CS-6238 - Secure Computer Systems

Search for a Course:

    SCS
    Toggle to Select Spcific Semesters

    Reviews


    Semester:

    imho projects should be worth more percentage of the final grade. They are time consuming but nice to do. Exams are tough, asking specific little details from research papers / books. In general, its a course that has perspective to become much better.


    Semester:

    Doing well on the projects and take-home quizzes is sufficient for a B (70+). The midterm and exam are open-ended.

    It’s nice that the lowest project and quiz grades are dropped from the final grade calculation.


    Semester:

    The is one of the best run classes in the Cybersecurity program. The professor is completely involved and holds weekly QA classes to review quizzes and exams. The TA’s are outstanding providing feedback and are very helpful. This is a demanding course and meets the expectation of a graduate course.


    Semester:

    It is a hard class for a compressed schedule in the summer. The topics you are going to learn are very interesting, but some of them are really deep on theory, so even cool topics like virtualization security and SELinux can be a challenge.

    One important aspect is how much the quizzes are for your final grade. Take them seriously. They are not like IIS where you can just search the book and answer. I don’t like how much the quizzes interfere in the final grade, because of the actual mechanism: some students simply build “study groups” and, while I cannot prove it, it looks like they ace a lot of quizzes by oversharing information among themselves. Those who are alone doing the right stuff are in disadvantage. These are the kind of quizzes that are going to:

    • check how deep you understood the week lecture
    • if you did read the additional papers (yes, there are questions where even if you mastered the lecture you will not be able to answer without understanding the additional papers) Some of the quizzes will also have one partial right answer alternative, so if you overthink or didn’t understand the subject in a deep level, you will answer incorrectly. A “all of the above” alternative can be a nightmare here ;-).

    Project 4 should be started the day it is released. Others already said that but I will reinforce. Do it as fast as you can, it is not easy like the other 3 and take a lot of time to test and debug corner cases.

    One very positive aspect that made the journey easier was that the professor and the TAs are very engaged, they will be with you whenever you face issues or need some extra help to understand the topics.

    The grade is curved. I managed to get an A but I really worked hard, many times watching the lectures a second or third time, so expect to dedicate a lot of time and energy if you want to achieve it. Otherwise, a B is not that difficult.

    To summarize:

    • Take quizzes seriously. Ace the first ones, they are easier
    • Start project 4 ASAP
    • Don’t take it on summer :-)


    Semester:

    This has been one of the best courses I’ve taken thus far at GT. It’s the real deal with a handful of practicality. The projects are great for learning different aspects of programming and understanding the concepts being taught during the week’s modules. TA’s were great. Instructor was great.

    The weekly quiz can get tricky. Don’t stare a question for too long or you’ll end up talking yourself into a wrong answer. Loved the course overall.


    Semester:

    I have a B.S. in CS and work as a software engineer. This course covered some concepts I was already familiar with but the majority were new to me. I felt the quizzes waxed and waned in difficulty. If it was a subject I liked and had some previous knowledge it wasn’t too bad, but if it was a subject I did not like it was hard for me to get above 7 or 8 out of 10. I see some reviews say there are trick questions on the quizzes and I guess that’s somewhat true, but I don’t think it’s meant to be a gotcha rather it’s testing if you understood the concept by presenting a question where you’d end up going full ‘well ackchyually’ meme.

    Projects were okay, first 3 account for 10% of your grade and they drop the lowest, so if you get really good grades on the first 2 you can skip the third. These first 3 projects took me less than 10 hours each (I skipped the third). The fourth they say start early so naturally I started the day before it was due…. I still got max marks but I worked a solid 20-25 hours on it. Fun project, should have probably started a day or 2 earlier to avoid that crunch.

    Exams are exams. I did better than the average on both. I thought the final was harder than midterm, but only because some of the topics covered after the midterm I really did not care for. I found as long as you can display some level of understanding the grading is fair.


    Semester:

    This is course number 8 for me in the OCY program, and probably in the top 2-3 most challenging I’ve taken so far. The compacted summer semester didn’t help, which saw us compressing a normal 16 week semester (14 lectures and 2 exams) into 11 weeks (9 weeks of lectures and 2 exams), with no course content cut or amended.

    Each week consisted of lecture videos - usually 2-4 hours, plus several readings (anywhere from 3-5 readings, and upwards of 50-75 pages some weeks).

    Grades were based on projects, quizzes, and exams.

