CSE 509 Computer System Security

Fall 2024

Course Description Instructor and TA Texts Lectures Grading Special needs

Course Description

In the class, we will discuss the principles and practice of computer system security, with particular emphasis on:

One of the main objectives of this course is adversarial thinking: students should be able to quickly zoom in on the weakest link in any security technology, or system design. Students should be able to imagine how an attacker might break their system, and build in protection and mitigation measures to ward off such attacks.

This is a hands-on course, where students learn by carrying out three programming assignments and a final project. Some assignments will be aimed at in-depth understanding of software vulnerabilities by developing exploits. Others will be aimed at tools and techniques used for mitigating security threats. All of them are designed to prepare you for a final project that will be completed by groups of 2 to 4. All of these assignments and the projects provide a taste of research in software and systems security.

Some assignments are best carried out by teams of two. Please find a suitable project partner right at the beginning of the course in order to avoid problems later. You can do these assignments alone, but that obviously will mean more effort.


Course Topics

We will reorder these topics during the semester in order to ensure that topics relevant for the course project are covered early on.

Lectures

Topic
#
Description Slides
1 Introduction PDF
2 Memory Corruption Vulnerabilities PDF
3 Processor and Virtual Machine Security PDF
4 Operating System Security PDF
5 Cryptography Basics PDF
6 Authentication PDF
7 Access control PDF
8 Malware PDF
9 Untrusted code PDF
10 Binary code security PDF
11 Binary Instrumentation PDF
12 Vulnerability Discovery PDF
13 Software Vulnerabilities II PDF
14 Web Security PDF
15 Intrusion Detection PDF
16 Side-Channel Attacks PDF

In place of the two in-person lectures in the last week of classes, please listen to the following lectures from a previous offering of the course. (All of this material is included in the final exam.)


Class Place and Time:


Late submission policy: You can take a total of 72 late hours across the programming assignments/labs. We will apply the late hours based on the time of your latest submission for each programming assignment.


Instructor:

R. Sekar
Office: Rm 364 New Computer Science

TA:

Information about the TAs and their office hours are posted on Piazza.

Texts:

There is no textbook for this course. We will rely primarily on class notes.


Grading

You will be handed homework problems sets in order to help you prepare for the exams. You will not have to submit solutions to these problem sets, but in order to encourage you to actually work out the problems, we may hold short quizzes in the class that test you on problems very similar to those in the problem sets. My intent is that quizzes require no preparation beyond solving problems in the associated homework problem set. In order to further reduce the stress involved in these quizzes, we automatically scale up your score in each quiz by a factor of 4/3, up to a maximum of 100%.

Your final grades will be determined from your exam grades, programming assignments and the final project. Exams and quizzes will contribute 60% of the grade while the project and the programming assignments will coutribute about 40%.

Copying homework solutions or programming assignments from a fellow student or from the Internet, and all other forms of academic dishonesty, are considered serious offenses. They will be prosecuted to the maximum extent permitted by university policies.


Special Needs

If you have special needs, concerns or a disability, please contact the staff at Student Accessibility Support Center (SASC). SASC staff will review your concerns and determine, with you, what accommodations are necessary and appropriate. All information and documentation will remain confidential.