Defensive Hacking
Syllabus and Schedule


Spring 2009

(c) Copyright 2012
The Heinz School, CMU
Final Paper Information
Students are expected to identify a topic related to the course for a 10-20 page final paper. They should send a one-paragraph non-binding description of their intended topic to the instructor at their earliest opportunity.

Joint work on the final paper (where no more than two students work together) will be permitted only with advance permission of the instructor and identification of areas of concentration for each student.

Example Topics
There is one overarching goal in your term paper: Demonstrate your mastery of the concepts discussed in the course. Whatever topic you pick (and below are only a few of the many, many possible topics), make sure your paper reflects your knowledge gain during the course. You should probably also note that the "expected" length is about 10-15 pages (for single-author papers).

OK, Here are some possible topics:
  1. A Discussion of the Components of Cyber Strategy, in analongy to the tactical model described in Nazario,'s Future of Internet Worms paper
  2. A procedure for using defensive hacking as a response to the threat formed by potential malicious insiders
  3. Some sample process for validating a vulnerability not covered in the course or its readings (i.e., find a vulnerability, discuss how you would look for it in your network)
  4. Guidelines for defensive hacking by system or network administrators in a specific organization you are familiar with. This should include any applicable legal or ethical constraints.
  5. A project related to defensive hacking (e.g., building a new VM to allow hacking against a specific service not currently part of the course, and some outline of a process to use with this VM).
  6. Analysis of an actual hacking incident (e.g., the 2011 RSA hack) and its implications for defensive hacking.