I just wanted to write down the review of all the courses I took in first semester of my masters.

The courses I ended up taking were:

CS5219 - Automated Software Validation

  • My Final Grade: B-

  • Professor - Prof. Abhik Roychoudhury

  • Weekly Classes - 1 x 2hr non-recorded lectures

  • Assessment Rubric

    • Quiz - 15% (just 1 quiz around break week)
    • Assignment 1 - 15%
    • Assignment 2 - 25%
    • Final exam - 45% (open book)

  • Topics

    • Temporal Logic
    • Model Checking
    • Symbolic Execution
    • Fuzzing
    • Hoare Logic

I took this module just because of Fuzzing and symbolic execution. And I am really happy I took this module even though I won’t be scoring “good” marks in it. I bombed both the quiz and the final exam. The reason for bombing the quiz was that I wasn’t spending much time going through what was being taught and the final exam wasn’t “easy”.

Irrespective of what my final grade might be, I enjoyed Prof. Abhik’s classes. He teaches very well, explains every topic patiently, and makes sure everyone in the class is comfortable with the topic at hand before moving to a new topic. In class, he’ll stop several times and ask “Does anyone have any doubts or questions?” just to make sure everyone understood it.

There aren’t many prerequisites for this course but I feel like you’d have to decide why you are taking the course. If you just want a filler course for the semester then this might not be the course for you. If you are actually interested in automated testing or even just the fuzzing part, this will be a really fun course.

I think assignments in this course are a big life saver, if you can score pretty good(above 13 in 1st and above 20 in 2nd) they might save your grade. The assignments don’t require any special understanding(if they do, you’ll learn them in class) it just you need to have a good understanding of writing code. I say “code” and not programming because languages may vary from semester to semester(not sure about this) but the basic idea of questions might be similar. So if you are comfortable in any programming language and know how to whip up code you’d be okay.

TL;DR - Prof for this course is amazing, the TA’s are brilliant, and the assignment part is very entertaining(if you are interested in automated testing) but this course as a whole isn’t a “filler” type course. If you want to score well, you’ll have to spend quite a good amount of time studying it and even then you might mess up the final.

CS5231 - Systems Security

  • My Final Grade: A-

  • Professor - Prof. Liang Zhenkai

  • Weekly Classes - 1 x 2hr recorded lectures

  • Assessment Rubric

    • Assignments (3) - 45%
    • Midterm - 30%
    • Group Project - 25%
    • No Final exam

  • Topics

    • Memory error, their exploitation, and defense
    • Application and system-level defenses
    • Kernel and Auditing
    • Rootkit

  • Pre-requisites

    • Understanding of C/C++ - At least basic level
    • Being comfortable with the Linux environment
    • Having a bit of knowledge about memory exploitation would help, even though it’s not a requirement.

This is quite an entertaining course, even though the material taught wasn’t new for me but I thoroughly enjoyed the assignments. The whole course is very hands-on and practical so even if you already know the theoretical part, you’ll enjoy doing the assignments. The prof. is also amazing, for every small thing they preferred showing things in a practical manner with class demos rather than just walking through the slides or pre-recorded videos. But this is not a filler course and that is mostly because of the assignments. As I said things are pretty hands-on so you’ll be spending quite a good amount of time doing them.

The midterm assessment isn’t very difficult but grading might be a bit strict, I am not sure about this but I felt that way, could be that I messed it up :)

The final project is very broad-ended, you have to just do “something”, now that can be taken as a good thing or a bad thing. It’s good because you don’t necessarily need to do something super hard or new but not having strict expectations or outcomes, it would be difficult to decide for yourself what you did was good enough or not. This is also something in which the communication was a bit lackluster. The TAs weren’t sure what the professor was expecting for this and reaching prof via email/teams wasn’t very helpful. But in the end, I think everything will just work out for itself if you invest a good few hours for a week or two.

TL;DR - Take this course only if are willing to spend quite a good amount of time on assignments and also if you want to explore the memory exploitation part. The professor keeps everything pretty hands on, TA’s are pretty good for communication except for the project. Midterm shouldn’t be an issue, especially if you do the assignments.

