Franklyn Turbak (call me "Lyn")
Office: SCI E126 (x3049)
Email: fturbak asperand hillary-clinton-alma-mater dot edu
Office Hours:
  • Mon 2:45–5pm (in SCI 257)
  • Tue 12:30–2pm (in SCI E126)
  • Wed 3:30–5pm (in SCI 160A)
(Note: I will sometimes need to reschedule office hours to attend talks/meetings.) Appointments can be made for other times.

Lectures: Mon/Thu 9:50--11:00am in SCI 392. Please bring a laptop to lecture if you have one, since we will often do hands-on exercises in class.

Labs: You need to attend one of the following three weekly labs (all held in SCI 160A): Prereqs: CS230 & CS240 (if you haven't taken CS240, talk to me). CS242 is a plus, but not essential. You also need: Course Syllabus and Schedule: This home page of the CS342 course website and the associated CS342 course schedule page serve as the syllabus and schedule for the course. All details about assignments, readings, expectations for work, etc. are spelled out on these web pages. If you think something is unclear or missing, please email me!

Course Website: All handouts, slides, readings, etc. are posted on the course website at

Course Google Group: All announcements, discussions, Q&A, etc. will take place on the CS342 Google group at It is expected you will consult this group on a daily basis. To help with this, your default settings are to receive all posts to this group in your personal email. You can also post to the group by sending email to . It is also expected that when you encounter interesting security-related news items, blog posts, articles, etc., that you will post these to the course Google group to start a discussion thread.

Jon Erickson
Hacking: The Art of Exploitation (HAE)
(2nd edition, 2008)

There are four copies of HAE on the security bookshelves in SCI 160A. You can also read an online copy available from the Wellesley College library.
Sean Smith and Jon Marchesini
The Craft of System Security (S&M)
Ross Anderson
Security Engineering (SE)
(2nd edition, 2008)

The complete book is available online

There are many other helpful books. papers, and online resources that you should consult. See the schedule and resources pages.

Assignments: Most of the work you do in this course will be in the context of problem sets, which will typically be given out every week or two. The assignments are typically long and challenging, so you should start early and allocated sufficient time to finish them.

EDURange Activities: This semester, our class will be experimenting with numerous activities developed by EDURange, an NSF-funded project for creating cloud-based, interactive security exercises inspired by the Hacker Curriculum. Some of these activities will be the basis of hands-on exercises in lab or lecture; other activities will be part of assignments.

Course Porfolio: You must create a CS342 Portfolio --- a Google Doc shared with me --- for submitting work electronically in the course. The Course Blog (see below) and individual assignments will be submitted as separate Google Docs shared from the Portfolio doc. See Problem 1 of Problem Set 1 for details on creating your Portfolio.

Course Blog: You must create and maintain a CS342 Blog in which you record your journey through the course and reflect on that journey. This is a Google Doc that you should share with me and linked from your Portfolio. Every day you work on the course, you should add a dated entry to the top of this page summarizing your work for the day, emphasizing insights you gained, difficulties you encountered, resources you discovered, and security-related news/articles you read. It is especially important to reflect on problems from your assignments and activities that we do in class. If you think that a problem/activity was clear, confusing, too easy, too hard, valuable, a waste of time, etc., you should say this in your blog entries. Put all your entries in a single document in reverse chronological order. See Problem 1 of Problem Set 1 for details on creating your Blog.

Exams: There are no exams in this course. All work is hands-on work done in class or on assignments.

Projects: There will be no final project in this course. In past semesters, students have done an individual or team final project in this course. Students who wish to undertake a security-related project are encouraged to talk to me.

Grading: Your course grade will be determined based on the following:

Collaboration Policy: The basic rule of collaboration in this class is that you can talk with anyone about how to solve any problem but you can’t take away anything (notes, programs, etc.) from such a discussion and must write up all programs and solutions completely on your own. This is essentially Yoshi Kohno’s Gilligan’s Island Rule, whose purpose is to ensure that you truly understand everything you write up. You must also explicitly list your collaborators on every problem, and give explicit credit to individuals that had key insights into the solution of a problem (Kohno’s Freedom of Information Rule).

Finding Help: If you have any questions at all about the class (whether big or small, whether on problem sets lectures, reading, or whatever) please contact me. That’s what I'm here for! The best time to see me s during my scheduled office hours (listed at the top of this web page). If these times are not convenient, we can set up an appointment at some other time. If I can't meet in person, I may be able to have a virtual meeting with you via Google Hangout or Skype.

Also, because of course policy encouraging collaboration (see above), you should also look to your fellow students for help. Your classmates are a valuable resource; make good use of them!

Students With Special Needs: If you have any disabillities (including “hidden” ones, like learning disabilities), you are encouraged to meet with me to discuss accomodations that may be helpful to you.