Course Description | Instructor and TA | Texts | Lectures | Grading | Special needs |
In the class, we will discuss the principles and practice of computer system security, with particular emphasis on:
One of the main objectives of this course is adversarial thinking: students should be able to quickly zoom in on the weakest link in any security technology, or system design. Students should be able to imagine how an attacker might break their system, and build in protection and mitigation measures to ward off such attacks.
This is a hands-on course, where students learn by carrying out three programming assignments and a final project. Some assignments will be aimed at in-depth understanding of software vulnerabilities by developing exploits. Others will be aimed at tools and techniques used for mitigating security threats. All of them are designed to prepare you for a final project that will be completed by groups of 2 to 4. All of these assignments and the projects provide a taste of research in software and systems security.
Some assignments are best carried out by teams of two. Please find a suitable project partner right at the beginning of the course in order to avoid problems later. You can do these assignments alone, but that obviously will mean more effort.
Topic # |
Description | Slides |
1 | Introduction | |
2 | Memory Corruption Vulnerabilities | |
3 | Processor and Virtual Machine Security | |
4 | Operating System Security | |
5 | Cryptography Basics | |
6 | Authentication | |
7 | Access control | |
8 | Malware | |
9 | Untrusted code | |
10 | Binary code security | |
11 | Binary Instrumentation | |
12 | Vulnerability Discovery | |
13 | Software Vulnerabilities II | |
14 | Web Security | |
15 | Intrusion Detection | |
16 | Side-Channel Attacks |
In place of the two in-person lectures in the last week of classes, please listen to the following lectures from a previous offering of the course. (All of this material is included in the final exam.)
Late submission policy: You can take a total of 72 late hours across the programming assignments/labs. We will apply the late hours based on the time of your latest submission for each programming assignment.
Information about the TAs and their office hours are posted on Piazza.R. Sekar
Office: Rm 364 New Computer Science
There is no textbook for this course. We will rely primarily on class notes.
Your final grades will be determined from your exam grades, programming assignments and the final project. Exams and quizzes will contribute 60% of the grade while the project and the programming assignments will coutribute about 40%.
Copying homework solutions or programming assignments from a fellow student or from the Internet, and all other forms of academic dishonesty, are considered serious offenses. They will be prosecuted to the maximum extent permitted by university policies.
If you have special needs, concerns or a disability, please contact the staff at Student Accessibility Support Center (SASC). SASC staff will review your concerns and determine, with you, what accommodations are necessary and appropriate. All information and documentation will remain confidential.