CS5439 - Software Security

  • My Final Grade: B+

  • Professor - Prof. Roland Yap

  • Weekly Classes - 1 x 3hr recorded but uploaded with delay

  • Assessment Rubric

    • Quizzes
    • Assignments/Labs (8)
    • Final Group Project
    • Final exam - Closes book only 1 A4 size cheatsheet allowed
    • Not sure how well the grading be distributed :)

  • Topics

    • Vast variety software related topics
    • Memory error/exploitations/defenses
    • Fuzzing
    • OS bugs/exploitations

  • Pre-requisites

    • Understanding of C/C++

If you are looking for a filler course, this can be one of those. The course as a whole wasn’t very interesting to me nor were the assignments or quizzes except a few of them. Out of 8 labs/assignments I only enjoyed maybe 1/2 of those. All the others felt something that was just a “had to be done” sort of thing. The classes for this course were pretty boring and non-interactive. The professor just comes to the class and reads from the PPT for 3 hours. I don’t wanna say the professor is bad because outside the class I’ve had a pretty good experience with Prof. Roland. He’s very quick to clear doubts or questions asked either on Canvas discussion or via email. But classes were pretty dead and I think even if you choose to skip those it wouldn’t be a big deal.

The midterm exam isn’t that bad, if you spend a good day or two on the material you can score quite a good in it. After coming out of the exam room I didn’t feel the exam was difficult or something out of the syllabus was asked but it was just too long. Every question asks you to “explain in detail” but if you do it in detail, then I feel like 2 hours won’t be enough to answer all of them in detail.

For the final project, you’ll have to form a group of 2/4 people and work on a CVE(from a given list of CVE’s). When I say work on it, I mean you’ll have to dive deep into the bug, the cause of it, the source code, its exploitation, and its patch. In/around week 13, you’ll have to present the whole thing and there will be a small Q&A related to it.

TL;DR - Prof makes the classes/lectures quite boring but is very interactive outside of it, assignments are easily doable, final exam is decently scorable even with 1/2 day of prep. This course is something you can just take for the sake of just getting 4 more units. I wouldn’t recommend having much expectation from the material.

IS4302 - Blockchain

  • My Final Grade: A-

  • Professor - Prof. Nicholas Mac Gregor

  • Weekly Classes - 1 x 2hr recorded

  • Assessment Rubric

    • Midterm - 30%
    • Assignments - 30%
    • Class participation - 5%
    • Group Project - 35%

  • Topics

    • Blockchain Basics
    • Solidity lang basics
    • Smart Contracts, Web3, ERC stuff

This course for me was quite boring but that’s my fault. This course can be renamed to “Introduction to Blockchain Technologies” because that is what this is. If you have previously studied anything related to blockchain, then I don’t think you’ll enjoy this course. I wanna be clear, the professor, the material taught, and the assignments all are pretty good it is just they are focused/oriented toward the people who have never studied blockchain before or haven’t worked with smart contracts.

Everything you read past this line, please keep in mind that I had studied blockchain before, written a good amount of smart contracts and their exploitation code(not in the scope of this course) so I might say it’s simple but that might not be the case if you have never studied blockchain.

Going into specifics, assignments are just simple and shouldn’t take much time. The midterm was a bit confusing not because of the questions asked but because of some administrative issues, the questions were pretty similar to what had been taught already. Class participation is quite a good way of making things interactive in class, the professor basically throws the question out in public related to whatever is being taught and you can just raise your hand, answer it, or even just comment on it and he’ll note down your name. Also at the end of the class, he asks everyone to fill out a “post-class memo” asking general stuff like What you learned today, feedback, etc. And all of that also counts towards class participation. A pro tip for post-class memos is, to write a detailed paragraph for questions like what you learned, what was taught, etc. A lot of time I just wrote a very summarised version of it and in those, I got fewer marks as compared to the ones in which I wrote a detailed explanation.

Talking about the professor himself, as I said he keeps the class interesting and interactive but I had the feeling that he was quite new to the whole teaching shebang, I could be wrong but a lot of time he seemed confused about things himself. But he made sure to clear those doubts, whether those were administrative issues or topic-related stuff.

For the final project, you end up being in a group of 4/5 people and just make a Dapp. The primary focus of the project will be on the smart contract side. I think the outcome of this will depend on who you end up teaming with. I had probably the most proactive teammates so doing this project was simpler. Also around week 13, you’ll present your project in front of the whole class.

TL;DR take it if you have no clue about blockchain, prof is pretty good at explaining things and keeping lectures interactive, assignments and labs would be fun if you are doing them for the first time. If you are already comfortable with blockchain, you can probably take this as a filler course in case you going down the coursework path.

EDIT: I’ve edited the post to add my final grades. Also somehow my GPA turned out to be 4, which is quite above my expectation so I’m happy with it.