University of Minnesota
Security and Privacy in Computing
index.php

Reading Assignments

In preparation for each class (after the first), you should read the paper linked to from the schedule, and then write up a question and answer about it. The purpose of these assignments is to make sure that you're already thinking in depth about the paper, which will allow you and everyone else to get more out of the discussion we have. A short slogan to remember what you have to do is "answer one, ask one".

In addition to the main reading for each day, there will also often be extra papers listed as "background" and/or "optional". A background paper is one that is logically (and usually chronologically) prior to the main paper, for instance introducing a concept that the main paper extends. If you're already familiar with the background paper or the concept, you don't need to read the background paper; but if the topic area is new to you, at least skimming the background paper would probably be a good idea. Other papers listed as optional may give other perspectives or different extensions in the same topic area: you may want to check them out if you want a broader view or you find a topic area particularly interesting. But the focus of our discussion will be on the main paper, and so you reading assignment should primarily concern the main paper.

For the first "answer one" part, you should answer one of the following general questions (your choice) as it applies to the main paper:

  • Summarize one interesting new thing you learned from reading the paper. Be sure to explain why you think it is interesting, don't just repeat what the paper says about it.
  • Describe a research question which is implicitly raised by the paper, but not answered in it.
  • Does the paper contains a claim that you are skeptical of or disagree with? Explain in your own words what you interpret the paper as claiming, and then by contrast what you think is true.
  • Is there an important detail that the paper leaves out or is ambiguous? Describe what the unanswered question is, and then give your best guess as to the answer.
  • Given the benefit of hindsight, if you were doing the same research project as the paper over again from scratch, how would you have done it differently?

Usually a good answer should be a modest-length paragraph which summarizes the gist of your answer with a topic sentence, and then backs it up with additional sentences giving supporting details. It should usually be sufficient for your answer to be in plain text: most questions should not require figures, complex formulas, or bibliographic citations to answer. If you want to typeset your answer, please submit a version in PDF format, not a word-processor file format. Please make clear which question you're answering: if it might not be obvious otherwise, you can do this pasting a copy of the question you're answering before your answer.

For the second "answer one" part, you should ask a question of your own that pertains to the paper that might be suitable for in-class discussion. This second question is also supposed to be a catalyst for thinking about the research, but it gives you a different perspective than when you're answering a question.

Then, you should also the one or more additional questions that appear on the readings page. So for instance if there are two papers to read and one additional question, that would be three answers in total you should give. Please make clear which answer is which, such as by pasting a copy of the question you're answering before the answer.

Each student should submit their answers using the appropriate assignment on the course Moodle. You should prepare your answers no later than the day before the relevant paper is discussed in class, though if needed the late night of the day before can bleed into early the following morning: the Moodle is set for a deadline of 6am on the day of the class. Submissions that are late but still before class are worth 50% credit, while submissions after class (to be precise, after 2:30pm) get no credit.

Two common pitfalls you should be careful to avoid:

  • Just summarizing a paper. Understanding the paper is intended to be a prerequisite to answering the questions, but they all ask you to do some thinking beyond that. So be sure to answer the question that's actually asked. It may be appropriate to summarize part of the paper in supporting your answer, but don't let a summary be your entire answer. In particular for the "summarize one interesting thing" question, your summary should only cover one aspect of the paper, and you also need to describe why that particular thing is interesting to you (even if it might not be interesting to someone else).
  • Discussing only at a very high level. Sometimes for a security paper, just the basic idea of what a paper is doing is interesting in its own right. But it's also important to look at how a paper demonstrates and supports it basic idea with technical approaches, experimental or theoretical evaluation, and comparison with related work. Since the whole paper is important in this way, you should make sure that you are reading the whole paper carefully, and your answers should reflect that by drawing on details from the whole paper. After you've written a first draft of your answer, read back over it and ask yourself whether it sounds like an answer that someone could have written having only read the introduction of the paper. If so, it is probably at too high a level. Try to support your answer with more specific details.

In-class Presentation Assignment

Each student in the class will give an in-class presentation of one paper (or maybe two, depending on enrollment) of their choice, in place of a presentation led by the instructor. This is your chance to study a paper in even more detail than for the normal readings, and to practice presenting the key ideas of a paper in a clear way. Your presentation should almost certainly use some slides, but you should also consider using the whiteboard if there are parts of the discussion it's suitable for: drawing a diagram or working through a formula on the whiteboard can be a good way to pace your presentation so that it matches other students' note taking and asking questions. You should prepare enough slides and other material that even if the audience were completely silent, your presentation would take about 25 minutes. (For instance, depending on the density of your slides and the rate you go through them, you might aim for around 25 slides.) We'll devote about half the class period to your presentation, so with questions it may take more like 30-40 minutes. Of course I don't actually expect the audience to be silent: you'll need to answer any questions they raise. (The instructor will try to refrain from asking too many questions himself, but you may get a few.) If there are questions that would take too long to answer, you can defer them to after the main part of your presentation. The instructor will also try to help out with time management.

