University of Virginia, Department of Computer Science
CS551: Security and Privacy on the Internet, Fall 2000

Course-Specific Evaulation Survey Responses

21 surveys returned.


What was the lamest thing about this course?

I wish we had a class review of all the ciphers we learned, etc.

Random slide transitions. Also, it would be easier thing to save PowerPoint handouts as PDFs to put online.

I don't think any part of the class was lame, there are, however, aspects which I think should be improved. We covered a lot of material in the class, perhaps too much. At times, I felt overwhelmed and did not get a chance to properly understand and respect the material that we breezed through . Also, I think all of the readings were a bit much. They were informative but it was hard to keep up. Oh, and one annoying thing was the lack of proofreading of the slides and assignments, hehehehe.

The difficulty in determining how much was required for the project. Some groups had much larger projects and therefore longer papers.


The instructor. No, I am just kidding! It's hard to say, it was very interesting anyway. I didn't enjoy the second part as much as the first one.

Trick or treat protocols.

Typo on this survey (evaulation).

Some of the in depth encryption stuff.

While I would not label anything in the class as lame, I found the discussion of Java, reference monitors and proof carrying code to be the least interesting parts of the course. I found code safety, in general, and those topics in particular, to be far less interesting than cryptography.

The lamest thing was probably the Sneakers movie. It is a really good movie but pretty much everyone has seen it a hundred times.

The professor (just kidding). There was nothing terribly lame.

75 min lectures, they were good, just long. Then again, it was nice not having it on Friday...

The room we were in. A smaller room is more appropriate.


During the early lectures the slides with all the crypto algorithms would put me to sleep.

First few ciphers we learned about. Good for background info, but I didn't feel going through the monoalphabetic cipher was needed.



Hard to say, this was one of the least-lame classes I've had ever. Probably the book --- it didn't really go too well with the class, something like that.

The assigned partner HW#4.

What was the most useful thing about this course?

Evaluating security protocols to such an extent that you question everything.

Analysis of cryptology algorithms, systems, etc.

Learning just how insecure the world is and how frighteningly stupid high level people are.

All of it. First course I have had where security was mentioned at all.


Public key protocols

Learning how current technologies work (ssh, certificates, RSA, 3DES, viruses, etc.)

Ask again in 10 years.

Gary McGraw - industry perspective.

The study of protocols and system security.

I though that the discussion of cryptography and cryptographic protocols was the most useful part of the class. Previously, I had felt that they were topics too advanced for me to learn about on my own and my ignorance in those areas often hindered my understanding of other aspects of computer security. Now I have a basic understanding of the topics and I feel that I am in a position to learn more about them if I need to.

Learning about actual implementations of security systems or actual security flaws.

Learning about both sides of security (cryptography and systems).

Know what users do wrong, setting permissions, picking bad passwords, etc.

Final projects.

The stuff on PKI and firewalls - real world stuff regarding security that is in place.

I now have a working knowledge of crypto standards (RSA, DES, ...) and an understanding of how they work.

Public key cryptography, Java security.

Just the idea of the course is great. IF I had to specify one aspect that is useful it would be the thought process that goes into constructing a protocol and analyzing it.

Understanding the importance of security and the many vulnerabilities.

The reasings for PS4. They went way over my head, so I had to sit down and look up stuff that we talked about to understand what was going on.

What (if anything) from this course do you expect to use a year from now?

Precise analysis of a system. Question everything. Assume that attackers are very knowledgable.

The paranoid way of looking at every aspect of a system for vulnerabilities.

The ability to look for holes in methos of operation and questioning the security of applications I user.

Some sort of encryption for email...hopefully a thesis topic of some kind.

Analyzing vulnerabilities.

Double-click on the padlock!

Developing protocols, how certificates and different cryptography algorithms work.

Nothing. I'll still be in the academic world.

The understanding of why certain encryption algorithms are used and different system security methods.

I have no specific plans to apply any of what I learned in the class in the next year. I enjoy knowing the information and more importantly I hope to use it as a basis for furthering my knowledge in the area.

I will probably use some of the cryptographic systems sometime soon.

General info about security.

The understanding of how a secure protocol works and how to use one basic encryption algorithms.

Most of the second half of the course on my thesis. The first half of the course was educational, but I probably won't use most of it a year from now.

The security principles and also just in general a lot of design ideas.


Knowledge about Java security as good background info

I don't think there is one specific idea, just the course as a whole.

Ditto = Understanding the importance of security and the many vulnerabilities.

