Course Syllabus

Jump to Today

Welcome to Secure Coding (14735)

markus-spiske-70Rir5vB96U-unsplash banner.jpeg

***If you feel unwell, please stay home, take care of yourself, and get medical help if needed.***

Class Time and Location

Section A      T Th 12:30 pm – 1:50 pm Eastern time    INI DEC

Section SV      T Th 09:30 am – 10:50 am Pacific time    B23 227 

Friday Recitation

Section A      F 12:00 pm – 12:50 pm Eastern time    INI DEC 

Section SV      F 09:00 am – 09:50 am Pacific time    B23 227 

Please download the FULL syllabus: 14735_SecureCoding_Syllabus-f25.pdf

We use Ed Discussion for discussion, Q&A, and course announcements.

    • You should receive an email invite, if you did not receive an invite by Sep 10, please let us know
    • For further guidance on using Ed Discussion and expectations, click here 

Class recordings

 Recordings become available 24-48 hours after class. Click here for details

Submissions

Hanan2016 circle.png  Instructor: Dr. Hanan Hibshi (hhibshi at cmu : edu)

working-time.pngOffice hours

TA office hours

TA Office Hours Location
prof.png   Harrison Green  Wednesdays, 2PM to 3:30PM (ET) | 11AM-12:30PM (PT)

https://cmu.zoom.us/j/96610721571?pwd=GDXk6MjGQg0TONEdCKaU9bp6Zu3Zs9.1
Janessa-oval.PNG   Janessa Guo
 Mondays, 5PM to 6PM (ET) | 2PM to 3PM (PT)

CIC 1313 (in-person)

https://cmu.zoom.us/my/janessaguo
Mitchell-oval.png Mitchell Zhou
 Tuesdays & Thursdays, 4:00 to 6:30 PM (ET) | 1:00–3:30 PM (PT)

https://cmu.zoom.us/j/2288196295

Text Book Information

Secure Coding in C and C++, Second Edition by Robert C. Seacord,
Addison-Wesley Pearson Education. (Amazon Link )

Optional books:

  • Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Networking, Input Validation & More by Viega, J., and M. Messier. Sebastopol, CA: O'Reilly, 2003.
  • Understanding and Using C pointers by Richard Reese. Available online through CMU Libraries 
  • Good C reference: The book of C (Release 2022.08) by Joel Sommers. Available online

deadline.pngDeadlines, Extensions, and Flexibility question.png

Your health and mental well-being come first, and we understand that life events happen. We offer the following flexible arrangements: 

  • Quizzes: If students miss a quiz, they have an opportunity to take another quiz at another class. We will have between 8-10 quizzes in this class (total) and students only need a maximum of six quizzes to count towards their grade. 
  •  Activities: Activities are available for students to complete outside of class time and remain open for at least 48 hours after class with no access code. There is no penalty if a student completes these kinds of activities after class. Students can still miss some activities as the maximum needed in the course is 5 activities. 
  • Assignment deadlines are firm, but special additional and reasonable accommodations can be made by the instructor so please reach out if needed. 
  • Retries for CTF assignments: We do offer opportunities for students to retry a CTF assignment. Students who receive an NS grade for a CTF problem, have the choice of submitting another CTF problem as a retry. Once a student attempts all CTF problems required for the B level, they have a choice of submitting a problem from the list of bonus problems (64-bit versions) as a retry for the NS problem. 
  • For Emergencies and special accommodations, please contact the instructor. 

guide.pngShort Guide

Syllabus File (PDF)

Grade Bundle (PDF)

List of CTF Problems in PDF

Schedule of topics/due dates in PDF

Lecture slides/assignments/quizzes (Modules)

CTF Server Connection Guides(Windows, Linux/Mac)

Interacting with CTF problems using Python

Additional books and resources (including CTF resources) 

Guidance for CTFs when using MAC with Apple Silicon Chips

bookshelf.pngCMU Library

All of the articles are provided free of charge and can be accessed either directly from the provided links, or via the CMU Libary. 

question.png Peer Discussion and Academic Integrity 

Students are encouraged to talk to each other, to the T.A.(s), to the instructor, or to anyone else about any of the homework assignments. Any assistance, though, must be limited to discussion of the problem and sketching general approaches to a solution. Each student must write out their own solutions to the homework. Consulting another student’s solution is prohibited and submitted solutions may not be copied from any source. These and any other form of collaboration on assignments constitute cheating. Any form of collaboration is strictly prohibited on the quizzes and is considered cheating. If you have any questions about whether some activity would constitute cheating, please feel free to ask. Cheating on an assignment/exam will result in failure of the course, and the university administration (department, college) will be notified per the appropriate procedures.

 

Simply stated, feel free to discuss problems with each other, but do not cheat. It is not worth it, and you will get caught.

Since the class allows for high-level discussions among students and to be clear we will provide examples below of what is/isn’t high-level discussion. When in doubt about whether a discussion is allowed or not, please reach out to the instructor and/or the TAs. 

