University of Minnesota
Program Analysis for Security

Reading Assignments

In preparation for each class (after the first), you should read the papers linked to from the schedule, and then answer some questions about them. For each paper, you should answer one of the following general questions (your choice):

  • Summarize one interesting new thing you learned from reading the paper. Be sure to explain why you think it is interesting.
  • Describe a research question which is implicitly raised by the paper, but not answered in it.
  • Does the paper contains a claim that you are skeptical of or disagree with? Explain in your own words what you interpret the paper as claiming, and then by contrast what you think is true.
  • Is there an important detail that the paper leaves out or is ambiguous? Describe what the unanswered question is, and then give your best guess as to the answer.
  • Given the benefit of hindsight, if you were doing the same research project as the paper over again from scratch, how would you have done it differently?

Then, you should also the one or more additional questions that appear on the readings page. So for instance if there are two papers to read and one additional question, that would be three answers in total you should give. Please make clear which answer is which, such as by pasting a copy of the question you're answering before the answer.

Usually a good answer should be a modest-length paragraph which summarizes the gist of your answer with a topic sentence, and then backs it up with additional sentences giving supporting details. It should usually be sufficient for your answer to be in plain text: most questions should not require figures, complex formulas, or bibliographic citations to answer. If you want to typeset your answer, please submit a version in PDF format, not a word-processor file format.

Send your answers to the instructor, using the address, before midnight of the night before the class. For instance, for a class on Monday, the deadline is 11:59:59pm Sunday night, and for a class on Wednesday, the deadline is 11:59:59pm Tuesday night. If you are attaching an answer in PDF format, please give the attachment a file name that includes a unique version of your name (such as your last name or user name) and the date of the class it corresponds to. This will help me in keeping track of them. After the first assignment, you should not expect a confirmation reply to each submission, but I'll let you know if I receive an assignment in late or not at all.

Two common pitfalls you should be careful to avoid:

  • Just summarizing a paper. Understanding the paper is intended to be a prerequisite to answering the questions, but they all ask you to do some thinking beyond that. So be sure to answer the question that's actually asked. It may be appropriate to summarize part of the paper in supporting your answer, but don't let a summary be your entire answer. In particular for the "summarize one interesting thing" question, your summary should only cover one aspect of the paper, and you also need to describe why that particular thing is interesting to you (even if it might not be interesting to someone else).
  • Discussing only at a very high level. Sometimes for a security paper, just the basic idea of what a paper is doing is interesting in its own right. But it's also important to look at how a paper demonstrates and supports it basic idea with technical approaches, experimental or theoretical evaluation, and comparison with related work. Since the whole paper is important in this way, you should make sure that you are reading the whole paper carefully, and your answers should reflect that by drawing on details from the whole paper. After you've written a first draft of your answer, read back over it and ask yourself whether it sounds like an answer that someone could have written having only read the introduction of the paper. If so, it is probably at too high a level. Try to support your answer with more specific details.

Hands-on Assignments

There will be three two hands-on assignments over the course of the semester. The first hands-on assignment will cover symbolic execution, and will be due on Friday February 22nd Monday February 25th. The second hands-on assignment will cover binary rewriting, and will be due on Friday March 29th Monday April 8th and Monday April 15th. A planned third and final hands-on assignment covering decision procedures and binary-level symbolic execution will not be part of the class. (These dates are also on the main schedule.)

The assignments will involve using existing program analysis tools or writing small new tools yourself, and writing up the results. You should be able to do the hands-on work using either the CS&E's department computers (e.g., in the grad lab or remotely), or a personal Linux machine.

The first hands-on assignment is here, and the corresponding solutions are here.

The second hands-on assignment is here, and the corresponding solutions are here.

Late assignments will lose 25% for each day or fraction thereof they are late. For instance if the assignment is due Monday night at 11:59:59pm, an assignment turned in any time on Tuesday can get at most 75% credit, an assignment turned in any time on Wednesday can get at most 50% credit, an assignment turned in any time on Thursday can get at most 25% credit, and you will receive no credit for an assignment turned in on Friday or later.

In-class Presentation Assignment

Each student in the class will give an in-class presentation of one paper of their choice, in place of some of our usual less-structured discussion. This is your chance to study a paper in even more detail than for the normal readings, and to practice presenting the key ideas of a paper in a clear way. You should prepare enough slides that even if the audience were completely silent, your presentation would take about 25 minutes. (For instance, depending on the density of your slides and the rate you go through them, you might aim for around 25 slides.) We'll devote about half the class period to your presentation, so with questions it may take more like 30-40 minutes. Of course I don't actually expect the audience to be silent: you'll need to answer any questions they raise. (The instructor will try to refrain from asking too many questions himself, but you may get a few.) If there are questions that would take too long to answer, you can defer them to after the main part of your presentation. The instructor will also try to help out with time management.

You'll also send a version of your slides to the instructor. Your grade will be based on both the quality of the prepared slides and the way you present them and handle questions. You are encouraged but not required to send a copy of the slides to the instructor in advance for feedback; this is for your benefit in the sense that you grade will be based only on the final version. If you send a copy by 48 hours in advance, you can expect feed back by 24 hours in advance.

For the presentation, you can choose any of the papers that I had selected for our main readings. Or, if you are interested in presenting another paper in one of the topic areas (either an optional paper or any other suitable one), that paper will be promoted to be one of the main readings and one of the existing ones will be demoted. You can volunteer to present a paper as soon as the topic for a day's discussion is listed on the class schedule, and it will be first-come first served; if needed we'll do a more explicit selection process a bit later. The instructor does reserve the right to balance the schedule a bit so that there aren't too many presentations close together.

The slides need to be your own work. Sometimes the original authors of a paper post a set of presentation slides online, but you can't just use those, since that would defeat the purpose of your understanding and thinking about how to present the material. Even if you're aware of a pre-existing presentation from the authors or another source, it would be best to not even look carefully at that version until after you've finished a first draft of your own. You also shouldn't take material like tables of results directly from the paper; another reason for this is that a table needs to be formatted differently to be easy to read on a slide. If there's an important table of results in the paper, you should usually select just a subset of the table to put in your slides. A similar comment applies to content like architecture diagrams. The one exception to this principle would be something like a scatter plot that contains a lot of experimental data that isn't otherwise available for you to re-plot.

You can use your choice of software to make the slides; common choices would include PowerPoint or OpenOffice. The instructor likes to make slides using a LaTeX package called Beamer, which is nice if you prefer a markup language to a GUI, and if you want to take material from a paper you've also written in LaTeX. But it does have a bit more of a learning curve.

You're responsible for being technologically prepared to give the presentation. I would guess that most students have a suitable laptop computer; if not you can make arrangements in advance (not on the day of the presentation) to use one from a classmate or the instructor. The laptop should either have a VGA output connector (15 pins in three rows), or you should be sure to bring an appropriate adapter dongle. If you haven't used your laptop to give a presentation before, it would be a good idea to test it in advance with the classroom projector, for instance before or after class on at a previous meeting. The instructor can provide a laser pointer.

You have the option of making your slides available to anyone who views the class website (as the instructor does), just to registered students (via the planned Moodle page), or not at all. Tell the instructor your choice when you send your final slides. Presenting a paper also gives you the option of suggesting an additional reading question pertaining to your paper, if you would like to.