COURSE SYLLABUS
14-850: INSuRE Cybersecurity Research - Fall, 2020
Instructor: Professor Ehab Al-Shaer
Email: ehab@cmu.edu
Other contact: skype:ealsaher
Office: Pittsburgh,
INI Building, Office# 125
Office hours: Wednesday
4:30-5:30 and Friday 3:00-4:00 and by appointment
Phone: (412)
268-7899 (Office)
(803)
792-1067 (Google Voice)
TA: TBD
Email: <andrewID>@andrew.cmu.edu
Office hours: TBD
Course Description: In this course, students will learn an
overview of the theoretical foundations and methodologies of conducting
rigorous and high impact research in cybersecurity. The class will include
topics on how to select research problems, how to search, identify, and review
research papers, how to conduct a survey or taxonomy research papers, how to
develop a technical research plan, how to evaluate your research approach and
how to write a research paper and proposal. In addition, this learning
will be in the context of engaging students in the experience of real-world
cybersecurity problems of interest to government organizations and industry
partners. Students will learn how to apply research techniques, think
clearly about problems and constraints, formulate and analyze potential
solutions, evaluate solutions through simulation and experimentation, and
communicate their results effectively. Working in small groups under the
mentorship of technical clients from government and industry, teams of students
will formulate, carry out, and present original research on current
cybersecurity/information assurance problems of interest. Project topics come
from lists supplied by government and industry partners. The course will be
synchronized with similar offerings at several partner schools via videoconference,
using resources provided through the INSuRE program. The course will be open to
graduate students in computer science and engineering (e.g., INI, CS, ECE,
Information Systems, etc.) who have background in information security /
information assurance and have significant expertise in at least one relevant
technical area. All students will be initially waitlisted for the course until
instructors have the chance to verify student qualifications beyond the basic
prerequisites.
Number of Units: 12
Prerequisites: 14741 or 18730; instructor approval
Contact the instructor directly with questions about prerequisites
Class Schedule
@Pittsburgh campus: Wednesday 02:30am-4:30pm EDT (and occasionally Friday @ 1:30 EDT if SECuRE group meeting is needed), INI DEC
Textbook Information
No Text Book is required
Course Objectives
In this course, students will learn an overview of the theoretical
foundations and methodologies of conducting rigorous and high impact research
in cybersecurity. The class will include topics on how to select research
problems, how to search, identify, and review research papers, how to conduct a
survey or taxonomy research papers, how to develop a technical research plan,
how to evaluate your research approach and how to write a research paper and
proposal. In addition, this learning will be in the context of engaging
students in the experience of real-world cybersecurity problems of interest to
government organizations and industry partners.
In successfully
completing this course, you will have the opportunity to:
- Lean how to use
scientific research methods to conduct novel and high impact research: Students will learn both revolutionary and
evolution approaches to do research and innovation.
- Learn the
Science of Security (SoS) foundation for
conducting research in cybersecurity: Students will learn metrics and hypothesis-driven techniques to
conduct and evaluate research in cybersecurity.
- Learn an overview
of computational research foundations: Students will study and discuss foundational papers in the
following areas: formal methods, logic and reasoning, data-driven, optimization/game
theory.
- Learn how to
review and present research papers: Students will learn how to identify and assess the technical
contribution of research papers, and how to give a concise and accurate
presentation of research papers.
- Learn how to
develop a technical research and evaluation plan for research proposal: Students will learn by experience how to
analyze a research problem, derive the technical requirements, and develop
the evaluation criteria in the context of solving a real-world problem
while engaging with a Technical Director from the
government/industry.
Course Philosophy
This course is to learn the theory and practice of conducting
research in cybersecurity. The first part of the class will focus on learning
the scientific foundation for conducting research by studying, presenting, and
discussing papers in various theoretical foundations. This objective will be
accomplished through a series of student presentations of selected paper and highly
interactive in-class discussions. The second part of the course is to learn-by-experience
how to analyze a research problem and how to develop a scientific approaches
and how to conduct a systematic evaluation plan. The background and reading
material will be selected to build a background for the problem to be tackled
by the group. This objective will be conducted through teamwork and intense
class discussion. Students should be prepared to learn how to contribute as
individuals and integrate as a team member.
Course Website
Course Canvas: https://cmu.instructure.com/
Important Dates and Deliverables
Open House/TD Meet and Greet |
8/28 |
Bid Submission |
9/11 |
Problem Assignment |
9/14 |
Proposal |
TBD – (estimated: 9/18) |
Progress Report |
10/16 |
Progress Report Presentation |
10/16 |
Final Report |
TBD—(Estimated 12/4) |
Final Report Presentation |
TBD —(Estimated 12/13) |
Course Deliverables
Students will participate in a significant group project in addition to individual in-class activities. All submissions are to be made through Canvas. Email submissions will NOT be accepted.
