| Category | Difficulty |
|---|---|
| HW | 9 |
| Exams | 9 |
This class is the next big step for computer security courses, and is
arguably very time consuming. The course cover both various aspect of computer security. You will get exposed to content from research papers, and hand on experience from homework. I have to emphasize that the homework is an epic homework, so you probably need to be familiar with C to do well on this homework.
-
HW: There are three homework assignments. Assignment 1 (Build It; Break It; Fix It;) has 3 parts, and Assignment 3 has 2 parts. It is going to feel like you have 6 homeworks. However, it can be fun, and worthwhile experience.
Build It; Break It; Fix It; is a core assignment with 3 phases (runs till 2/3rd of the course), where you would work with in a group of 3 to first build an application, exploit vulnerabilities in other's applications and later fix vulnerabilities other students exploited in your own application. Given the incremental nature of this assignment, and the fast pace of this course, it can be tricky to change groups later on. For you to have a good learning experience from this course, it is extremely important that your group meets regularly and every member is equally committed to the assignment. Make sure to address any group issues early on.
The Break It phase of the assignment gives you hands-on experience exploiting software - and this can be a nice experience to highlight if you are applying to early career roles in cybersecurity (especially for OffSec roles). If you have time setting up fuzzers like AFL, I'd recommend using them in this phase! Knowing to use such tools are attractive skills in the cybersecurity industry.
Homework 3 (Verification) is pretty involved as well, for which you will be paired with another student. You would have to build an application in Dafny, based on a given list of requirements (expected behavior) for the application. Your functions should meet the pre/post-conditions accordingly (which you will learn about from the course). For any programming project, it is advised to build and verify it in a modular way, i.e, build one functionality and verify that it works before moving onto the next; but I'd emphasise this here for this homework. It can get very difficult to debug why certain functions do not meet the pre/post-conditions after you have programmed entirely.
-
Exams: There are three exams; they can be challenging but you should be good if you have a good understanding of the material. The questions are not so theoretical but test if you understood the concepts well enough to apply them in a given scenario. Hence make sure you understand the material and the purpose of each technique/concept discussed in lecture. The instructors encourage questions both in class and in Piazza. There can be a bunch of different concepts to learn and remember for the exam, so I'd highly recommend brushing through them offline and asking questions on Piazza. The exams (in Spring 2022) were all quite long, so having a good understanding + a neat cheatsheet (1 page, 2-sided cheatsheet allowed for an exam) would go a long way!
- Start the homework as soon as you can. Coordinating with group mates near a deadline can get tricky.
- Do not spend too much time on Assignment 1 by competing with other students too much. It is fun, but spending preparing for exam is a better use of time since that is where real competition will happen.
- Ask lots of question on Piazza, the instruction team is very responsive so you should leverage that.
- Save your late days for the homework two, since I think it is the most epic one.
- Do not take other hard courses. You will probably need to about 15-20 hours a week to be excellent in this course.
- Be careful with teammates on Assignment 1. Ask the instruction team to switch your team right away if your teammate is not responsive.
- Congratulations, this is probably the most advanced course in software system security.