    Best 2 of 3 on the first two projects worth 10% total of the grade - topics were Memory Protection, Authentication (including 2FA), and Exploring Set-UID. Final project was also worth 10% of the grade, and involved creation of a secure shared store. Very challenging, but also interesting, especially as pieces started clicking together.

    Quizzes were tough, and closed-book. Each quiz covered a learning module, and required thought into what the question was asking. Normally 5-6 “easy” questions, 2-3 that were a little more challenging, and 2 that required much more thought.

    Exams were challenging and closed-book, but fair, each worth 25% of the final grade. Final was non-cumulative, though you needed to have an understanding of some topics from the first half. Open-ended questions that required explanation, so partial credit was possible.

    In general, .5STD above the mean is an A, and 1STD below is the cutoff between B/C.

    Positives:

    Professor Ahmed hosted office hours regularly in addition to those held by the TAs. The programming projects are interesting and relevant.

    Negatives: Summer session made this course wayyy more challenging. A couple of weeks were 40+ hours of work. In a normal semester, the workload would be much more manageable. If you can’t handle some long weeks, it may be better to take during the fall/spring. Content was a bit dry. This is another one of those courses that had moments of interesting content, but a lot of theoretical information that isn’t applied. Quizzes and Exams were closed notes, and worth a large percentage (combined for 80%) of the grade.


    Semester:

    To start off, taking this course during the summer made it a bit tougher than it would have been during a fall/spring semester. There is no reduction in material other than making Project 3 optional. So there are multiple weeks where they cram in 2 weeks of material and quizzes into a single week. That made the first couple weeks of the course a bit challenging mainly due to the sheer number of papers needed to be read. I didn’t think the quizzes were too bad with the wording except for maybe a handful of questions. Project 4 was a lot of work and could have benefited from a better write up, but the instructors warn you to start early and made good use of Piazza to clarify requirements.

    The material itself isn’t too difficult, although there is quite a bit of variation in the depth and amount of theory the different modules go into. There’s a good mix of historical context, proof of security theory, and practical implementations that I found pretty interesting. If you’re in the OMSCY Infosec track, I think this is a great course and it makes sense as a core course. That said, this is not a course well suited for OMSCS majors, and would not recommend that Computer Science masters students take this course unless they have a very strong interest in Cybersecurity. This course is a good follow up for IIS and it was refreshing to see a professor that was more involved with a course.


    Semester:

    “Shamelessly created by an Academic” is what another reviewer said and is the perfect way to summarize this course. I have previously completed HPCA, CN, GIOS, and AI. This class is definitely the worst one I have taken and wish I would have chosen something else. It was mentally exhausting to find the motivation to keep going.

    Pros

    • The professor and TAs are fantastic and kind.
    • The projects were fun and I learned a ton.

    Cons

    • The material is presented in such a convoluted way that it makes the class difficult. But it turns out if you take the time to Google and rephrase the presented content then it’s really not that hard.
    • The exams and quizzes are very poorly worded, felt like trick questions, and account for a huge chunk of your grade.


    Semester:

    I wasn’t a huge fan of the course. TAs and the professor were great but the topic is kind of dry. The weekly quizzes have too many “gotcha” questions that are not very straightforward. I also think the quizzes have too big of a weighting on the grade. The projects were fun and that was my favorite part of the class. First two projects were pretty easy (we used C for 1st project and Python for 2nd). 3rd project was optional so I didn’t do it. Final project was pretty difficult but I still enjoyed it. Midterm was pretty hard and the Final is this week which I think will be a similar difficulty to the midterm. Overall, I don’t think I would take this class again, particularly because of the quizzes.


    Semester:

    This was my fifth course in the OMSCS program, and I must say, it is by far my least favorite course I have taken. In fact, it may be the worst comp-sci class I have ever taken between my undergrad and grad classes. While some of the material was interesting, the fact of reading 1-5 research papers a week, being tested on these readings, and open-end questions on the exams was VERY off-putting and far from enjoyable. The class has a mixture of 13 weekly quizzes, 2 exams, and 4 projects. Dr. Ahamad is very involved with the course from posts in Piazza to being in the weekly office hours. It is stated during the first lecture that the class will be graded on a curve, although you don’t know what that will look like until closer to the end of the course.

