CS 690E Policy Addendum

This is an addendum to Spaf's usual course policies. This covers special aspects of CS 690E: proprietary information and vulnerability data. In general we trust all the students in the class. However, we must also make clear that we will treat seriously any violation of that trust. More specific information is given below. Basically, one of the on-going projects in the class is to explore system penetrations and penetration detection systems. This is an area that is naturally sensitive in nature and we should be aware of the concerns related to these topics.

Proprietary software

Some of the software and documentation in CS 690E may be under license and/or provided to Purdue under non-disclosure agreement. This means that the material is for our use only, and is not to be copied, distributed or discussed outside of class. When such material is provided to the students, it will be clearly marked as proprietary. If we discover that any member of the class has disclosed this material without explicit, written permission of either Spaf or Tim Korb, then the student involved will receive a failing grade in the course and be referred to the Dean of Students for further action. In addition, any such disclosure may result in civil legal action against the student by the vendor/agency providing Purdue with the software.

In particular, the following will be consider disclosure if done knowingly and without permission:

Copying all or part of any restricted software to other accounts, machines, or media;
Setting permissions on files or directories that would enable others to copy all or part of restricted software components;
Providing others with passwords or other access to your account where restricted software is stored;
Making printouts or copies of protected source code or documentation;
Discussing details of the structure, behavior, or options of restricted software.

Within these rules we want to provide you with as much freedom as possible to explore how the software behaves. If you have any doubts about what is allowed, check with Spaf or Dr. Korb first.

Vulnerability data

As part of the course, students will be provided with details and software about real system vulnerabilities. Some of these vulnerabilities may still be present on systems in use at Purdue and outside Purdue. This information will be provided for use in the class only. This information is not to be published or distributed outside of the class, used by a student to break into any machine outside of the ones designated for class testing, or otherwise used inappropriately. Violations may result in a failing grade and further action by the Dean of Students. Furthermore, note that unauthorized access to computer accounts and machines not your own may result in criminal prosecution under Indiana or US criminal law.

If you have any questions about the proper use of information in the class, contact the instructor.

Gene Spafford