CS 3740 – Systems Security

 

Instructor: Long Lu
Location: Behrakis Health Sciences Cntr 320
Meeting Times: Tue Fri 9:50 a.m. – 11:30 a.m. (Spring 2018)
Office Hours: Fri 1:00 p.m. – 2:00 p.m., ISEC 609 (Spring 2018)

 

  • Course Description

    This course introduces the basic concepts, the recent techniques, and the fundamental principles of secure computer systems. The term “computer systems” is broadly defined in this course, including not only conventional computers but also emerging platforms such as mobile and IoT. The course covers software attacks and defenses, operating system security, language-based security, web and cloud security, mobile and IoT security, etc.

    Reading Materials and Text Books

    Pre-class readings consist of papers, articles, and book chapters, whose digital copies will be provided before class. Materials provided in this course should be used for educational purposes only and not be distributed without permissions. No test books are required for taking this course.

    Learning and Teaching

    For effective in-class learning, students must finish the required readings before coming to classes. This course is taught primarily using whiteboard with occasional uses of slides for demonstrations. Note-taking is strongly encouraged, so is active participation in discussions.

    Grading

    • Assignments and presentations – 30%
    • Mid-term exam – 20%
    • Final exam – 20%
    • Projects – 30%

    Honor Code

    Students are required to follow the university honor code and guidelines on academic conduct at all times. Failing to do so will result in instant reports to the university.

  • Schedule

    Students should check this schedule regularly as new materials are frequently added without separate announcements.

    Date Topic Readings & References Note
    Software Attacks and Defenses
    1/9 Course Introduction & Basics of Systems Security
    1/12 Buffer Overflow & Stack Smashing  Reading 1; Reading 2
    1/16 Heap Corruption  Reading 1; Reading 2 (optional)
    1/19 Code Injection & Mitigation  Reading 1;
    1/23 Return-to-libc & ASLR  Reading 1; Reading 2;
    1/26 Memory and Type Safety  Reading 1; Reading 2;
    Operating System Security
    1/30 Access Control  Reading 1 (the whole chapter)
    2/2 Rootkits & kernel malware  Reading 1; Reading 2 (optional)
    2/6 Security Features in Modern OS  Reading 1; Reading 2
    2/9 Verified OS Kernels  Reading 1; Reading 2
    2/13 Virtualization & Security  Reading 1
    2/16 Trusted Execution Environment  Reading 1; Reading 2
    2/20 Mid-term Exam In-class
    Language- and Compiler-based Security
    2/23 Secure Dialects  Reading 1
    2/27 Security in Rust  Reading 1 (Ch.4); Reading 2
    3/2 Memory Management & Garbage Collection  Reading 1; Reading 2
    3/16 Certifying Compilation  Reading 1
    3/20 Static Analysis for Security  Reading 1
    Web and Cloud Security
    3/23 Web-based Attacks  Reading 1; Reading 2
    3/27 Server-side Security  Reading 1; Reading 2
    3/30 Client-side Security  Reading 1; Reading 2
    4/3 Cloud Security  Reading 1
    Mobile and IoT Security
    4/6 iOS Security  Reading 1
    4/10 Android App Security  Reading 1
    4/13 Android Kernel Security  Reading 1
    4/17 IoT Security  Reading 1
    4/27  Final Exam  8 am – 10 am, Ryder Hall 220