Assessment Plan for CIS 4615
This page provides an assessment plan for CIS 4615 at the University of Central Florida as taught by Gary T. Leavens. The plan maps the course's essentail learning outcomes to general types of questions and problems for quizzes, homeworks, and exams. Since all units of the course have roughly the same impact on the course's learning outcomes, this represents planning for how to achieve the learning outcomes in general. That is, this document is something of an abstraction from the individual quizzes, homeworks, and exams.
New ideas for assessment of any objectives are very welcome!
The normal assessment threshold (for me to consider that students have adequately learned the material) is 75%.
Per Outcome Plans
Outcome [SecurelyConstruct]
Summative (Exams)
Decide how to implement a specified programming task in a way that is secure.
Given several potential implementations for a specified task, pick the ones that are most (or least) secure and explain what problems they prevent (or may cause) for security.
Compare and contrast different implementations of a specified task from a security viewpoint.
Use of concept X in the description of a problem, noting that ``you are supposed to understand concept X.''
Explain the important security problem (or preventative technique) demonstrated by some code.
Explain what coding techniques may have caused a certain observed security problem.
Explain what program architectural or design decisions may have caused a certain observed security problem.
Explain the risks inherent in a given program architecture or design.
Formative (In-Class Quizzes, Homeworks)
All of the above, and the following.
Write a small amount of code to implement some specified task in C, C++, Java, or JavaScript.
Perform a security review of some existing code for some specified task.
Analyze a design using UMLSec, and report on the security issues and problems in the design.
Look for what may have caused observed security problems in some existing architecture, design, or code.
Outcome [Validate]
Summative (Exams)
Explain what tools can be used to find certain security vulnerabilities.
Explain what kinds of vulnerabilities a given tool might miss.
Using the output of a tool (i.e., given that output), describe how to fix a given design or piece of code to eliminate its security problems, if any.
Formative (In-Class Quizzes, Homeworks)
All of the above, and the following.
Implement a tool to do some static analysis or to aid in dynamic analysis.
Explain how a given tool works for a particular example.
Use a set of tools to ensure that some code you write is free of various vulnerabilities.
Use a set of tools to find some vulnerabilities in a given program. Distinguish true positives from false positives.
Outcome [Reversing]
Summative (Exams)
Explain how to safely reverse engineer possible malware samples.
Given an assembly listing for some unknown code, decide if it represents malware, and if so describe its effects.
Given a trace of the behavior of some unknown code, decide if it represents malware, and if so describe its effects.
Formative (In-Class Quizzes, Homeworks)
All of the above and the following.
Given a program in binary form, write a report clearly describing: whether it is malware, what its effects are, how to test for its presence, and how to undo its effects.
Given a system image, find and describe any malware present in it.
Last modified Thursday, October 1, 2015.
This web page is for CIS 4615 at the University of Central Florida. The details of this course are subject to change as experience dictates. You will be informed of any changes. Please direct any comments or questions to Gary T. Leavens at leavens@eecs.ucf.edu. Some of the policies and web pages for this course are quoted or adapted from other courses I have taught, in particular, Com S 342 and COP4020.