    Coursework

    • Project 1 (5%): This project focuses on understanding memory protection. It requires using objective C to modify sections of memory, marking their access levels, testing some options, and answering questions.
    • Project 2 (5%): This project deals with implementing 2 Factor Authentication. It requires using Python to get input, generate/validate hashes, and using a local generator to mimic 2FA.
    • Project 3 (5%): This project focused on exploring setuid. It involved completing some tasks and submitting a very detailed lab report. If you do well on P1 and P2 (as I did), you could ultimately skip this project.
    • Project 4 (10%): This project was by far the most time consuming, confusing, but somewhat interesting. It required using Python to implement a distributed system and using security to handle file modification, sharing, creation, and deletion. It also involved using certificates to validate a client/user with the server.
    • Quizzes (30%): There are 13 weekly quizzes. Each quiz is worth 2.5% of your grade. The lowest scoring quiz is discarded, leaving 12 graded quizzes. The material comes from the lectures and weekly research papers you are required to read. Each quiz has 10 questions, you have 20 minutes to complete the quiz, and you are required to use the Respondus Lockdown browser. Many of the questions are application of the material discussed for the week; however, there is typically at least 1 question that requires you to recall information from the lectures or research papers. This question could be from something obvious or from some very minute and fine-grained detail.
    • Midterm Exam (25%): This exam has 5 open-ended, essay style questions. You have 120 minutes to take the exam. The exam covers the first half of the class.
    • Final Exam (25%): The exam has 5 open-ended, essay style questions. You have 120 minutes to take the exam. The exam covers material since the midterm.

    Take-Aways

    • Miscellaneous Stuff: The research papers do not do much to give you a leg up on the projects. While the topics are briefly mentioned, there is a lot of learning for the projects, especially if you are not familiar with Objective C and/or Operating Systems concepts. Be prepared to spend a lot of time listening to lectures and even more time reading research papers, websites, handbooks, and textbooks.

    • Textbook: There is no textbook for this course. There are normally 1-5 research papers to read each week, which are provided. At times, there is a ton of reading for the week.

    • Projects: The projects could be a little better. The languages used are: Objective C and Python. The lowest of the first 3 projects is dropped; however, the last project (Project 4) is required and takes the most amount of time.

    • Exams: The exams are challenging in the sense they are open-ended essay style questions instead of multiple choice and True/False, thereby allowing you to get partial credit if you can explain “what you were thinking.” They require you to think about the material you covered and provide a defended response to the questions.

    • Professor and TAs: Dr. Ahamad and the TAs have a big involvement in the class. Dr. Ahamad is very open to discussing a student’s questions on quizzes and exams, as long as you can provide evidence and sound logic to your decision.

    • Overall Grade: I feel like I put an acceptable amount of time in this course (over 310 to be exact). In the end, my grade was 78.43, which got me a B. The grade distribution, which changes per semester, was A (100 to 86), B (86 to 70), and C (70 to 50).

    • Useless Statistics: I am one who likes numbers, so here are some stats I maintained along the way. Here are some of those statistics. They show numbers for the quizzes and exams.

      • Quiz # Q 1 Q 2 Q 3 Q 4 Q 5 Q 6 Q 7 Q 8 Q 9 Q 10 Avg Low High
        Quiz 1 87 97 59 85 63 41 22 82 64 86 7.2 3 10
        Quiz 2 80 78 91 94 98 50 96 86 90 61 9 5 10
        Quiz 3 90 90 81 68 87 44 84 93 65 88 8 2 10
        Quiz 4 86 83 89 82 95 66 78 56 84 69 8 1 10
        Quiz 5 45 91 80 30 65 67 53 68 48 88 6.4 2 10
        Quiz 6 61 87 81 44 90 87 74 80 80 86 7.7 3 10
        Quiz 7 96 89 94 97 86 90 83 89 46 78 8.5 3 10
        Quiz 8 94 94 91 96 89 79 99 96 91 75 9.1 5 10
        Quiz 9 99 93 68 63 65 89 68 73 73 83 7.7 4 10
        Quiz 10 86 87 73 80 45 89 89 71 63 95 7.78 4 10
        Quiz 11 80 84 55 55 94 93 92 82 91 74 8 3 10
        Quiz 12 88 87 72 90 97 94 86 49 84 79 8.24 4 10
        Quiz 13 83 81 73 72 72 66 85 81 80 87 7.79 0 10
      • Exam Avg Low High
        Midterm 84.2 29 100
        Final 76.7 39 100

    TLDR

    In short, I feel this class was a little more difficult than OMSCentral reviews led on to be. The material is interesting, but maybe too many research papers and too detailed questions on the weekly quizzes. Be prepared to do a lot of reading. Brush up on Operating System, memory management, Objective C, Python, certificates, and any other material from an undergraduate OS course. There is a curve in the class, but be prepared to work for it. In the end, I learned some things, but it was by far the worst CS class (or maybe any college class) I have ever taken between my undergraduate and graduate courses.


