CY 5130/3740 – Systems Security

Instructor: Long Lu
Location: Cargill Hall 094
Meeting Times: Tue 6:00pm – 9:15pm (Fall 2019)
Office Hours: In-person: Tue 4:45pm – 5:45pm
Online: Piazza
  • Course Description

    This course introduces the basic concepts, the recent techniques, and the fundamental principles of secure computer systems. The term “computer systems” is broadly defined in this course, including not only conventional computers but also emerging platforms such as mobile and IoT. The course covers software attacks and defenses, operating system security, language-based security, web and cloud security, mobile and IoT security, etc.

    Reading Materials and Text Books

    Pre-class readings consist of papers, articles, and book chapters, whose digital copies will be provided before class. Materials provided in this course should be used for educational purposes only and not be distributed without permissions. No text books are required for taking this course.

    Learning and Teaching

    For effective in-class learning, students must finish the required readings before coming to classes. This course is taught primarily using whiteboard with occasional uses of slides/projectors for demonstrations. Note-taking is strongly encouraged, so is active participation in discussions.

    Grading

    • Assignments and presentations – 30%
    • Mid-term exam – 20%
    • Final exam – 20%
    • Projects – 30%

    This is a cross-listed course between CY5130 and CY3470. The two sections will meet at the same time and location and have the same lectures, assignments, projects and exams. However, the grading will be separate.

    Honor Code

    Students are required to follow the university honor code and guidelines on academic conduct at all times. Failing to do so will result in instant reports to the university.

  • Schedule (tentative)

    Students should check this schedule regularly as new materials are frequently added without separate announcements.

    Date Topic Readings & References Note
    Software Attacks and Defenses
    Week 1, Part 1 (9/10) Course Introduction & Basics of Systems Security
    Week 1, Part 2 (9/10) Buffer Overflow & Stack Smashing  Reading 1; Reading 2
    Week 2, Part 1 (9/17) Heap Corruption  Reading 1; Reading 2 (optional)
    Week 2, Part 2 (9/17) Code Injection & Mitigation  Reading 1;
    Week 3, Part 1 (9/24) Return-to-libc & ASLR  Reading 1; Reading 2;
    Week 3, Part 2 (9/24) Memory and Type Safety  Reading 1; Reading 2;
    Operating System Security
    Week 4, Part 1 (10/1) Access Control  Reading 1 (the whole chapter)
    Week 4, Part 2 (10/1) Rootkits & kernel malware  Reading 1; Reading 2 (optional)
    Week 5, Part 1 (10/8) Security Features in Modern OS  Reading 1; Reading 2
    Week 5, Part 2 (10/8) Verified OS Kernels  Reading 1; Reading 2
    Week 6, Part 1 (10/15) Virtualization & Security  Reading 1
    Week 6, Part 2 (10/15) Trusted Execution Environment  Reading 1; Reading 2
    Language- and Compiler-based Security
    Week 7, Part 1 (10/22) Secure Dialects  Reading 1
    Week 7, Part 2 (10/22) Security in Rust  Reading 1 (Ch.4); Reading 2
    Week 8, Part 1 (10/29) Memory Management & Garbage Collection  Reading 1; Reading 2
    Week 8, Part 2 (10/29) Study guide for mid-term
    Week 9, (11/5) Mid-term Exam In-class
    Week 10, Part 1 (11/12) Static Analysis for Security  Reading 1
    Web and Cloud Security
    Week 10, Part 2 (11/12) Web-based Attacks  Reading 1; Reading 2
    Week 11, Part 1 (11/19) Server-side Security  Reading 1; Reading 2
    Week 11, Part 2 (11/19) Client-side Security  Reading 1; Reading 2
    Week 12 (11/26) Cloud Security  Reading 1
    Mobile and IoT Security
    Week 13, Part 1 (12/3) iOS Security  Reading 1
    Week 13, Part 2 (12/3) Android Security  Reading 1; Reading 2
    Week 14, (12/10)  Final Exam  Same time & location as class