CSE 608 – Advanced Computer Security

 

Instructor: Long Lu
Location: Rm. 2129, Rm. 1310, CS Bldg.
Meeting Times: MW 2:30pm – 3:50pm (Fall 2013)
Prerequisites: Decent understanding about OS internals and solid programming skills.
Office Hours: Wed 3:50p – 4:50p
TA and Office Hours: TBA

 

Course Description

This course is designed to better prepare graduate students for researching and developing in the neighborhood of software and systems security. Paper readings, in-class discussions, and projects are the three main components, which are selected or created to offer the students:

  • a systematic overview of the established works in the area;
  • a deep insight into the recent and ongoing research advances;
  • a hands-on experience of exercising and implementing new ideas;

At first, the course covers a wide range of security issues and solutions concerning traditional software and platforms, such as memory corruption exploits and mitigations, software fault tolerance and isolation, and etc. As more recent topics roll in, the focus of the course is gradually shifting to the unique security problems found on the Web, cloud, and smartphones.

Student should expect an average reading load of 2-3 papers per week and 4 system-building projects throughout the semester.

Grading

  • Class participation and interaction – 15%
  • Reading assignments – 25%
  • Projects – 60%

Schedule (tentative)

Date Topic Content (readings & discussions) Note
8/26 Course bootstrap Introduction and logistics
Segment 1: Legacy software and low level code
8/28 Memory corruption errors
9/2 NO CLASS (Labor Day)
9/4 Remote code injection
9/9 Return oriented programming Project 1 announcement
9/11 Discussion: current and future defenses
Segment 2: The wild web and cloud
9/16 Drive-by download and browser compromises
9/18 Browser-enforced security Project 1 due; Project 2 announcement
9/23 Securing the browser and web
9/25 Cloud security
9/30 Discussion: Web, Cloud, and Mobile
Segment 3: Old issues go mobile
10/2  Android and iOS Security Project 2 due (extended to 10/6)
10/7  Malware on mobile
10/9  Kernel level exploits
10/14  Discussion: mobile Vs. PC security  Prepare your own materials for in-class discussions Project 3 announcement
Segment 4: New threats to mobile
10/16 Application security overview
10/21 IPC security
10/23 SEAndroid
10/28 Project 3 Discussion
10/30 Permissions Project 3 due
Segment 5: Round-up and final project
11/4 Project Discussion  Conclude each topic of Project 3 and Q&A
11/6 Project Discussion  Project 4 (final project)
11/11 Trojan taking new form
11/13 CFI on mobile
11/18 Usable mobile security
11/20 Birds of a feather: future directions for security Please collect and bring materials that you think relevant and interesting for discussion (temporary location change: 2311 CS). Rm. 2311 CS
11/25 Final project presentation I
11/27 NO CLASS (Happy Thanksgiving)
12/2 Final project presentation II Last meeting of the class

 

Honor Code

Students are required to follow the university honor code and guidelines on academic conduct at all times. Failing to do so will result in instant reports to the university.