|Location:||Behrakis Health Sciences Cntr 320|
|Meeting Times:||Tue Fri 9:50 a.m. – 11:30 a.m. (Spring 2018)|
|Office Hours:||Fri 1:00 p.m. – 2:00 p.m., ISEC 609 (Spring 2018)|
This course introduces the basic concepts, the recent techniques, and the fundamental principles of secure computer systems. The term “computer systems” is broadly defined in this course, including not only conventional computers but also emerging platforms such as mobile and IoT. The course covers software attacks and defenses, operating system security, language-based security, web and cloud security, mobile and IoT security, etc.
Reading Materials and Text Books
Pre-class readings consist of papers, articles, and book chapters, whose digital copies will be provided before class. Materials provided in this course should be used for educational purposes only and not be distributed without permissions. No test books are required for taking this course.
Learning and Teaching
For effective in-class learning, students must finish the required readings before coming to classes. This course is taught primarily using whiteboard with occasional uses of slides for demonstrations. Note-taking is strongly encouraged, so is active participation in discussions.
- Assignments and presentations – 30%
- Mid-term exam – 20%
- Final exam – 20%
- Projects – 30%
Students are required to follow the university honor code and guidelines on academic conduct at all times. Failing to do so will result in instant reports to the university.
Students should check this schedule regularly as new materials are frequently added without separate announcements.
Date Topic Readings & References Note Software Attacks and Defenses 1/9 Course Introduction & Basics of Systems Security 1/12 Buffer Overflow & Stack Smashing Reading 1; Reading 2 1/16 Heap Corruption Reading 1; Reading 2 (optional) 1/19 Code Injection & Mitigation Reading 1; 1/23 Return-to-libc & ASLR Reading 1; Reading 2; 1/26 Memory and Type Safety Reading 1; Reading 2; Operating System Security 1/30 Access Control Reading 1 (the whole chapter) 2/2 Rootkits & kernel malware Reading 1; Reading 2 (optional) 2/6 Security Features in Modern OS Reading 1; Reading 2 2/9 Verified OS Kernels Reading 1; Reading 2 2/13 Virtualization & Security Reading 1 2/16 Trusted Execution Environment Reading 1; Reading 2 2/20 Mid-term Exam In-class Language- and Compiler-based Security 2/23 Secure Dialects Reading 1 2/27 Security in Rust Reading 1 (Ch.4); Reading 2 3/2 Memory Management & Garbage Collection Reading 1; Reading 2 3/16 Certifying Compilation Reading 1 3/20 Static Analysis for Security Reading 1 Web and Cloud Security 3/23 Web-based Attacks Reading 1; Reading 2 3/27 Server-side Security Reading 1; Reading 2 3/30 Client-side Security Reading 1; Reading 2 4/3 Cloud Security Reading 1 Mobile and IoT Security 4/6 iOS Security Reading 1 4/10 Android App Security Reading 1 4/13 Android Kernel Security Reading 1 4/17 IoT Security Reading 1 4/27 Final Exam 8 am – 10 am, Ryder Hall 220