Advanced Topics in Computer Security, Spring 2021
In this class, students will learn about the latest research development in two main areas software security and system security. Topics in software security focus on attack and defense in application-level software, while system security focuses on attack and defense in system software and hardware.
- CSE 361S, CSE 433S, CSE 523S, CSE 571S
- Feel free to join the class without pre-req as long as you are willing to pick up the system knowledge in the first several weeks of the class.
There is no textbook for the class. We will use research papers for some of the topics.
There is one mid-term and one-final exam in this class.
| Class Discussion Lead || 20 % |
| Blog || 10 % |
| Project - Proposal || 10 % |
| Project - Mid-term || 25 % |
| Project - Final || 35 % |
| week 1 || Introduction to Software and System Security |
| week 2 || Memory War, Software Diversity |
| week 3 || Fuzzing, Sanitizers |
| week 4 || Network Protocol Fuzzing |
| week 5 || Project Proposal |
| week 6 || Binary Atttack and Embedded device attack |
| week 7 || Introduction to System Security |
| week 8 || OS Security |
| week 9 || Trusted Computing |
| week 10 || Project Mid-term Progress Demo |
| week 11 || Information Side Channel |
| week 12 || Information Side Channel |
| week 13 || Cyber-physical Attack and Defense |
| week 14 || Project Final Demo |
This assignment has two parts
- Write one blog entry on the topic last lecture
- Lead the discussion for 10 mins on the next class on this particular topic
If you need a suggestion, the topic can be one of the following
- Recently disclosed vulnerability and demo
- Recent incident in the news - you need to present the root cause, discussion and potential solution
- A broader overview of the topic from last week
- A related but not covered topic from last week
- Demo of a new security tool
Log and lightning talk signup is here
Our class blog is here
Find vulnerabilities in the given code skeleton
The class project is an open ended project, where students are encourage to take on challenging project ideas by expanding on the previous rounds, this can be
- use TEE to protect other real-life applications -
ML [ Code and Data ],
- apply new techniques to attack applications inside TEE
- apply new techniques to attack TEE
- prototype one of the cyber-physical attacks
Your grade will be evaluated by the novelty of the attack or defense(can be a failure), and the steps you took towards the goal. This project has to be a group project. There is no limitation on the size of the group, though groups with 3 - 5 students are often most effective. There are three checkpoints of the project
- Proposal - it should include
1) description of the project - what you intend to work on,
2) individual responsibilities - the proposal should include responsibility of individual member,
3) Deliverables of project - the expected product in checkpoint and final demo,
4) Steps - high level items for each week towards the goal.
- Project Checkpoint - at checkpoint, teams should have a prototype, and re-base the schedule and goal
- Final Writeup and Demo - this would include final demo, write up, source code and documentation
Please note that reproducibility will be a key evaluation criteria, make sure all the submitted materials are clearly documented.
With greater power, comes greater responsibility. In this course, we will be learning about and exploring some
vulnerabilities that could be used to attack systems. Students are expected to behave responsibly and ethically.
You may not attack any system prior approval of the site owners, and may not use anything you learn in this
class to disrupt services or harm others. If you have any doubts about whether or not something you want to do
is ethical and legal, you should check with the course instructor.