    Semester:

    I unlike many of my peers mostly enjoyed the quizzes and exams. I thought they were largely graded fairly and asked fair questions based on the content. A few questions were oddly worded and overly specific for sure; conversely many other questions really make you stop and really think which I think should be the point of a graduate degree (ala, moving to higher levels of bloom’s taxonomy). Its not just regurgitation of information. Now all that said, I disagreed with the grading of less than a handful of the questions. Out of, maybe 150 questions in the course thats pretty good in my opinion. A few of the weeks (memory protection, Virtualization, Differential Privacy) exposed me to real world topics that helped me understand things like how modern tools like Microsoft’s Credential Guard work or how Rowhammer bypasses fundamental OS design principles.

    My critique of this class is twofold: relevance of the content and pedagogy.

    Relevance: This class is focused on research ideas spanning the course of half a century, many of which never worked or didn’t stand the test of time. You will be doing deep dives on a laundry list of technology that were either never built,, saw limited real world adoption, or protect against a threat landscape that never existed. It is a course on systems and the threat landscape in days of yore. Some of my peers found the dated topics helped them develop and apply a security mindset to today; however I did not share that experience except for maybe a handful of topics. Some of the content like the SUID bit Demystified was really useful to me.

    Pedagogy: Pedagogy did not fit my learning style: Mustaque was at his best when he explained something from a diagram, not when he reads a wall of text on a slide or spent a large amount of time on a theoretical framework that no one uses and is an order of magnitude more difficult than the topic itself. Expect plenty of symbolism, theory, set notation, esoteric slides, death by powerpoint, ect. I got through it, but I felt the approach to instruction made this class more time consuming for me than it needed to be. In a number of cases I Ifound content objectively incorrect. “Diffie Hellman key exchange protocol” based on the hardness assumption of factoring large prime numbers (ala RSA) and not based on the discrete logarithm problem comes to mind. I spent a lot of time reading: some of the papers were very interesting. Some were okay. Most were very boring and not at all helpful for me to gain new insights to secure real world production systems. A handful were worth slogging through because they supported the course content very well.

    https://www.omscs-notes.com/secure-computer-systems/00-welcome/ is a very good resource if you get lost in the slide deck: one of our peers has provided a sort of translation in his own words.

    Overall: I worked hard (15-20 hours a week), got an A, and tried to maximize my educational experience, but this class did not present much value to my career like other Gatech coursework. A few people in the class seem to have really enjoyed it, so you may enjoy this class more than I did. That said, my advice is to avoid SCS if possible.


    Semester:

    Shamelessly created by an Academic. Largely a history class mixed with overly abstracted concepts that do not map to reality. Professor presentations are, substandard, lacking appropriate visual aid for largely conceptual materials. Professor’s speech is not clean English, not concise, filled with circular speech, and lost thoughts as he forgets what he is presenting (or is simply confused, it is hard to tell). Grades are heavily weighted (80% = quizzes(30%) + tests(50%) and numerous with respect to weekly quizzes. Quiz time windows are only 20 minutes, question wording was often confusing, and many times aimed at being ‘trick’ questions. Quizzes and exams expected that you would be more than familiar with the boat load of materials with an understanding greater than was taught. Exams are roughly 4-5 free form open ended essay questions giving the professor the ability to curve the grades of the entire class when the vast majority perform poorly, this is indicative of the quality of the teaching that is occurring. Perform well compared to your peers so that the professor can create a nice bell curve average as he swings most of the class from low grades to moderate ones. This course was no more than a time sink based stress test. I hold 2 degrees already and have had many professors. Easily the 2nd worst professor I have ever had.


    Semester:

    Note that it is not just ‘systems’: the course covers security issues of individual machines and distributed systems. In my view, this course is advanced, and benefits from taking other classes prior to this one; for example, Intro to Information Security, Network Security, Computer Networks, and OS courses. Otherwise, the educational process may become harder due to absence of familiarity with some basic CS concepts. As such, I would recommend booking for the course in the middle of your studies, thereby reinforcing previously gained academic skills in security field.
    Projects are interesting and require Python. The last and biggest one challenges knowledge gained throughout the course , and includes plenty of coding, understanding of various security concepts, conducting security analysis and so on.
    Totally disagree that this is a relax course because just watching lectures and solving weekly quizzes needs sufficient diligence, not to mention keeping up with the projects and exam preparation.