The following are examples of what is considered high-level discussion:

  • Mentioning/explaining GENERAL syntax. For example, how to “pipe” between C and Python.
  • Explaining Unix/Linux commands
  • Mentioning/explaining a good tool for debugging
  • Explaining the content from the book/lecture
  • Providing websites for tutorials or general information that would enhance everyone's understanding
  • Sharing hints that originally came from TAs (TAs provide hints in recitations, office hours, etc.)

The following are examples of what is NOT considered high-level discussion and will result in an Academic Integrity Violation (AIV):

  • Sharing code to be used for the solution
  • Sharing detailed “how to’s” for solutions
  • Sharing quiz codes 
  • Sharing CTF Flags 
  • Providing specific details about what to write and what to change in the code
  • Looking at each other’s code (in-person, online, etc.)

question.png Regrets 

In life, we all make mistakes and learn from them because, in the end, we are humans. To support students to learn from negative experiences, this course uses the regrets policy

If a student cheats or gets involved in an AIV action, then regrets their decision afterward, they have the chance to repair the situation before it gets escalated and an AIV report is filed. Keep in mind that the student needs to report the incident/action to the instructor BEFORE the action is flagged by the instructor or TAs. We will delete the submission from our records (if we can). The student will get a zero on the assignment with no further questions asked and no AIV report to the university. Please note that getting a zero on the assignment would not impact a student's performance in the course, but an AIV would cause a student to fail the course, and the action is reported to the university.

question.pngNote on Use of AI Tools

For this course syllabus, the term AI refers to the use of any large language models, including but not limited to ChatGPT, Gemini, Claude, etc.

The use of AI in this course is ONLY allowed for homework assignments

  • In-class Quizzes: Using AI is NOT allowed 
  • In-class Activities:  Using AI is NOT allowed 
  • Note-taking and general use for studying lecture content. You can use AI for general knowledge prompts to speed up the search process, such as looking up terminology or asking AI to find you good resources and videos that explain a concept. You are also allowed to use AI to clean up your notes. However, the course material is COPYRIGHTED; you are not allowed to upload course slides and other content into any AI tool.
  • Assignments: Using AI is allowed, but the policy below strictly applies

Policy on using AI help for homework assignments

You are welcome to use generative AI programs (Claude, GitHub Copilot, ChatGPT, DALL-E, etc.). These programs can be powerful tools for learning and other productive pursuits, including completing some assignments in less time, helping you generate new ideas, or serving as a personalized learning tool. 

However, your ethical responsibilities as a student remain the same. You must follow  CMU’s academic integrity policy. Note that this policy applies to all uncited or improperly cited use of content, whether that work is created by human beings alone or in collaboration with a generative AI.

If you use a generative AI tool to develop content for an assignment, you need to remember the following:

  • You must cite the tool’s contribution to your work. In practice, cutting and pasting content from any source without citation is plagiarism. Likewise, paraphrasing content from a generative AI without citation is plagiarism. Whether you use GenAI or not, you are always expected to substantiate any claim you make and any statistics you provide with adequate citations.  
  • Using any generative AI tool without appropriate acknowledgment will be treated as plagiarism. 
  • Copying then pasting the exact question/prompt from homework and asking for the answer is not acceptable and violates the copyright policy. AI can be used as an aid where general questions are asked, but not as a replacement for the student's critical thinking.
  • Using an AI tool for homework text write-ups should be limited to spell-checking, grammar, and translation. 
  • You are required to document exactly how you used AI. YOU MUST provide: 
    • a share link to your LIVE AI prompt and response,
    • submit an exported webpage PDF of the complete conversation, and
    • discuss how you went about reviewing/correcting/adapting the responses you received.
  • Code completion AI in IDEs. (ex. GitHub Copilot) is not allowed in this course.
  • To avoid interfering with the flow of your assignment/project report, please provide all this information in one or more appendices and briefly reference them in the body of your text.
  • If you are using a local LLM where a link cannot be provided as specified above, please contact the instructor before using the local LLM. 

Here are examples of how to cite AI in this course:

  • "For problem 4 on group CTFs, I used the following prompt and response from ChatGPT to help me build a Hello World program: https://chatgpt.com/share/689364ae-f74c-8000-a722-f1d8a9093788"
    • However, if the HW problem asked to simply write a Hello World program, since the AI wrote the entire code, while this is not considered an AIV, this would result in earning 0 points for this problem, as the AI did all of the work. This is the same as copying and pasting another person's essay, citing it, and then submitting it.
  • "For problem 3, on individual CTFs, I used the following prompt and response from Claude to help me debug my Rust code and find that I was missing a semicolon in my looping structure: https://claude.ai/share/5bcf5292-a571-4532-a9ea-17f4c35d6faa
    • This would receive full credit as you had written most of the code yourself and asked AI to help you debug and find a small mistake in the code.

Here are examples of NOT Allowed USE of AI in this course:

  • Using AI to look up questions during quizzes
  • Copying questions and other content from the course material to an AI tool 

Please download the FULL version of the syllabus: 14735_SecureCoding_Syllabus-f25.pdf

Course Summary:

Course Summary
Date Details Due