Advanced Topics in Computer Security, Spring 2021

Instructor: Ning Zhang, zhang.ning@wustl.edu, public key
TA: TBD,
Meeting: TBD
Classroom: TBD
Office Hour: TBD
Piazza: https://piazza.com/wustl/spring2021/csexxxs

Announcement


Course Description


In this class, students will learn about the latest research development in two main areas software security and system security. Topics in software security focus on attack and defense in application-level software, while system security focuses on attack and defense in system software and hardware.

Recommended Pre-req:
- CSE 361S, CSE 433S, CSE 523S, CSE 571S
- Feel free to join the class without pre-req as long as you are willing to pick up the system knowledge in the first several weeks of the class.

Textbook


There is no textbook for the class. We will use research papers for some of the topics.

Grading


There is one mid-term and one-final exam in this class.

Class Discussion Lead 20 %
Blog 10 %
Project - Proposal 10 %
Project - Mid-term 25 %
Project - Final 35 %

Schedule



Date Topics
week 1 Introduction to Software and System Security
week 2 Memory War, Software Diversity
week 3 Fuzzing, Sanitizers
week 4 Network Protocol Fuzzing
week 5 Project Proposal
week 6 Binary Atttack and Embedded device attack
week 7 Introduction to System Security
week 8 OS Security
week 9 Trusted Computing
week 10 Project Mid-term Progress Demo
week 11 Information Side Channel
week 12 Information Side Channel
week 13 Cyber-physical Attack and Defense
week 14 Project Final Demo

Blogs



This assignment has two parts
If you need a suggestion, the topic can be one of the following
Log and lightning talk signup is here.
Our class blog is here

Projects




Round 1: Vulnerability discovery


Find vulnerabilities in the given code skeleton

Round 2: Class Project


The class project is an open ended project, where students are encourage to take on challenging project ideas by expanding on the previous rounds, this can be

Evaluation: Your grade will be evaluated by the novelty of the attack or defense(can be a failure), and the steps you took towards the goal. This project has to be a group project. There is no limitation on the size of the group, though groups with 3 - 5 students are often most effective. There are three checkpoints of the project
  • Proposal - it should include 1) description of the project - what you intend to work on, 2) individual responsibilities - the proposal should include responsibility of individual member, 3) Deliverables of project - the expected product in checkpoint and final demo, 4) Steps - high level items for each week towards the goal.
  • Project Checkpoint - at checkpoint, teams should have a prototype, and re-base the schedule and goal
  • Final Writeup and Demo - this would include final demo, write up, source code and documentation
Please note that reproducibility will be a key evaluation criteria, make sure all the submitted materials are clearly documented.

Ethics


With greater power, comes greater responsibility. In this course, we will be learning about and exploring some vulnerabilities that could be used to attack systems. Students are expected to behave responsibly and ethically. You may not attack any system prior approval of the site owners, and may not use anything you learn in this class to disrupt services or harm others. If you have any doubts about whether or not something you want to do is ethical and legal, you should check with the course instructor.

Advanced Topics in Computer Security, Spring 2021, Ning Zhang