Project:
Teams of students will work on a collaborative project for the duration of the semester. Teams will be formed based on Project Bids. Through the semester, teams will give two formal project presentations and submit two written reports as follow.
• Project Proposal:
• Project Progress report and
presentation
• Final report and presentation
In addition to the
team deliverables, each student will be responsible for preparing two Peer
Reviews, and Survey Paper, which will be due along with the progress and
final reports. All of the course deliverables are also briefly summarized on
the Project Info page
Evaluation and Grading
Grades will be determined based on multiple deliverables for the group project done in the course as well as individual effort toward in-class presentations and activities. Individual students will prepare bids for their desired problem areas, and project teams will work toward several major deliverables, including a project proposal, progress report, progress presentation, final report, project poster, and final presentation. Students will be individually evaluated on all project deliverables as well as all individual work done in and out of class.
Attendance |
5% |
In-Class Presentations (foundation and Application domain papers) |
25% |
Writing Survey Paper |
10% |
Paper Review |
10% |
Project Proposal |
5% |
Final Report and Presentation |
45% |
The resources below are useful across multiple
classes including this one.
Every individual must be treated with respect. The ways we are diverse are many and are critical to excellence
and an inclusive community. They include but are not limited to: race, color,
national origin, sex, disability, age, sexual orientation, gender identity,
religion, creed, ancestry, belief, veteran status, or genetic information. We
at CMU, will work to promote diversity, equity and
inclusion because it is just and necessary for innovation. Therefore,
while we are imperfect, we will work inside and outside of our classrooms, to
increase our commitment to build and sustain a community that embraces these
values.
It is the responsibility of each of us to create a safer and more
inclusive environment. Bias incidents, whether intentional or unintentional in
their occurrence, contribute to creating an unwelcoming environment for
individuals and groups at the university. If you experience or observe unfair
or hostile treatment on the basis of identity, we encourage you to speak out
for justice and support in the moment and and/or share your experience
anonymously using the following resources:
Center for Student Diversity and Inclusion: csdi@andrew.cmu.edu, (412) 268-2150, www.cmu.edu/student-diversity
Report-It online anonymous reporting platform: www.reportit.net username: tartans password: plaid
All reports will be acknowledged, documented and a determination
will be made regarding a course of action.” All experiences shared will be used
to transform the campus climate.
Active Shooter Advice: To prepare for the unlikely event of a campus shooting, please
refer to https://www.cmu.edu/police/Resources/Active%20Shooter.html
Earthquake Preparation: During an earthquake, “drop, cover, and hold on.” Please see
details: https://www.earthquakecountry.org/step5/
Accommodations for Students with Disabilities: If you
have a disability and have an accommodations letter from the Disability
Resources office, I encourage you to discuss your accommodations and needs with
me as early in the semester as possible. I will work with you to ensure that
accommodations are provided as appropriate. If you suspect that you may have a
disability and would benefit from accommodations but are not yet registered
with the Office of Disability Resources, I encourage you to contact them
at access@andrew.cmu.edu.
Take Care of Yourself: Please
do your best to maintain a healthy lifestyle this semester by eating well,
exercising, avoiding drugs and alcohol, getting enough sleep and taking some
time to relax. This will help you achieve your goals and cope with stress.
All of us benefit from support during times of struggle. You are not alone.
There are many helpful resources available on campus and an important part of
the college experience is learning how to ask for help. Asking for support
sooner rather than later is often helpful.
If you or anyone you know experiences any academic stress, difficult life
events, or feelings like anxiety or depression, I
strongly encourage you to seek support. Counseling and Psychological Services (CaPS) is here to help: call 412-268-2922 or visit their
website at http://www.cmu.edu/counseling/.
Consider
reaching out to a friend, faculty, or family member you trust for help getting
connected to the support that can help. Please let me know if I can be of
assistance to you in this way. It is not my intention to know the details of
what might be bothering you, but simply to let you know I am concerned and that
help, if needed, is available.
Course Policies:
Language
This course is entirely taught in English, and all materials submitted by the students, including homework, exams, assignments, and quizzes, must be submitted in English. In-class oral participation must also be in English. Homework, quizzes or exams submitted in a language other than English will not be graded.
Please do not worry about making grammatical or vocabulary mistakes. We will never penalize you for using improper grammar or vocabulary, as long as your statements remain clear and unambiguous.
Lectures
Class attendance is required. In-class participation is encouraged and expected. In other words, please do ask questions and make constructive comments during lectures. Additionally, you are only eligible to take quizzes if you attend class.
