most trivial problems for which you ask for help, I won't look at your source code. Short of looking at your source code, I'm more than willing to help you design and debug your program.

I reserve the right to review submissions for cases of code sharing, egregious uses of AI (e.g., the entire project is AI-generated), or other disingenuous behavior contrary to the spirit of the project. If I detect such deceitfulness, you will receive zero points for the project and loss the privilege to resubmit that project for partial credit. If I detect deceitfulness a second time, then I will report a violation of the honor code.

Research Project Report (200 pts)

You will work on a research project during the semester. You may work individually or in a team of up to three students.

You can propose your own research project, or you can use one of my ideas as a starting point. Regardless, a member of your team must email me a list of your team members and your research topic (1-3 sentences) by Friday, 2/2 @11:59pm. If you are proposing your own idea, please discuss it with me prior to this deadline.

By 11:59pm on May 6, you must submit a short paper that describes the problem, background details, related work, as well as your approach and accomplishments. The paper has the following requirements:

The template generates a PDF like this.

Research Project Presentation (100 pts)

During normal class time (2pm) on Monday, May 6, your team will deliver a slide presentation of your project to the class. Your presentation should be about 10-minutes long.

Honor Code

W&M has a significant tradition in its honor code, stated below:

As a member of the William & Mary community, I pledge on my honor not to lie, cheat, or steal, either in my academic or personal life. I understand that such acts violate the Honor Code and undermine the community of trust, of which we are all stewards.

Accommodations

William & Mary accommodates students with disabilities in accordance with federal laws and university policy. Any student who feels they may need an accommodation based on the impact of a learning, psychiatric, physical, or chronic health diagnosis should contact Student Accessibility Services staff at 757-221-2512 or at sas@wm.edu to determine if accommodations are warranted and to obtain an official letter of accommodation. For more information, please see www.wm.edu/sas.

As per the university's guidance, if you have a religious observance that conflicts with a deadline, please notify me as soon as possible so that I can attempt to make an appropriate adjustment.

Well-Being

William & Mary recognizes that students juggle different responsibilities and can face challenges that make learning difficult. There are many resources available at W&M to help students navigate emotional/psychological, physical/medical, material/accessibility concerns, including: