Course Syllabus
Welcome to Secure Coding (14735)
***If you feel unwell, please stay home, take care of yourself, and get medical help if needed.***
Class Time and Location
Section A T Th 12:30 pm – 1:50 pm Eastern time INI DEC
Section SV T Th 09:30 am – 10:50 am Pacific time B23 227
Friday Recitation
Section A F 12:00 pm – 12:50 pm Eastern time INI DEC
Section SV F 09:00 am – 09:50 am Pacific time B23 227
Please download the FULL syllabus: 14735-SecureCoding-Syllabus-f24.pdf
We use CampusWire for discussion, Q&A, and course announcements.
-
- You should receive an email invite, if you did not receive an invite, please let us know
- For further guidance on using Campuswire and expectations, click here
Class recordings
Recordings become available 24-48 hours after class. Click here for details.
Submissions
-
- Gradescope and Canvas are used to submit assignments. Please read the submission instructions for each assignment.
Instructor: Dr. Hanan Hibshi (hhibshi at cmu : edu)
Office hours
TA office hours
TA | Office Hours | Location |
Zhuohao (Howard) Liu | Wednesdays, 2PM to 3PM (ET) | 11AM to 12PM (PT) |
https://calendly.com/ixnet/735-oh Please schedule at least 2 hours before meeting time. |
Aditya Sudhansu |
Thursdays, 7PM to 8PM (ET) | 4 PM to 5 PM (PT) | |
Frank Mao |
Mondays, 1:30PM to 2:30 PM (ET) | 10:30AM to 11:30AM (PT) |
https://calendly.com/xim-andrew/14-735-oh Please schedule at least 2 hours before the meeting time. |
Text Book Information
Secure Coding in C and C++, Second Edition by Robert C. Seacord,
Addison-Wesley Pearson Education. (Amazon Link )
Optional books:
- Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More by Viega, J., and M. Messier. Sebastopol, CA: O'Reilly, 2003.
- Understanding and Using C pointers by Richard Reese. Available online through CMU Libraries
- Good C reference: The book of C (Release 2022.08) by Joel Sommers. Available online.
Deadlines, Extensions, and Flexibility
Your health and mental well-being come first, and we understand that life events happen. We offer the following flexible arrangements:
- Quizzes: If students miss a quiz, they have an opportunity to take another quiz at another class. We will have between 8-10 quizzes in this class (total) and students only need a maximum of six quizzes to count towards their grade.
- Activities: Activities are available for students to complete outside of class time and remain open for at least 48 hours after class with no access code. There is no penalty if a student completes these kinds of activities after class. Students can still miss some activities as the maximum needed in the course is 5 activities.
- Assignment deadlines are firm, but special additional and reasonable accommodations can be made by the instructor so please reach out if needed.
- Retries for CTF assignments: We do offer opportunities for students to retry a CTF assignment. Students who receive an NS grade for a CTF problem, have the choice of submitting another CTF problem as a retry. Once a student attempts all CTF problems required for the B level, they have a choice of submitting a problem from the list of bonus problems (64-bit versions) as a retry for the NS problem.
- For Emergencies and special accommodations, please contact the instructor.
Short Guide
Schedule of topics/due dates in PDF
Lecture slides/assignments/quizzes (Modules)
CTF Server Connection Guides(Windows, Linux/Mac)
Interacting with CTF problems using Python
Additional books and resources (including CTF resources)
CMU Library
All of the articles are provided free of charge and can be accessed either directly from the provided links, or via the CMU Libary.
Peer Discussion and Academic Integrity
Students are encouraged to talk to each other, to the T.A.(s), to the instructor, or to anyone else about any of the homework assignments. Any assistance, though, must be limited to discussion of the problem and sketching general approaches to a solution. Each student must write out their own solutions to the homework. Consulting another student’s solution is prohibited and submitted solutions may not be copied from any source. These and any other form of collaboration on assignments constitute cheating. Any form of collaboration is strictly prohibited on the quizzes and is considered cheating. If you have any questions about whether some activity would constitute cheating, please feel free to ask. Cheating on an assignment/exam will result in failure of the course, and the university administration (department, college) will be notified per the appropriate procedures.
Simply stated, feel free to discuss problems with each other, but do not cheat. It is not worth it, and you will get caught.
Since the class allows for high-level discussions among students and to be clear we will provide examples below of what is/isn’t high-level discussion. When in doubt about whether a discussion is allowed or not, please reach out to the instructor and/or the TAs.
The following are examples of what is considered high-level discussion:
- Mentioning/explaining GENERAL syntax. For example, how to “pipe” between C and Python.
- Explaining Unix/Linux commands
- Mentioning/explaining a good tool for debugging
- Explaining the content from the book/lecture
- Providing websites for tutorials or general information that would enhance everyone's understanding
- Sharing hints that originally came from TAs (TAs provide hints in recitations, office hours, etc.)
The following are examples of what is NOT considered high-level discussion and will result in an Academic Integrity Violation (AIV):
- Sharing code to be used for the solution
- Sharing detailed “how to’s” for solutions
- Sharing quiz codes
- Sharing CTF Flags
- Providing specific details about what to write and what to change in the code
- Looking at each other’s code (in-person, online, etc.)
Regrets
In life, we all make mistakes and learn from them because, in the end, we are humans. To support students to learn from negative experiences, this course uses the regrets policy.
If a student cheats or gets involved in an AIV action, then they regretted their decision afterward, they have the chance to repair the situation before it gets escalated and an AIV report is filed. Keep in mind that the student needs to report the incident/action to the instructor BEFORE the action is flagged by the instructor or TAs. We will delete the submission from our records (if we can). The student will get a zero on the assignment with no further questions asked and no AIV report to the university. Please note that getting a zero on the assignment would not impact a student's performance in the course, but an AIV would cause a student to fail the course and the action is reported to the university.
Please download the FULL version of the syllabus: 14735-SecureCoding-Syllabus-f24.pdf
Course Summary:
Date | Details | Due |
---|---|---|