The activity that I would focus on as a group activity would be the cracking/defense, spy vs. spy exercise that I've mentioned before. The class would be split into groups of 2-3 people and there would be two kinds of groups: crackers and defenders. Each team would get a packet of information about the system that they are trying to protect or attack. They could study this material in advance of the actual exercise. During the exercise, the defenders and attackers would get 15 minutes to become acquainted with their system (which they may not alter), after which the attackers would get to try to break into the system. The defenders will try to detect attacks in real time and pinpoint their origin and/or targets. Each group would be required to log all their activities during the exercise.

I think this exercise would build teams (as opposed to just groups) in the same way that in the military, attackers or defenders come to work well together against a common enemy. This environment is typical, at least from the defending side (I'm not sure about the attacking side), in the practice of security. The success of an attacker or a defender depends on cleverness and variety of attacks and defense. Having team members allows the groups to produce that variety and learn from it.

I'll define group productivity in terms of how well each student in a group understands the concepts being presented.

I believe the activity from question 1 aids in understanding because of the group dynamic - all against 1. Another type of group dynamic that I'd like to exploit is all against all. For example, take an activity in which a group is required to design a cryptographic protocol. By introducing role-playing, all students would be more likely to understand all the issues involved. If one or two students played the role of entities trying to transmit data securely and another student played the role of an attacker, a chess game of sorts could emerge. This exercise differs from the one above because each team member is on their own. The attacks and defenses are also faster in response and more interactive than before. Each player would be forced to consider his or her position very fully, but also must consider the other players to be truly successful. The objective would be to produce a solid protocol. The defenders would actually design the protocol while the attacker would be responsible for assuring its validity.

Another activity which I would like to do (but for which I anticipate little enthusiasm from CS students) would be a forensics type debate on politics, laws, and ethics. Two teams would be given a topic on which to debate and would pick sides. They would each be responsible for doing research before the debate and preparing arguments. During the debate, one or more speakers could be selected while the other team members could fuel the speaker with data to support claims. The organization would be up to the teams so long as no one was idle.

This question requires at least some group members to come up with possible covert channels. What's more interesting is that the other students must challenge the person who came up with the channel to prove their answer. Again we get the same dynamic as with the crypto design problem earlier. If the group identifies a covert channel that does not exist, it will be not only the fault of the person who suggested it, but also the fault of the other members who did not challenge the suggestion sufficiently. The group must argue amongst themselves to receive credit.