The design principles, the "don't trust stuff saved on your computer" principle.

Pretty much everything.

What (if anything) from this course do you expect to remember 10 years from now?

The government is spying on us.

The paranoid way of looking at every aspect of a system for vulnerabilities.


RSA encryption algorithm...main principles...Saltzer's principles (basically)

Analyzing vulnerabilities.

Almost everything. Certainly SRA (or was it RSA?)

Developing protocols, network intrusions.

RSA and public-key encryption.

Hopefully I will be working in this field, so most of it.

Security seems to be becoming a larger and larger issue in society so ten years from now I suspect everyone will use encryption on a regular basis whether they know it or not. Hopefully, what I have learned in the class will give me a basic understanding of the technology involved.

I don't have any idea.

Some of the stories related to security.

That RSA is really cool. and that we thought our data was safe! (back in the 90s)

The classroom random number generator that tells an instructor how many people read the assignment without telling the instructor who.


Trying to figure out a way to break into the grades file!

Digital signatures, so I can evaluate future technologies, rather than blindly trusting others.

(see above = I don't think there is one specific idea, just the course as a whole.)

Ditto = Understanding the importance of security and the many vulnerabilities.

Same as the last question, if anything. (= The design principles, the "don't trust stuff saved on your computer" principle.)

Computer security is not about algorithms.

Special Classes

For each of the "special" classes, please indicate whether or not you thought it was worthwhile by checking one of the choices. (Leave blank if you missed that class.)

Watching "Sneakers":
xx One of the highlights of my education here.
xxxxxxxxxx Definitely worth doing in future classes.
xxxxx Okay, but only because I don't want to hear anymore of Dave talking.
xxxx A waste of time.

xx One of the highlights of my education here.
xxxxxxxxxxxxxxxx Definitely worth doing in future classes.
xx Okay, but only because I don't want to hear anymore of Dave talking.
x A waste of time.

(Note: I've removed the results for the guest lectures from this, since I didn't ask their permission first. All of the guest lectures were highly rated. Over 2/3rds of the respondents rated Gary McGraw's guest lecture as "One of the highlights of my education here", and the rest as "Definitely worth inviting to speak to future classes.")


During most of the lectures, I am: (check all that apply)
Confused most of the time
xxxxxx Confused about half of the time
xxxxxxxxxxxx Only occasionally confused
xxxx Hardly ever confused

Bored most of the time
xx Bored about half of the time
xxxxxxxx Only occasionally bored
xxxxxxxxxxx Hardly ever bored
Never bored (but I'm playing video games on my Palm)
Sleeping comfortably

How annoying is it when classes go over the scheduled time?
x Extremely annoying    xxxxx Somewhat annoying    xxxxxxxxxxxxxx Not a problem

75 minutes is too long as it is. After that, I'm not absorbing much at all.

Maybe I shoulda bought a palm. Haha.

Of the regular lectures, indicate which three were the worst (using a ¬) and which three were the best (using a +):

(Note: the numbers don't add up right because I counted undervotes and overvotes, including one survey that marked every lecture with "+". I followed the Florida legislature's standard of "clear intent of the voter", not the Supreme Court's standard.)

I really did no dislike any lectures...honestly.

On PCC - interesting, but above my head --- didn't seem useful.


Was the forced random partner collaboration policy for PS4 a good idea?
xx Yes, do all assignments that way
xxxxxxxxxxxxx Yes, but only for PS4
xxxxxx No, I'd rather pick my parther
x No, I'd rather work alone

At the end of the semester, it is hard to find time where both can meet.

How many problem sets should there be? (assume the total work will stay about the same)
xxxxxxxxxxxxxxxxx 4
xxx 5
xx 7
14 (weekly)

Should the encrypted midterm be handed out?
xxxxxxxxxxxxxxxx Yes, like it was
xxx Yes, but make it more clear what it is
xx No

Definitely, that was great!

Should the final be:
xxxxxxxxxxxxxxxxxx Take-home
In class
xx No final

Any other comments on the assignments?

Problem sets were difficult, but I definitely learned the material by doing them.

I thought the final was one of the best assignments. I think one or 2 problems like that one would make good problem sets.

I thought the assignments were well designed and exercised my understanding of the material appropriately.

One of the rare classes where the assignments teach you something. I thought they were good, but should be graded more on attempt than correctness.

Many of them were very challenging and some of them did not even have an effective solution. I have never been used to stuff like that, so it was kinda frustrating. But it helped me to grow up a little bit...

As the course progressed, the reading assignments seemed less and less important. I don't think anyone read them in the last month. They should be stressed more.