    Semester:

    The first 3/4s of this class are relatively easy, especially if you have already taken CS 6035 or if you have experience in the field. I really enjoyed the technical deep dives that the course takes into each of the topics covered. The last project in the class, however, has you building out a fairly robust service and the TAs are looking for a pretty high degree of polish. This project is just worth only 10% of your grade overall, so you’re much better off focusing on doing well on the final. I got caught up in getting the project done right, so I spent an inordinate amount of time on it. The 3 other projects in the class are much simpler, and are only worth 5% apiece (and only two are counted towards your final grade).


    Semester:

    Compared to IIS and Network Security, the course is a lot more relaxed overall. Most of the grading comes down to quizzes and exams rather than projects, so it doesn’t give as much coding experience if that’s what you’re looking for. Found a lot more spare time to do other things as well, although it’s likely because some of the course material overlapped with my previous courses. Didn’t learn as much coding/technical stuff, but still has a lot of interesting material with certificates and authentication.


    Semester:

    Just wanted to say, the TA’s in this class are awesome and super helpful. Even if you ask a “dumb”/”obvious” question (which there’s no such thing because everyone experiences the world differently), they answer with kindness and respect, and really seemed to enjoy interacting with us.

    The quizzes were fine (some were badly worded, but TA’s were open to feedback). The tests being short answer really allow for you to tie together everything you’ve learned, so as long as you understand the subjects at a medium-high level and how they build off of and tie into each other, you’ll do fine. There was no need to memorize the smallest facts, and answering the questions to showcase your understanding felt very intuitive.

    The 3rd project was optional because the lowest score out of the first 3 would be dropped. Good thing someone mentioned it in Piazza, because I definitely didn’t see that part in the syllabus. I was halfway through it and took a calculated risk not to finish it, since project 2’s grade wasn’t out yet. And it worked out fine. Don’t start project 4 late like I did. It’s not overly difficult, but can take some time to wrap your mind around.

    Speed up those lecture videos. Your patience will thank you.

    10/10 would take again.


    Semester:

    This course is pretty good. Like some classes there are little things out of date but for the most part it is pretty good. Quizzes every week closed book, Projects are easy 1-3 but fourth project takes a while but is the most realstic and you will learn a lot in that fourht project which ties in nicely with the second half of the class. Exams are not too bad there is a study guide you study off of that and you should be able to get 80’s on exams. Otherwise not a bad class. Professor is also active for OH sessions.


    Semester:

    This was a fairly challenging class but you’re left with a really good understanding of how to secure computer systems. For me, it required an average of 10 to 15 hours per week, maybe more. Overall, I enjoyed this class and the projects and have learned so much.

    There is a multiple choice quiz each week and there were always a few questions on each quiz that were very difficult. Usually the median grade on quizzes was an 8/10 and the lowest quiz (of 13 quizzes) is dropped. Quizzes are worth 30% of your overall grade.

    There are four projects with the last/fourth one being considerably more time consuming than the others. I know many people found the fourth project very difficult, but I found it enjoyable and learned a lot from it. Projects make up 20% of your overall grade.

    The mid-term and final are each worth 25% of your overall grade. They were both very challenging. The final is more difficult than the mid-term. To do well on these exams, you’ll need a very good understanding of the material.

    Professor Ahamad gave us access to him each week during office hours. He goes through the previous week’s quiz and answers whatever questions we have. He has high expectations of us and sincerely wants us to succeed. I believe he’s the grandfather of the Cybersecurity program – the one who set this all up. It was an honor and privilege being in his class and he’s brilliant.

    The TA’s were extraordinary. We had tough questions for them and asked too many questions and they definitely delivered. Everything was graded within a reasonable amount of time and they were very generous in their grading. The TA’s for Spring 2020 were Jubin James, Abhineet Deshpande, Harish Nagarajan, and Ranganatha Rao Sridhar.


    Semester:

    Good class. Lectures were well done, and cover the material well. The professor speaks slowly, so its easy to listen at 1.5 and not miss anything.

    The weekly quizzes cover material from the readings and the lectures and are meant to make sure you keep up with the reading each week. The quizzes are fair if you do the reading.

    Office hours each week by the professor and also by each TA, so lots of opportunity to get help and ask questions. Also the TAs are quite active on Piazza.

