Course Syllabus

Jump to Today

Welcome to Secure Coding (14735)

markus-spiske-70Rir5vB96U-unsplash banner.jpeg

***If you feel unwell, please stay home, take care of yourself, and get medical help if needed.***

Class Time and Location

Section A      T Th 12:30 pm – 1:50 pm Eastern time    INI DEC

Section SV      T Th 09:30 am – 10:50 am Pacific time    B23 227 

Section RW      T Th 06:00 pm – 06:50 pm Central Africa time    Remote

Friday Recitation

Section A      F 12:00 pm – 12:50 pm Eastern time    INI DEC 

Section SV      F 09:00 am – 09:50 am Pacific time    B23 227 

Section RW      F 09:00 am – 09:50 am Pacific time    B23 227 

Please download the FULL syllabus: 14735-syllabus-f23.pdf 

We use CampusWire for discussion, Q&A, and course announcements.

    • You should receive an email invite, if you did not receive an invite, please let us know
    • For further guidance on using Campuswire and expectations, click here 

Class recordings

 Recordings become available 24-48 hours after class. Click here for details

Submissions

Hanan2016 circle.png  Instructor: Dr. Hanan Hibshi (hhibshi at cmu : edu)

working-time.pngOffice hours

    • In-person, walk-in: Thursdays 2-3 pm Eastern Time at Dr. Hibshi's office; the INI Building room, 123
    • Zoom: email the instructor for an appointment 

TA office hours

TA Office Hours Location
 isabelg-1.png   Isabel Gardner Wednesdays 2:30-4:30 PM EST/11:30-1:30 PST

INI Student Floor / Zoom: Send me a slack message!
albertlin.png   Albert Lin Tuesdays & Thursdays 5-6 pm EST Zoom MeetingID: 919 3118 1626, Passcode: 123456

 

Text Book Information

Secure Coding in C and C++, Second Edition by Robert C. Seacord,
Addison-Wesley Pearson Education. (Amazon Link )

Optional books:

  • Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More by Viega, J., and M. Messier. Sebastopol, CA: O'Reilly, 2003.
  • Understanding and Using C pointers by Richard Reese. Available online through CMU Libraries 
  • Good C reference: The book of C (Release 2022.08) by Joel Sommers. Available online

deadline.pngDeadlines, Extensions, and Flexibility question.png

Your health and mental well-being come first, and we understand that life events happen. We offer the following flexible arrangements: 

  • In-class quizzes: We drop the lowest two grades in quizzes, so students can miss up to two classes without an impact on their participation grade. 
  • In-class activities: Activities are available for students to complete outside of class time and remain open for at least 48 hours after class with no access code. There is no penalty if a student completes these kinds of activities after class. 
  • Assignment deadlines are firm, but special additional and reasonable accommodations can be made by the instructor so please reach out if needed. 
  • Bonus opportunities: There are opportunities for bonuses and extra credit that would help students make up for lost points.
  • For Emergencies and special accommodations, please contact the instructor. 

guide.pngShort Guide

Syllabus File (PDF)

List of CTF Problems in PDF

Schedule of topics/due dates in PDF

Lecture slides/assignments/quizzes (Modules)

CTF Server Connection Guides(Windows, Linux/Mac)

Interacting with CTF problems using Python

Additional books and resources (including CTF resources) 

bookshelf.pngCMU Library

All of the articles are provided free of charge and can be accessed either directly from the provided links, or via the CMU Libary. 

question.png Peer Discussion and Academic Integrity 

Students are encouraged to talk to each other, to the T.A.(s), to the instructor, or to anyone else about any of the homework assignments. Any assistance, though, must be limited to discussion of the problem and sketching general approaches to a solution. Each student must write out their own solutions to the homework. Consulting another student’s solution is prohibited and submitted solutions may not be copied from any source. These and any other form of collaboration on assignments constitute cheating. Any form of collaboration is strictly prohibited on the quizzes and is considered cheating. If you have any questions about whether some activity would constitute cheating, please feel free to ask. Cheating on an assignment/exam will result in failure of the course, and the university administration (department, college) will be notified per the appropriate procedures.

 

Simply stated, feel free to discuss problems with each other, but do not cheat. It is not worth it, and you will get caught.

Since the class allows for high-level discussions among students and to be clear we will provide examples below of what is/isn’t high-level discussion. When in doubt about whether a discussion is allowed or not, please reach out to the instructor and/or the TAs. 

The following are examples of what is considered high-level discussion:

  • Mentioning/explaining GENERAL syntax. For example, how to “pipe” between C and Python.
  • Explaining Unix/Linux commands
  • Mentioning/explaining a good tool for debugging
  • Explaining the content from the book/lecture
  • Providing websites for tutorials or general information that would enhance everyone's understanding
  • Sharing hints that originally came from TAs (TAs provide hints in recitations, office hours, etc.)

The following are examples of what is NOT considered high-level discussion and will result in an Academic Integrity Violation (AIV):

  • Sharing code to be used for the solution
  • Sharing detailed “how to’s” for solutions
  • Sharing quiz codes 
  • Sharing CTF Flags 
  • Providing specific details about what to write and what to change in the code
  • Looking at each other’s code (in-person, online, etc.)

question.png Regrets 

In life, we all make mistakes and learn from them because, in the end, we are humans. To support students to learn from negative experiences, this course uses the regrets policy

If a student cheats or gets involved in an AIV action, then they regretted their decision afterward, they have the chance to repair the situation before it gets escalated and an AIV report is filed. Keep in mind that the student needs to report the incident/action to the instructor BEFORE the action is flagged by the instructor or TAs. We will delete the submission from our records (if we can). The student will get a zero on the assignment with no further questions asked and no AIV report to the university. Please note that getting a zero on the assignment would not impact a student's performance in the course, but an AIV would cause a student to fail the course and the action is reported to the university.

Please download the FULL version of syllabus: 14735-syllabus-f23.pdf

Course Summary:

Date Details Due