Favorite class at this university.

I think the focus on real world applications (especially in the cryptography section) was valuable. It made the problems much more interesting and allowed for more flexibility in answering them. I was generally confident that there was (no?) right answer you already had in mind. This allowed me to be creative in answering them rather than attempting to find the solution that was "correct". In general, questions that have yet to be answered by anyone are far more interesting than ones that have.

The midterm should be timed take home.

The problem sets were challenging and fun (I'm glad this is anonymous because I was almost beaten when I said Calc3 and Discrete math 2 were fun). This class was fun too...thanks!

The assignments were the driving force behind learning the material.

I liked the fact that I could get help from others for the first three problem sets. The allowed group work helped me to figure out the problems and, more importantly, understand the concepts.

The final project was a really good thing, but I think there needs to be a little more structure to it. It makes sense for everyone to figure things out, etc., but especially for the progress reports we could have done a better job (or at least more consistent) if there had been some kind of specification or feedback or something.

The "final project" should have been under a compressed time frame. We did most of the work in a short period of time, so it didn't matter how long we had. Also, there should be two projects - one in crypto and one on systems security.


What is "Computer Science"?

The study of computers and how they work.

A major at UVa that attempts to take over every aspect of the lives of students naive enough to pursue a degree.

By definition: the branch of engineering science that studies (with the aid of computers) computable processes and structures.

At UVa, computer science seems to be "how to program in C++", at least, for the first year and a half of being CS.

The science of computers takes on at least two views. In the microscopic scale, computer science is the study of computer processes and logic. What makes a computer tick? How do interacting parts of a computer actually interact? In the macroscopic scale, computer science is the study of computer systems or networks. Computers are part of our daily lives, now, and learning how they work together for common and uncommon goals are important. If we can understand the basics of how a computer works, then we can begin to manipulate them to do what we want them to (programming) or hook them together to do things in ways we never imagined before.

The designing, deconstructiong, and analyzing of secure computer programs and systems.

The study of the underlying fundamentals of programming, algorithms, computer hardware, and applications of mathematics in computers.

I don't know. I always called it "informatics".

Computer Science is the most successful application of a philosophy of abstraction. Abstraction (more broadly than in the computer science use of the term) is the extraction of the relevant traits and actions necessary to achieve some goal. These techniques are used in business, law and other engineering fields. However, to fully appreciate their usefulness, a perfect memory and quick recall is needed. These are two skills at which computers excel. Computer Scientists have been immensely successful at applying this philosophy, using data as traits and algorithms as actions. Object oriented programming has gone further with its ability to hide irrelevant information such as data representation and implementation from clients who do not need it.

Making stuff do things.

Theoretical, non-certification oriented vocational education to prepare a student to make the next great breakthrough in computing technology.

The science of impressing lay-people with cool terms and all about computers.

The study of acronyms.

Making software and hardware work "better" for the end user by using the scientific method.

No idea. Whatever it is I like it.

Good question. More theoretical than programming but more engineering than math.

An easy way to make money by convincing people that you do something hard.

How many cryptographers does it take to change a light bulb?

2: One to do it. Another to do it. Then let them argue to see who did it first.

One to stand on the ladder and change the bulb, one to pass the new bulb up to him, and a trusted third party to hold the ladder.

One. But it will take him or her a really long time because he or she will first go through all of the possible encryption methods for the instructions before healizing he or she is really supposed to change the light bulb and then do it.

Not even gonna try, I have no wit left.

None. They only care about building the lamp (algorithm) and the light bulb factory (random number generator), they do not take care of the light bulbs (keys)!

One, but it will take a sextillion years to open the box.

n + 1 where n is the number of switches that control the light. One cryptographer is needed to remove the old light bulb and screw in the new one. The other cryptographes must then test each of the 2n configurations of the light switches to ensure for every configuration of switches, a changing a single switch will change the state of the light bulb.

I'm too tired to answer these --- my sense of humour at the moment is non-existent so any answer I give will not be entertaining in the least bit.

As many that are present as long as they come to a consensus for an anonymous scheme to replace the bulb.

2 - one to be in de-light-ed about it and another to actually screw it in.

None. That's an implementation issue.

Ssh. It's a secret.



Don't cryptographers work off the glow from their monitors? Why would they change a lightbulb?

100. 99 to sit around and argue about the algorithm to use and 1 to actually do the work.

CS 655 University of Virginia
Department of Computer Science
CS 551: Security and Privacy on the Internet
David Evans