    There is more reading in the first half of the class, then it tapers off somewhat after the midterm.

    Projects are not difficult. Project 4 is worth double and make sure you start it early.

    This was my first class in OMSCS program and I felt that the workload was just right. Not too hard and not too easy.

    This was first online offering for this class, so it had a few minor bumps which will likely get ironed out.


    Semester:

    This is a decent course and I enjoyed it. The intent of the course is to introduce the meaning and challenges of securing computer systems. I highly recommend this course if you enjoy cyber security related topics. In Fall 2019, the TA team was very active and responsive. Office hours are held by the instructor as well as by the other teaching assistants. There were four projects, 13 quizzes, 1 midterm, and 1 final. Overall the class workload is pretty light in the beginning and it starts to ramp up towards the end of the course. Advice would be to focus on the lectures. Read the papers until you have a high-level understanding of the content; there is no need to spend extra time cramming every piece of information from every paper to do well on the tests or quizzes. Doing well in this class requires grounded understanding of the concepts presented in the lectures. 80% of the courses grade is comes from quizzes and tests the other 20% comes from the projects. As with most OMSCS courses, achieving a desirable grade requires effort and this course is no exception to that. If you stay on top of the material presented in class, get started on projects early, take every quiz prepared, and study at least two weeks before the midterms and final you will not only get a lot out of the course but you will do well also. All the best!


    Semester:

    This was an ok class, it was the only one I could get into at the moment after forgetting to register during my time slot :(.

    A was 82, B 68, 4 projects, 2 exams.

    Projects ok, Exams ok. Nothing much to like, I learnt my lesson and will set up more alarms as reminders in the future.


    Semester:

    Not much to talk about, but here’s my quick .02

    I came into this class with an ok background, having taken IIS beforehand. It is only my 3rd class in the program so I do not have much to compare it against. This being said, I did not like the class materials and specifically the TA grading in particular. However, I understand where there’s a lack of autograder as in other classes the human bias will always get in the way.

    The exams were OK, and unlike the other reviewers I found the quizzes to be alright.

    I do not recommend this class.


    Semester:

    In this class projects were worth 20% (3 4%, and a final one worth 8%), quizzes 30%, midterm 25%, and the final 25%.

    The curve was 68% for a B, and 82% for an A, everything below got a C. So, if you do not want hard work but would rather cruise this might be of interest to you. Material is not hard at all, just dense and boring. Every week doing those lectures felt like a huge chore.

    The projects were easy, the 1st three in particular were a joke, think 2-3 hours each (not hard enough even for the measly 4%). The fourth one required more effort. They forgot a half baked autograder in the Downloads folder for project 4 which was interesting, thank you for that BTW.

    The lecture content was incredibly boring, and the professor talked really really slow, you could have easily done x2 speed on the lectures. Quizzes were a bit ambiguous, and asked some weird detailed questions which did not measure understanding well, I am assuming professor got this from IIS which has similarly unintelligent quizzes.

    Exams were OK, the essay type questions were welcomed, but it was harder to grasp what full credit answer was and had to rely on the TAs who graded these (not the professor like in other classes).

    The professor was present in every OH and that is the only thing I loved about this class.

    Grades were returned very slow for the 1st 3 projects, 4th one was returned fast indeed.

    Overall a half baked class which will only improve more on consequent iterations I am sure, you can’t really go anywhere but up when you’re at the bottom.


    Semester:

    For the first offering of this course, all things considered, it was decent. What keeps me from giving a more positive rating are the weekly quizzes. Yes, they keep students on track of the lectures and reading, but the questions are sometimes ambiguous and the whole experience is frustrating. It wouldn’t be so anxiety inducing if they were worth less of the grade, but at 30%, you have to take them seriously and missing a few questions in each one has a huge impact on the overall grade. Oh, and you have to use a Lockdown browser when taking the quizzes, which also is mildly annoying.

    There are two proctored, non-cumulative exams (midterm and final) that are closed notes, closed internet, no scratch paper, no calculator. Just you and the test. The amount of time you have to complete each test is fine, and there isn’t anything inherently difficult about the tests, but the professor expects a fairly deep understanding of the course concepts. This is where I’ll mention the lecture quality. The lectures are not good. Learning from just the lectures I don’t think is enough to get an A. You either need to have some kind of background knowledge, read the course papers, or have a good study group. The exams are worth 50% of the overall grade, so they will make or break your grade. Fortunately, the grading seems fairly generous, and there is a substantial course curve.

