Course Overview
This course covers advanced topics in computer security, cryptography and privacy, with a leaning towards exploring cutting edge problems and techniques that are still the focus of academic and industrial research. The focus this year in the course will focus on two current topics in computer security:- Protecting data security using information flow controls
- Mobile device security with a focus on Android
Prerequisite: The course assumes students have taken ECE568 or equivalent. This course provides basic background in computer security concepts, common vulnerabilities and attacks (buffer overflow, integer overflow, format string, XSS, SQL injection, CSRF, etc...), common defenses and security mechanisms (ASLR, MAC, DAC, Cookies, etc...) and basic cryptography (DES, AES, RSA, cipher modes, MAC, Hashes, etc...). There will be a quick quiz during the first lecture to help students evaluate whether they have the appropriate background for the course. To help determine if you have the right background for the course, you can take this assessment quiz.
**If you are interested in taking this course, please complete the Course Signup Form below.**
Evaluation and Deliverables
There will be two "tracks" in the course to accommodate the different goals and learning styles of students:- Industrial Track: Students will be evaluated via weekly quizzes, a midterm and a final exam that will cover material discussed during the lecture and in the course readings. (Click for more Information)
- Class Participation: 10%, Answer and ask questions in class.
- Weekly Quizzes: 20%, 15 minutes each week at the end of class
- Midterm: 30%, Feb 26 in class. The midterm will cover all class material and readings up to Feb 12.
- Final:
40%, April 8 in class The Final Exam will cover
all class materials and readings in the course.
- Research Track: Students will be evaluated via a research project they will conduct over the course of the semester. Students will be expected to give 2 oral presentations and produce documents describing their project. Resources and advice on giving oral presentations and writing research papers is available in the Course Resources section below. Please speak to the instructor if you are interested in doing a project. (Click for more information)
- Class Participation: 10%, Answer and ask questions in class.
- Project
Proposal: 5%,
Due Jan 25 electronically. This will be a 2
page proposal describing
- The problem being addressed
- The proposed approach
- The planned evaluation of the approach
-
Midterm
Presentation: 20%, Due Feb 12 in class. This will be an oral
presentation with slides that
- Motivate and describe the problem
- Describe the progress to date, challenges encountered and any revisions to the original proposal
- Describe future plans.
- Final Presentation: 30%, Due April 8 in class. This will be an oral presentation with slides that
- Summarizes the problem
- Describes solution
- Describes goals of evaluation, methodology and results
- Gives an analysis of the results
- Draws appropriate conclusions
- Final Report: 35%, Due April 15 electronically. This will be a maximum 12 page document that:
- Motivates and describes the problem
- Describes the solution in detail
- Describes the goals and methodology for evaluation
- Draws appropriate conclusions
- For a suggested format for your paper refer to this paper.pdf and these latex files: paper.tex, usenix.sty, biblio.bib. A nice tutorial on Latex can be found here.
Midterm Research Presentation Format
The midterm research presentations will be 10 minutes each (5 minutes for questions) and should be accompanied by visual aids (i.e. slides). Here is a suggested breakdown:- 1-2 slides: Explain the problem and motivation for solving it
- 2 slides: Explain current solutions and related work. Discuss shortcomings of the current solutions and why the shortcomings are important.
- 2-3 slides: Explain your proposed solution.
- 1-2 slides: Current progress and any preliminary results
- 1 slide: Plan for the remainder of the semester
Schedule
| Week # | Date | Topics/Readings | Deliverables |
| 1 | Jan 15 | Introduction:
|
Everyone: Quiz on Security Background |
| 2 | Jan 22 | Classic papers in OS Security
Concepts: |
Industrial: Quiz at
end of lecture Research: Project Proposal due on Jan 25 |
| 3 | Jan 29 | An Introduction to Information
Flow: |
Industrial: Quiz at end of lecture |
| 4 | Feb 5 | Modern Information Flow: |
Industrial: Quiz at end of lecture |
| 5 | Feb 12 | Modern Information Flow 2: |
Industrial: Quiz at
end of lecture Research: Project presentations in class |
| 6 | Feb 26 (after reading week) | Midterm:
|
Industrial: Midterm during lecture |
| 7 | Mar 5 | Information Tainting: |
Industrial: Quiz at end of lecture |
| 8 | Mar 12 | Introduction to Android:
|
Industrial: Quiz at end of lecture |
| 9 | Mar 19 | Studies of Android Security: |
Industrial: Quiz at end of lecture |
| 10 | Mar 26 | Android Privacy: |
Industrial: Quiz at end of lecture |
| 11 | Apr 1 | Android System Level Security: |
Industrial: Quiz at
end of lecture Research: Final presentations in class |
| 12 | Final Exam:
|
Industrial: Final Exam in class |
Resources
Advice on writing/reading papers:- How (and How Not) to Write a Good Systems Paper
- Eurosys 2006 Authoring Workshop
- Writing Systems and Networking Articles