Auditors & Non-degree Students
Auditors are expected to attend lectures, but cannot submit homework, hand in tests, or take exams. Auditors only get a record of audit at the end of the semester. On the other hand, non-degree students are subject to the same rules and expectations as degree students.
Cell Phone and Wi-Fi
Please remember to turn off or silence your phones (and other alarms) before each class meeting. We will subtract i points from your total grade the i-th time your phone/alarm/pager rings in class during the semester. No exceptions.
As a matter of courtesy to the instructor and other students, please refrain from reading the news, participating in social networks, or checking your email using your wi-fi connection during lectures. It is most likely the case that you do not need a laptop when you come to class.
Late Homework Submission Policy
For full credit, homework must be turned in by 5:00 PM EST on the due date. You have two “grace days” that you can use at any time during the semester for late homework. That is, you can turn in a total of two homework assignments a day late (“a day late” is defined as any delay between 0 and 24 hours after the deadline,) one homework two days late, etc. You must notify the instructor and T.A.s prior to using (a) grace day(s). Assignments turned in late without “grace credit” will be penalized by 10% per day. Homework late by more than three days will not be graded. Exceptions require either prior arrangement or doctor-validated medical excuse.
Collaboration Policy
Students are encouraged to talk to each other, to the T.A.(s), to the instructor, or to anyone else about any of the homework assignments. Any assistance, though, must be limited to discussion of the problem and sketching general approaches to a solution. Each student must write out his or her own solutions to the homework. Consulting another student’s solution is prohibited, and submitted solutions may not be copied from any source. These and any other form of collaboration on assignments constitute cheating. Any form of collaboration is strictly prohibited on the exams and is considered cheating. If you have any question about whether some activity would constitute cheating, please feel free to ask.
Cheating on an assignment/exam will result in failure of the course, and the university administration (department, college) will be notified per the appropriate procedures.
Simply stated, feel free to discuss problems with each other, but do not cheat. It is not worth it, and you will get caught.
Copyright Policy
All teaching materials in this class, including course slides, homework, assignments, practice exams and quizzes, are copyrighted; reproduction, redistribution and other rights solely belong to the instructors. In particular, it is not permissible to upload any or part of these materials to public or private websites without the instructor’s explicit consent. Violating this copyright policy will be considered as an academic integrity violation, with the consequences discussed above. Reading materials are also copyrighted by their respective publishers and cannot be reposted or distributed without prior authorization from the publisher.
ECE Academic Integrity Policy
(http://www.ece.cmu.edu/programs-admissions/masters/academic-integrity.html):
The Department
of Electrical and Computer Engineering adheres to the academic integrity
policies set forth by Carnegie Mellon University and by the College of
Engineering. ECE students should review fully and carefully Carnegie Mellon
University's policies regarding Cheating and Plagiarism; Undergraduate Academic
Discipline; and Graduate Academic Discipline. ECE graduate student should
further review the Penalties for Graduate Student Academic Integrity Violations
in CIT outlined in the CIT Policy on Graduate Student Academic Integrity
Violations. In addition to the above university and college-level policies, it
is ECE's policy that an ECE graduate student may not drop a course in which a
disciplinary action is assessed or pending without the course instructor's
explicit approval. Further, an ECE course instructor may set his/her own
course-specific academic integrity policies that do not conflict with
university and college-level policies; course-specific policies should be made
available to the students in writing in the first week of class.
This
policy applies, in all respects, to this course.
CMU Academic Integrity Policy (http://www.cmu.edu/academic-integrity/index.html):
In the midst of self-exploration, the high demands of a
challenging academic environment can create situations where some students have
difficulty exercising good judgment.
Academic challenges can provide many opportunities for high
standards to evolve if students actively reflect on these challenges and if the
community supports discussions to aid in this process. It is the responsibility
of the entire community to establish and maintain the integrity of our
university.
This site is offered as a comprehensive and accessible resource
compiling and organizing the multitude of information pertaining to academic
integrity that is available from across the university. These pages include
practical information concerning policies, protocols and best practices as well
as articulations of the institutional values from which the policies and
protocols grew. The Carnegie Mellon Code, while not formally an honor code,
serves as the foundation of these values and frames the expectations of our
community with regard to personal integrity.
THE CARNEGIE MELLON CODE
Students at Carnegie Mellon, because they are members of an
academic community dedicated to the achievement of excellence, are expected to
meet the highest standards of personal, ethical and moral conduct possible.
These standards require personal integrity, a commitment to
honesty without compromise, as well as truth without equivocation and a
willingness to place the good of the community above the good of the self.