You'll also send a version of your slides to the instructor. Your grade will be based on both the quality of the prepared slides and the way you present them and handle questions. You are encouraged but not required to send a copy of the slides to the instructor in advance for feedback; this is for your benefit in the sense that you grade will be based only on the final version. If you send a copy by 48 hours in advance, you can expect feedback by 24 hours in advance.

For the presentation, you can choose any of the papers that I had selected for our main readings. Or, if you are interested in presenting another paper in one of the topic areas (either an optional paper or any other suitable one), that paper will be "promoted" to be one of the main readings and one of the existing ones will be "demoted". You can volunteer to present a paper as soon as the topic for a day's discussion is listed on the class schedule, and it will be first-come first served; if needed we'll do a more explicit selection process a bit later. The instructor does reserve the right to balance the schedule a bit so that there aren't too many presentations close together.

The slides need to be your own work. Sometimes the original authors of a paper post a set of presentation slides online, but you can't just use those, since that would defeat the purpose of your understanding and thinking about how to present the material. Even if you're aware of a pre-existing presentation from the authors or another source, it would be best to not even look carefully at that version until after you've finished a first draft of your own. You also shouldn't take material like tables of results directly from the paper; another reason for this is that a table needs to be formatted differently to be easy to read on a slide. If there's an important table of results in the paper, you should usually select just a subset of the table to put in your slides. A similar comment applies to content like architecture diagrams. The one exception to this principle would be something like a scatter plot that contains a lot of experimental data that isn't otherwise available for you to re-plot.

You can use your choice of software to make the slides; common choices would include PowerPoint or OpenOffice. The instructor likes to make slides using a LaTeX package called Beamer, which is nice if you prefer a markup language to a GUI, and if you want to take material from a paper you've also written in LaTeX. But it does have a bit more of a learning curve.

You're responsible for being technologically prepared to give the presentation. I would guess that most students have a suitable laptop computer; if not you can make arrangements in advance (not on the day of the presentation) to use one from a classmate or the instructor. The laptop should either have a VGA output connector (15 pins in three rows), or you should be sure to bring an appropriate adapter dongle. If you haven't used your laptop to give a presentation before, it would be a good idea to test it in advance with the classroom projector, for instance before or after class on at a previous meeting. The instructor can provide a laser pointer.

You have the option of making your slides available to anyone who views the class website (as the instructor does), just to registered students (via the Moodle page), or not at all. Tell the instructor your choice when you send your final slides.

Hands-on Demo Assignment

While a lot of this course takes place at the "abstraction level" of reading papers about research, working hands-on with research tools is an important skill as well. In addition to the experience with that you'll get as part of the final project, we also have a separate assignment to give you a chance to have a briefer experience with some other research tool.

The demo assignment will be done separately by each student. Each student will choose a pre-existing tool with some application in computer security and privacy research. The tool could be something mentioned in one of the papers we've read, but it doesn't have to be. The tool should be something whose primary purpose is research; something that is packaged for wide use by regular users is probably a bit too easy. So for instance Tor itself is probably too mainstream, but you might find research tools that are experimental add-ons to Tor, implementations of attacks against Tor, simulators for running experiments related to Tor, etc. The tool can be related to your other research interests (in the final project, outside of class, etc.), but it should be something you yourself have never worked with before. And everyone in the class should choose a distinct tool, though it would be fine for different people to do tools that are related. Email the instructor to confirm your tool choice and schedule the class day for your demo.

Once you've chosen your tool, your goal is to learn enough about how it works that you can explain to the rest of the class how to use it. Then to show off this knowledge, you'll give a brief demonstration of the tool in action during a class period. In most cases you will probably want to do this demonstration with a laptop of your own connected to the projector, but you shouldn't plan on creating a presentation in the PowerPoint sense: instead you should use the laptop to show the tool in action. Usually a good strategy is to alternate between describing things and running commands. You might use a tool that's running on another machine (over SSH, VNC, etc.) or exists as a web service, though in that case you are responsible for testing that the network access works correctly. You should plan for a demo that lasts 5-10 minutes, and be prepared for discussion. We'll usually have the demos in the middle of a class period after the administrative break. Since the demos are fairly short, they don't have to all be on separate days, but not everyone can put them off until the very last minute.