    Finally, the projects. There are 4 of them, but the first 3 are each worth 4% of the overall grade and the last one is worth 8%. The last project is the most amount of work, but also the most rewarding. An informal poll of students in the course estimates that 61% of the class spent 25+ hours, but you have almost a month to finish it and the TAs are super involved in answering questions. I really liked the project and put more effort into that than the previous 3 projects combined. Overall, I enjoyed the projects and learned more than I expected.

    I’ve taken GIOS, AOS, and IIS, which helped me prepare. I can’t say that I recommend this course, but I liked it so much more than IIS, which I thought was kind of a waste of time. I expected, maybe hoped, that this class would be as good as AOS and GIOS, but it needs some adjustments to get there. The professor is quite involved in the course. He posts on Piazza and holds weekly OH. Each TA also holds weekly OH. There is some potential here, and maybe it will improve after a few offerings.


    Semester:

    This course has potential, it could be made interesting with some tweaks though. The course grading is as follows: Quizzes: 30% ( weekly, out of 13, lowest score gets dropped) Projects: P1-P3: 4% each, P4 - 8% Exams: Midterm - 25%, Final - 25%

    The quiz had some questions that were tricky - but I understand that this is the first run of the class - probably in the next run of this class, they might get tweaked. It’s a closed book single attempt weekly quiz, that we took using LockDown browser. The professor was quite open to taking inputs about everything. I appreciate that. He makes an effort to understand why some questions were tricky - and in many instances he accepted students’ interpretations - and the answers - if they were convincing enough. Currently the quizzes are worth 30%. If there are changes such that either they are made multiple attempts or if they are worth 10% or 15% of the grades, it would be fair. The professor seems to care about his class and holds OHs every week.

    The projects - especially project 3 and project 4 - helped me learn concepts that I did not completely notice or understand. Project4 needs a lot of time and we got around 4 weeks to work on it. These projects were good. The other projects - project1, project2 were a bit trivial, and were very introductory and basic - if they were a bit tweaked - they could have been interesting. The topics they explored were interesting and hence projects too definitely have potential to turn interesting if tweaked a bit.

    The lectures are longish. The professor tries to talk mostly about abstractions and generalizations. The exams are where we were made to trigger the thinking process about where these abstract concepts are applied. I appreciate the application process, but feel it should have been included in the lectures too, to capture our interest better and make us explore things - like we would want to - but that happens during the exams. The students might have found it better if the professor talked about/ gave pointers/questions - say “how is this applicable and said refer these papers or find out the applications and we could discuss on piazza”. It would have been a superb course in that case.

    The exam by far had fair questions - nothing word to word from the lectures - but the questions here kind of focused on the gist of the learning and on how it could be applied, unlike the trivial specifics that quizzes focus on.

    The quizzes/exams need the weekly readings. (42 papers totally from my count - some weeks had upto 5 papers).

    This is a curved class, the grade distribution that was shared, specified cutoffs as 82, 68 for an A and a B respectively.

    The TAs also hold OHs every week and run the projects well. They were very responsive on piazza too.

    There was no extra credit.


    Semester:

    This is a decent class, and I am taking it on its first offering. The professor seems to actually care about student success, and the TAs are generally helpful. I cannot strongly recommend this class, but it’s not bad either. If you are looking for a class that will give you an overview of security from a very high level, this is a good choice.

    Twelve weeks into the current semester, I find myself with some solid design principles learned, a mindset geared more towards security, and a generally good understanding of security principles from the OS to distributed systems. However, I can’t say that the projects were very instructional (have not done project 4 yet). After so many weeks, I’m not sure I’d say the class is “worth it” – I wanted to like it, and I do, to a degree, but I do not feel I am leaving the class with a lot more than I brought into it, except perhaps a more solid understanding of principles.

    Last note: the quizzes are not hard, and listening to the lectures and understanding the papers alone has given me a score of 8/10 or higher on all but one quiz so far (there are 13 total). Another reviewer complained that the “entire class” is up in arms, and it just isn’t so. Some people just don’t want to earn their grade, like it or not. Grading on the midterm was fair. This is a class where an 80 tends to get you an A. There’s no secret here–do the work and you will likely get at least a B.


    Semester:

    A few things to note:

    1. The other review for this class is for the wrong class. That review looks like it’s for Network Security.
    2. Fall 2019 is the first time the class was offered for Online.
    3. I have not finished the class yet, but I think it’s good to give a mid semester review so people have an idea what this class is like with registration coming up.