Obligations once undertaken must be met, commitments kept.
As members of the Carnegie Mellon community, individuals are
expected to uphold the standards of the community in addition to holding others
accountable for said standards. It is rare that the life of a student in an
academic community can be so private that it will not affect the community as a
whole or that the above standards do not apply.
The discovery, advancement and communication of knowledge are not
possible without a commitment to these standards. Creativity cannot exist
without acknowledgment of the creativity of others. New knowledge cannot be
developed without credit for prior knowledge. Without the ability to trust that
these principles will be observed, an academic community cannot exist.
The commitment of its faculty, staff and students to these
standards contributes to the high respect in which the Carnegie Mellon degree
is held. Students must not destroy that respect by their failure to meet these
standards. Students who cannot meet them should voluntarily withdraw from the
university.
This
policy applies, in all respects, to this course.
Carnegie Mellon University's Policy on Cheating (http://www.cmu.edu/academic-integrity/cheating/index.html) states the following:
According
to the University Policy on Academic Integrity, cheating "occurs when a
student avails her/himself of an unfair or disallowed advantage which includes
but is not limited to:
·
Theft of or unauthorized
access to an exam, answer key or other graded work from previous course
offerings.
·
Use of an alternate,
stand-in or proxy during an examination.
·
Copying from the
examination or work of another person or source.
·
Submission or use of
falsified data.
·
Using false statements to
obtain additional time or other accommodation.
·
Falsification of academic
credentials.”
This policy applies, in all respects, to this course.
Carnegie Mellon University's Policy on Plagiarism (http://www.cmu.edu/academic-integrity/plagiarism/index.html) states the following:
According
to the University Policy on Academic Integrity, plagiarism "is defined as
the use of work or concepts contributed by other individuals without proper
attribution or citation. Unique ideas or materials taken from another source
for either written or oral use must be fully acknowledged in academic work to
be graded. Examples of sources expected to be referenced include but are not
limited to:
·
Text, either written or
spoken, quoted directly or paraphrased.
·
Graphic elements.
·
Passages of music,
existing either as sound or as notation.
·
Mathematical proofs.
·
Scientific data.
·
Concepts or material
derived from the work, published or unpublished, of another person."
This policy
applies, in all respects, to this course.
Carnegie Mellon University's Policy on Unauthorized Assistance (http://www.cmu.edu/academic-integrity/collaboration/index.html) states the following:
According
to the University Policy on Academic Integrity, unauthorized assistance
"refers to the use of sources of support that have not been specifically
authorized in this policy statement or by the course instructor(s) in the
completion of academic work to be graded. Such sources of support may include
but are not limited to advice or help provided by another individual, published
or unpublished written sources, and electronic sources. Examples of
unauthorized assistance include but are not limited to:
·
Collaboration on any
assignment beyond the standards authorized by this policy statement and the
course instructor(s).
·
Submission of work
completed or edited in whole or in part by another person.
·
Supplying or communicating
unauthorized information or materials, including graded work and answer keys
from previous course offerings, in any way to another student.
·
Use of unauthorized
information or materials, including graded work and answer keys from previous
course offerings.
·
Use of unauthorized
devices.
·
Submission for credit of
previously completed graded work in a second course without first obtaining
permission from the instructor(s) of the second course. In the case of concurrent
courses, permission to submit the same work for credit in two courses must be
obtained from the instructors of both courses."
This
policy applies, in all respects, to this course.
Carnegie Mellon University's Policy on Research Misconduct (http://www.cmu.edu/academic-integrity/research/index.html) states the following:
According to the University Policy For Handling Alleged Misconduct In Research, “Carnegie Mellon University is responsible for the integrity of research conducted at the university. As a community of scholars, in which truth and integrity are fundamental, the university must establish procedures for the investigation of allegations of misconduct of research with due care to protect the rights of those accused, those making the allegations, and the university. Furthermore, federal regulations require the university to have explicit procedures for addressing incidents in which there are allegations of misconduct in research.”
The policy goes on to note that “misconduct means:
· fabrication, falsification, plagiarism, or other serious deviation from accepted practices in proposing, carrying out, or reporting results from research;
· material failure to comply with Federal requirements for the protection of researchers, human subjects, or the public or for ensuring the welfare of laboratory animals; or
· failure to meet other material legal requirements governing research.”
“To be deemed misconduct for the purposes of this policy, a ‘material failure to comply with Federal requirements’ or a ‘failure to meet other material legal requirements’ must be intentional or grossly negligent.”
To become familiar with the expectations around the responsible conduct of research, please review the guidelines for Research Ethics published by the Office of Research Integrity and Compliance.
This
policy applies, in all respects, to this course.