|Location:||JAVITS LECTR 109|
|Meeting Times:||Mon Wed 4:00 p.m. – 5:20 p.m. (Fall 2014)|
|Prerequisites:||Solid background in OS and low-level programming; Basic knowledge about security.|
|Office Hours:||Mon Wed 5:20 p.m. – 6:00 p.m.|
|TA and Office Hours:|
This is a newly designed course that aims to equip graduate students with in-depth knowledge on systems security, hands-on experience with offense and defense techniques, and insights into the latest advances in security research.
Students should expect an average reading load of 2-3 papers (or equivalent) per week, bi-weekly assignments, three projects requiring a LARGE amount of system-level programming, and a final exam.
Reading Materials and Text Books
Pre-class readings consist of academic papers, book chapters, and articles, whose digital copies will be provided before class. After each lecture, a handout will be posted for reviewing content covered in class. These materials, as they become available, will be linked from the course schedule (SBU NetID login needed for access). Materials provided in this course should be used for educational purposes only and not be distributed without permissions.
The following text books are recommended, but NOT required:
- [OSS] Operating System Security, ISBN: 9781598292121
- [SH] The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, ISBN: 9780470080238
Learning and Teaching
For effective in-class learning, students must finish the required readings before coming to classes. This course is taught primarily using whiteboard with occasional uses of slides for demonstrations. Note-taking is strongly encouraged, so is active participation in discussions. In addition to the standard lecturing, this course contains several hands-on sessions, where students are given opportunities to present real-world case studies, demonstrate coding assignments, and conduct live experiments.
For assigned readings, students are asked to write and submit short paper summaries before class. Please use this form to format and submit paper summaries.
Lecture notes taken by students are available on this page.
- Paper summaries, assignments, and presentations – 20%
- Final exam – 20%
- Projects – 60%
Students are required to follow the university honor code and guidelines on academic conduct at all times. Failing to do so will result in instant reports to the university.
Students must check this schedule regularly as new materials are frequently added without separate announcements.
Date Topic Content
(readings & handouts)
Note Fundamentals 8/25 Course Intro & Quiz 8/27 Access Control Access control fundamentals; Role-based access control Project 1 is posted, due in 12 days. 9/1 NO CLASS Happy Labor Day! 9/3 Secure system Principles The Protection of Information in Computer Systems; Computer Security in the Real World Memory Corruption and Exploitation 9/8 Stack & heap overflow Smashing The Stack For Fun And Profit; Heap Overflows; Heap spray Project 1 due; Last day to withdraw w/o “w” 9/10 Remote code injection attacks in the wild Presentations and demos by students, signup here. 9/15 Return Oriented Programming ROP Late registration ends 9/17 Exploiting data corruption and leaks Non-control data attacks; Use-after-free; Language, Compiler, and Runtime Enforcement 9/22 Memory protection overview Eternal War in Memory Guest lecture by Laszlo Szekeres 9/24 Java security Beyond sandbox; Overview (Ch2, 3, and 8) 9/29 Type-safe C Cyclone; CCured (optional) Project 2 release 10/1 Information flow Language-based information flow security 10/6 Project 1 demo/presentation Presentations and demos by students, signup here. 10/8 Sandbox native code Native Client 10/13 Inline reference monitor IRM for Java Stack 10/15 Proving untrusted code Proof-Carrying Code 10/20 Control flow Control-Flow Integrity OS- and Virtualization-based Security 10/22 OS-level mitigations DEP, ASLR, etc. 10/27 A historial view 10/29 Rootkits for good and bad Inside Windows Rootkits 11/3 Virtual machine introspection Introspections on the Semantic Gap: magazine article, SoK paper (choose one to read) Guest lecture by Bhushan Jain 11/5 OS Security Guest lecture by Prof. Mike Ferdman 11/10 Wild Web and Mobile 11/12 11/17 11/19 11/24 11/26 NO CALSS Happy Thanksgiving! Wrap-up 12/1 12/3 12/9 Final Exam 8:30-11:00 PM, same room, covering all materials.