    Good points:

    • Professor shows up to OH
    • TAs are responsive and answers questions on piazza quickly.
    • Topics are interesting and lectures are okay.
    • Projects are different than what I’ve seen before.

    Bad points:

    • Quizzes are terrible.
    • Projects are worth very little.
    • Not a fun class.

    First, if you are OCY and Information Security Track, you’re taking this class.

    For everyone else, I’d avoid this class. It’s not a terrible class in terms of topics, lectures, professor, or TAs. But the way everything comes together just feels terrible.

    The grade is broken down to Projects (20%), Quizzes (30%), Midterm (25%), Final (25%). I don’t think there will be extra credit.

    Projects: So far I’ve done 3 of the 4 projects. They range from okay to interesting and offer a tiny bit of coding, and some writing. Again not hard, but the first 3 projects are each only worth 4% of your grade each. The last project, which I haven’t seen is worth 8% for a total project grade of 20%. This is one of the lowest you will see at Tech. So all that effort you put into the projects (whether you feel like it’s a lot or not) is not well rewarded. They’re interesting in that they cover parts of security that you don’t always talk about. Memory protection, Passwords, and Setuid are the first 3. Distributed Systems Security is the 4th one.

    Quizzes: The quizzes are really, really, frustrating. It’s 10 questions T/F or MC with 20 minutes. You get 13 of them with the lowest dropped. They are worth 2.5% each so a total of 30%. The questions make you apply what you have learned, but not at all in a manner that you can confirm. So you’re given material to learn in the form of lectures and reading. The questions are then given in sort of a “using the information you have learned, what about scenario X”. This would be all fine if it was an open response question where you had a chance to defend your answers. But it’s just the wrong format for this. You have to choose the answer you think it is, and hope that’s the answer the professor was feeling when he wrote it. Sometimes you get lucky, other times not so much. And the questions feel like they can have multiple answers, at least according to the student answers breakdown. So if 40% choose A and 40% choose B, then the right answer could be C where only 10% of the students selected it. If you bring this up as a critique of how divisive the answer is, the professor will say “that’s a good point you bring up, but the answer is C”. End of discussion. Wouldn’t be nearly as big an issue if they weren’t worth a whopping 30% of your overall grade.

    It’s gotten to a point where if a quiz didn’t have some wild swings in one of the questions, the class rejoices and decides it was a good week. The students are pretty much just celebrating decently fair questions on quizzes from week to week. Even if you get 9 out of 10, you’ll feel you got robbed on one and have no idea how you guessed the answer to one or two of them. You just feel powerless.

    The exam (midterm anyways) was fair and offered a good opportunity for students to defend their answers. Lots of partial credit was given if you chose the wrong answer but provided a decent reason for it. The midterm and final are worth 25% each, non cumulative. Although he really likes referring to old material to teach the new stuff, so I wouldn’t be surprised if first half concepts make it’s way into the final in a way.

    There will be a curve, and based on the mid way cutoffs released, it will be a big one. So it’s not a hard class to get an A or B in. The class just feels terrible to be in. You go week to week feeling like you really grasped the material before opening up the quiz, and sometimes you get a 10 and sometimes you get a 5. Not because you slacked off the second week but because you failed to follow the thought process of the professor.

    Edit: Reviewer claiming “Some people just don’t want to earn their grade, like it or not.” That’s pretty condescending of you to assume that other reviewers only dislike the class because they won’t get an A. Pretty sure both negative reviewers (including myself) will end up with an A. You thinking that other reviewers must be doing poorly to dislike a class is more revealing about you than anything else.


    Semester:

    The class is heavily weighted toward projects.

    Since quizzes are open everything and worth very little of the overall grade I found it more efficient to not do any of the lectures and instead just open all the lecture slides and readings and just search for the answers as I’m doing the quiz for the week. If you try to complete all the lectures you’ll find it difficult to keep up and you won’t be any better off for the quizzes.

    Lectures and quizzes are mostly useless for the projects.

    2 of the 5 projects are unnecessarily difficult due to very poor instruction. The project write-ups are often just so bad that you spend the majority of your time just trying to figure out what you’re supposed to do rather than taking the time to code to do it.

    I HIGHLY recommend starting all projects on day 1.

    If you are unfamiliar with javascript, HTML, DOM, then get yourself familiar because one of the projects leans on it heavily.

    I liked the ideas of the projects but hated their instructions.