wkr

Courses

The following is a list of courses I’ve taught at Northeastern.

CS5770 — Software Vulnerabilities and Security

Software Vulnerabilities and Security is a graduate course covering common software programming, configuration, and design mistakes, and how to avoid them. The goals of the course are the following:

  • Examine major vulnerability classes introduced in various software domains and levels of the software stack
  • Understand effective techniques for defending against exploitation in situ
  • Understand approaches for detecting the presence of vulnerabilities during development and deployment
  • Gain hands-on experience in attacking and defending vulnerable software

Examples of topics covered by this course include:

  • Memory corruption
  • Web security
  • Intrusion detection
  • Reverse engineering and binary analysis
  • Static and dynamic vulnerability discovery
  • Malware classification and triage

Current and Past Offerings

CS3740 — Introduction to Security

CS3740 is an undergraduate introduction to the principles of computer security. The goals of the course are the following:

  • Introduce the fundamental principles of designing and implementing secure programs and systems
  • Present and analyze prevalent classes of attacks against systems - Discuss techniques for identifying the presence of vulnerabilities in system design and implementation, preventing the introduction of or successful completion of attacks, limiting the damage incurred by attacks, and recovering from system compromises
  • Present the ethical considerations of security research and practice

This course offers opportunities for hands-on practice of real-world attack and defense in several domains, including systems administration, the Web, and mobile devices.

Current and Past Offerings

  • Fall 2014
  • Spring 2014

CS4740 — Network Security

CS4740/6740 is a mixed undergraduate and graduate-level course on network security covering a diverse range of topics at all layers of the networking stack, from physical to application-level security. The course focuses on the intersection between systems security principles and networking, from abstract models to their application in systems code, the Web, and mobile platforms. There is a pronounced emphasis on practical techniques for both defending and attacking systems in support of the high-level goal to impart the “attacker’s mindset.”

Current and Past Offerings

  • Fall 2014
  • Spring 2012
  • Fall 2011

CS7780 — Special Topics in Malware Analysis

CS7780 is a graduate level course on malicious software, or malware. In this course, we will examine malware both through the lens of recent academic literature as well as through practical research projects. The aim is to explore how malware manifests in systems-level code, on the Web, and in mobile devices, and to discuss approaches to dealing with malware in each of these settings. Representative topics of discussion include those from the following non-exhaustive list.

  • Vulnerability discovery
  • Program analysis
  • Fuzzing
  • Malware detection using program analysis
  • Malware classification and triage
  • Intrusion detection
  • Malware containment

The format of the classes will be biased towards interactive discussion, with little emphasis on lectures. Students should come to class prepared to discuss the week’s readings and assignments.

Current and Past Offerings

  • Fall 2012

EECE7398 — Special Topics in Network and Systems Security

EECE7398 is a special topics course on network and systems security, providing a broad overview of a diverse range of topics across these two domains. The course builds from foundational security models and principles to examine attacks and defenses in systems code, the Web, and mobile platforms. There is a pronounced emphasis on practical techniques in support of the high-level goal to impart the “attacker’s mindset.”

Current and Past Offerings

  • Spring 2013