A printable PDF is available.

This homework focuses on exploring research and publishing practices in computer science and computer security.

1. Open (non-commercial) scientific research is fundamentally about making and sharing discoveries, where the "sharing" part is accomplished through writing and publishing papers. For any published work, issues of intellectual property rights and copyright are vital to understand, and for this question you will examine two policy documents:
   • UNCG's copyright policy (which is typical of university policies):
     https://policy.uncg.edu/university-policies/copyright/
   • ACM's copyright transfer agreement:
     https://www.acm.org/publications/policies/copyright-and-license-forms

   Read through these documents, and then answer the following questions (give thoughtful answers, justifying by referring to or quoting specific parts of the policy documents as appropriate -- if there are conditions or assumptions in your answer, make sure you explain those):

   • (a) Faculty members (who are "EPA employees" in the policy document) perform independent scholarship, and publish papers. Who owns the copyright to those works? What rights does the university have to the work?

   • (b) Staff members (who are "SPA employees" in the policy) may create works, such as advertising materials created by staff in university relations. Who owns the copyright to those works? What rights does the university have to the work?

   • (c) Students often write papers as part of class requirements. Who owns the copyright to those works? What rights does the university have to the work?

   • (d) Students may participate in research projects, and can be authors or co-authors on papers resulting from that research. Who owns the copyright to those works? What rights does the university have to the work?

   • (e) There are commercial web sites that collect student class notes, and will pay students for copies of their notes. Is this acceptable by the university copyright policy?

   • (f) The ACM copyright transfer agreement refers to "work-made-for-hire" as a special case. Given the UNCG copyright policy, does this apply to papers written by UNCG faculty?

   • (g) After signing over copyright to ACM, can an author print and send a copy of their paper to a colleague?

   • (h) After signing over copyright to ACM, can an author post a copy of the paper on their own web page?

   • (i) After signing over copyright to ACM, can an author authorize a scholar at a different institution to post the paper on their web site?

   • (j) After signing over copyright to ACM, can a professor (not one of the authors) make copies of the paper to distribute to their class?

   • (k) Is a paper written by an author at UNCG considered "public domain" after it is published?

   • (l) Does the ACM transfer agreement or the ACM copyright statement give any rights to anyone other than the author(s) and ACM?

2. This question refers to the following six research papers, two from each of three main security conferences, which have been selected so that they can be largely understood without a lot of specialized or advanced knowledge. Each student has been assigned a subset of these papers to use in answering the following questions (check Canvas for your assignment).

   • [1] Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. “Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices.” In USENIX Security Symposium, pp. 205-220, 2012.
     https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/heninger

   • [2] Rob Jansen, Paul F. Syverson, and Nicholas Hopper. “Throttling Tor Bandwidth Parasites.” In USENIX Security Symposium, pp. 349-363, 2012.
     https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/jansen

   • [3] Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. “An Empirical Study of Cryptographic Misuse in Android Applications.” In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS '13), pp. 73-84, 2013.
     https://dl.acm.org/citation.cfm?id=2516693

   • [4] Ari Juels and Ronald L. Rivest. “Honeywords: Making Password-Cracking Detectable.” In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS '13), pp. 145-160, 2013.
     https://dl.acm.org/citation.cfm?id=2516671

   • [5] Jiyong Jang, Abeer Agrawal, and David Brumley. “ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions.” In IEEE Symposium on Security and Privacy, pp. 48-62, 2012.
     https://csdl.computer.org/csdl/proceedings/sp/2012/4681/00/06234404-abs.html

   • [6] Ian Miers, Christina Garman, Matthew Green, and Aviel D. Rubin. “Zerocoin: Anonymous Distributed E-Cash from Bitcoin.” In IEEE Symposium on Security and Privacy, pp. 397-411, 2013.
     https://csdl.computer.org/csdl/proceedings/sp/2013/4977/00/4977a397-abs.html

   Answer the following questions regarding the papers you were assigned:

   • (a) One of your assigned papers is provided as a link to the ACM Digital Library. Try accessing this paper from on campus (using a UNCG computer) and from off campus. What are the results?

   • (b) The class handout on research in computer science described ways to locate copies of a paper that are available even if the "copy of record" requires a subscription to access. How many freely-available copies can you find for the ACM-published paper that you were assigned? In addition to the number, give access information (URL) for two copies: one that clearly abides by the ACM copyright transfer agreement, and one that seems to violate copyright (there are examples of both for each paper!). Explain your reasoning about why each copy abides by or violates copyright.

   • (c) For each paper, use Google Scholar to find at least two papers that were published after the paper and build on the knowledge in some non-trivial way. To judge the "non-trivial" part you will have to access the papers and see how integral the paper is to the new work -- if a subsequent publication just mentions the paper in passing, keep looking!

   • (d) For each paper, examine the structure of the paper and identify each of the seven "components of a research paper" that were described in the research handout. For each paper give a brief description of each component, describing things such as the length, whether the component is in a distinctly labeled section, and an indication of the technical depth of the component (can you make sense out of it by just a brief read/scan?).

   • (e) For each paper, understand as much as you can about the results by carefully reading the abstract and introduction, and then looking into the main body at whatever depth you are comfortable with. Then describe the results and significance in your own words (don't copy from the papers!). Keep notes, because after this homework is submitted we will go around the class and ask what people learned from each paper.