Special Topics in Security explores recent research and unsolved problems in systems, network, software, and hardware security. The goals of the course are the following:

  • Expose students to the latest attacks and proposed defenses
  • Encourage students to critically evaluate recent research
  • Propose and discuss new approaches to security

Examples of topics covered by this course include:

  • Cyber-physical systems
    • Internet of Things
    • Autonomous systems
    • Industrial control systems
  • Algorithmic complexity attacks
  • Side channels and covert channels

Meetings

  • Class meets Tuesdays and Fridays 3:25—5:05pm in 159 Ryder
  • Office hours are by appointment

Grading

Grades will be assigned based on class participation in group discussion as well as on several in-class paper presentations.

Participation
50%
Presentations
50%

Prerequisites

This course assumes prior exposure to security. Little time will be spent on introducing foundational security concepts. Instead, the class will focus on recent developments in active research areas. Therefore, if you haven’t previously taken an equivalent course to, e.g., Software Vulnerabilities and Security, you might have a difficult time participating in discussions or properly presenting papers.

Policies

Cheating. Presentations and discussion must represent your own effort.
Group work is not allowed unless a problem statement specifically states otherwise. There will be zero-tolerance for cheating; all cheating cases will be brought to OSCCR. Actions that constitute cheating are defined in the University Academic Integrity Policy, and students that participate in this course must acknowledge that they have read and understood this document.

Grading. Late presentations will not be allowed unless an agreement is reached with the professor well in advance of the assigned date.

Reference Material. There is no official textbook for this course. All discussion and presentations will be based on research papers.

Online Discussion. Online discussion and questions will be handled through Piazza, not via email. A best effort attempt will be made to respond to posts within 24 hours on weekdays during normal working hours. To ensure a timely response, do not wait to ask questions until the night before a class meeting or presentation.

Ethics. This course covers sensitive material that includes information on how to exploit vulnerable software. Discussion of attacks is not to be construed as implicit encouragement or permission to perform them. In particular, attacks performed against University resources or the open Internet are expressly prohibited. Students should also be familiar with the University Appropriate Use policy.

Schedule

Note: Full schedule to be determined after initial class meetings.

Date Module Topics and Readings
Fri Sep 09 Foundations Introduction, Foundations
Tue Sep 20 Paper Discussion Binary Analysis
Fri Sep 23 Paper Discussion Program Testing
Tue Sep 27 Paper Discussion ASLR and CFI
Fri Sep 30 Paper Discussion Bug Testing
Tue Oct 04 Paper Discussion Return-Oriented Programming
Fri Oct 07 Paper Discussion Fine-Grained Randomization
Tue Oct 11 Paper Discussion Data-Flow Analysis
Fri Oct 14 Paper Discussion Fuzzing
Tue Oct 18 Paper Discussion CFI Approximations
Fri Oct 21 Paper Discussion Breaking CFI
Tue Oct 25 Paper Discussion Static Analyses
Fri Oct 28 Paper Discussion Abstraction Recovery
Tue Nov 08 Paper Discussion Randomization Attacks
Fri Nov 11 Paper Discussion More Randomization
Tue Nov 15 Paper Discussion More CFI
Fri Nov 18 Paper Discussion Analyzing JavaScript
Tue Nov 22 Paper Discussion More JavaScript