Detailed Course Description

Course Information

ECS 289M, Introduction to Research in Computer and Information Security

This course engages students in national cybersecurity and information systems security problems. Students will learn how to apply research techniques, think clearly about these issues, formulate and analyze potential solutions, and communicate their results. Working in small groups under the mentorship of technical clients from government and industry, each student will formulate, carry out, and present original research on current cybersecurity and information assurance problems of interest to the nation. This course will be run in a synchronized distance fashion, coordinating some activities with our partner schools and our technical clients.

Prerequisites

Each student must have the ability, background, and motivation to carry out original research in cybersecurity and information assurance. Students may come from computer science, computer engineering, or any related technical field (e.g., electrical engineering, information systems, math). Students are expected to have a good background in computer science and some knowledge of computer security. Each student is expected to bring significant expertise, interest, and experience in at least one relevant technical area.

Course Work

Working in teams, each student must complete a research project on a focused topic in cybersecurity. The project must aim to accomplish new, significant results (survey papers are not acceptable). Each student must communicate his or her findings in an oral presentation to the class and in a written report in the format of a computer science technical report (about 10–20 pages). Every aspect of the project (including proposals, reviews, reports, and presentations) is intended to match the process that professional computer science researchers follow in carrying out original research.

Project topics may come from lists of problems supplied by government or industrial partners. I must approve all proposals.

The main deliverables are a written technical report and an oral presentation describing the team’s new and significant findings (similar in form and length to those from technical research conferences such as USENIX Security). The teams and technical mentors may agree on other deliverables as well. Each student is expected to participate actively in class.

Group Work

Students are allowed and encouraged (but not required) to work in groups (of up to at most five members). Typically, everyone in a group will receive the same grade.

Expected Outcomes

By the end of the course, students will be expected to:

1. Be familiar with important current cybersecurity challenges;
2. Think clearly about cybersecurity issues;
3. Formulate and analyze potential solutions;
4. Work cooperatively in groups; and
5. Communicate results effectively in a technical report and oral presentation.

Principles

This course rests in part on the following principles.

1. Collaboration — among industry, government, and different universities — can facilitate learning and the advancement of science and technology.
2. All course activities and deliverables model those of professional cybersecurity researchers.
3. Excellent research bridges both theory and practice.
4. All participants in the course are expected to conduct themselves in their speech, behaviors, and computer interactions with integrity and with respect for others.
5. A connected research network enables researchers of all experience and expertise levels to find solutions to real-world classified and unclassified cybersecurity problems.

Repository

In addition to Canvas, we will be using the INSuREHub Confluence (INSuREHub) to make our work available to other groups, both this year and for future years. This also has other information such as the problem sets. So, when you are to submit work to INSuREHub, please prepare it as though you were going to publish it.

The INSuREHub is not yet set up, for reasons explained in class. Once it is set up, we expect the home page for INSuRE Winter 2022 to be https://app.insurehub.org/display/IW2022H/INSuRE+Winter+2022+Home. We will announce the location in the announcements.

You will need an account on INSuREHubH to access the material. Please send the instructor your name and email so the co-ordinators can provide you with one.

Assignments

There are both written assignments and presentations. These, and when they are due, are given in the syllabus, and we will discuss them in class. All of them must be uploaded to Canvas (https://canvas.ucdavis.edu).

In addition, the four main deliverables are to be uploaded to both INSuREHub and Canvas). They are:

1. Bid (background and interests disclosure)
2. Proposal
3. Progress report, presentation slides and presentation
4. Final report, presentation slides, presentation, and poster

All are listed in the Syllabus, as are where they are to be uploaded.

Grading

Along with each assignment, I will make the rubric used to grade that assignment available. Typically, it will be on the assignment itself.

The assignments are tentatively weighted as follows:

The project will be evaluated on the basis of scientific merit, effective presentation, and appropriateness to the assignment:

• Appropriateness for the assignment (have you satisfied the specifications?);
• Scientific merit (correctness, significance, novelty, non-triviality, scientific completeness); and
• Effective presentation (clarity, organization, English usage, appropriate style).

Please submit all your work to Canvas and, where indicated, to INSuREHub. I will grade it and return the grades, with my comments, on Canvas.

Deadlines and Penalties for Late Work

Late work affects others. Peer review is an important aspect of the course, and peer review requires coordinating schedules, including among different universities. Some projects may depend on other projects. To complete the project by the end of the term, it is important to complete each milestone on time. Professional researchers often have deadlines to meet.

If you are one day late, there will be no penalty other than the opprobrium of your fellow students and me, the instructor. If you are more than one day late, we reserve the right to deduct points — the exact penalty has not yet been determined, but will probably be something like 20% from the full score per day late.

Should you encounter an unanticipated or uncontrollable event that may prevent you from meeting a deadline, please let me know immediately, and request an extension.

Expectations for All Work

One of the course outcomes is to communicate effectively with professional audiences of various types. This requires that one take personal pride in their work, and be held accountable for professional quality work. To this end, I expect your submitted work to meet the following requirements.

• Unless otherwise specified, format all your work as if it were being presented to non-technical business managers. Organization, conciseness, formatting, and style count — make an impression!
• Unless otherwise specified, format your papers with one-inch margins and text in at least 10 point font. You are welcome to use an ACM, IEEE, or USENIX format, or any other format that results in output that is easy to read.
• Organization, presentation style, grammar, and spelling will affect your score on the homework. I will deduct points for poorly organized or unprofessional work. This includes spelling and grammar errors, poor word choice, and poor sentence structure.
• If you have writing difficulties or deficiencies, or English is a foreign language for you, please use the services provided for free through the Student Academic Success Center and Graduate Studies:
  • https://gradstudies.ucdavis.edu/professional-development/gradpathways/writing-and-publishing for GradPathways
  • http://writing.ucdavis.edu/programs-services for Writing Across the Curriculum

Matt Bishop Office: 2209 Watershed Sciences Phone: +1 (530) 752-8060 Email: mabishop@ucdavis.edu

ECS 289M, Introduction to Research in Computer and Information Security Version of March 14, 2022 at 5:59PM

You can also obtain a PDF version of this.