Lectures will be loosely organized around three core modules: differential privacy, adversarial machine learning, and applied cryptography. We will also cover two advanced modules: algorithmic fairness, and PL and verification techniques. This is a graduate seminar, so not all lectures are set in stone and there is considerable flexibility in the material. If you are interested in something not covered in the syllabus, please let me know! ## Course Materials For differential privacy, we will use the textbook *Algorithmic Foundations of Data Privacy* (AFDP) by Cynthia Dwork and Aaron Roth, available [here](https://www.cis.upenn.edu/~aaroth/Papers/privacybook.pdf). ## Grading and Evaluation Grades will be assigned as follows: - **Paper presentations: 25%** - **Homeworks: 15%** - **Final project: 60%** (Milestones 1 and 2, and final writeup) These three components are detailed below. ### Paper presentations **Paper discussions** are one of the main components of this course. Before every presentation, you are expected to read the paper closely and understand its significance, including (a) the main problem addressed by the paper, (b) the primary contributions of the paper, and (c) how the authors solve the problem in some technical detail. Of course, you are also expected to attend discussions and actively participate in the discussion. The topics we will be reading about are from the recent research literature---peer-reviewed and published, but not completely refined. Most research papers focus on a very narrow topic and are written for a very specific technical audience. It also doesn't help that researchers are generally not the clearest writers, though there are certainly exceptions. These [notes](https://web.stanford.edu/class/ee384m/Handouts/HowtoReadPaper.pdf) by Srinivasan Keshav may help you get more out of reading papers. To help you prepare for the class discussions, I will also send out a few questions at least 24 hours before every paper presentation. **Before** each lecture, you should send me brief answers---a short email is fine, no more than a few sentences per question. These questions will help you check that you have understood the papers---they are not meant to be very difficult or time-consuming and they will not be graded in detail. ### Homeworks After each of the first three core modules, we will assign a small homework assignment. These assignments are not weighed heavily---though they will be graded---but they are mostly for you to check that you have grasped the material. ### Course Project The main component is the **course project**. You will work individually or in pairs on a topic of your choice, producing a conference-style write-up and presenting the project at the end of the semester. Successful projects may have the potential to turn into an eventual research paper or survey. Details can be found [here](assignments/project.md). ## Learning Outcomes By the end of this course, you should be able to... - Summarize the basic concepts in differential privacy, applied cryptography, language-based security, and adversarial machine learning. - Use techniques from differential privacy to design privacy-preserving data analyses. - Grasp the high-level concepts from research literature on the main course topics. - Present and lead a discussion on recent research results. - Carry out an in-depth exploration of one topic in the form of a self-directed research project. ## Credit Information This is a **3-credit** graduate seminar. For the first 10 weeks of the fall semester, we will meet for three 75-minute class periods each week. You should expect to work on course learning activities for about 3 hours out of classroom for each hour of class. ## Academic Integrity The final project may be done in groups of three (or in rare situations, two) students. Collaborative projects with people outside the class may be allowed, but check with me first. Everything else you turn in---from homework assignments to discussion questions---should be **your own work**. Concretely: you may discuss together, but **you must write up solutions entirely on your own, without any records of the discussion (physical, digital, or otherwise)**. ## Access and Accommodation The University of Wisconsin-Madison supports the right of all enrolled students to a full and equal educational opportunity. The Americans with Disabilities Act (ADA), Wisconsin State Statute (36.12), and UW-Madison policy (Faculty Document 1071) require that students with disabilities be reasonably accommodated in instruction and campus life. Reasonable accommodations for students with disabilities is a shared faculty and student responsibility. Students are expected to inform me of their need for instructional accommodations by the end of the third week of the semester, or as soon as possible after a disability has been incurred or recognized. I will work either directly with you or in coordination with the McBurney Center to identify and provide reasonable instructional accommodations. Disability information, including instructional accommodations as part of a student’s educational record, is confidential and protected under FERPA.