Special Topics in Security explores recent research and unsolved problems in systems, network, software, and hardware security. The goals of the course are the following:
- Expose students to the latest attacks and proposed defenses
- Encourage students to critically evaluate recent research
- Propose and discuss new approaches to security
Examples of topics covered by this course include:
- Cyber-physical systems
- Internet of Things
- Autonomous systems
- Industrial control systems
- Algorithmic complexity attacks
- Side channels and covert channels
- Class meets Tuesdays and Fridays 3:25—5:05pm in 159 Ryder
- Office hours are by appointment
Grades will be assigned based on class participation in group discussion as well as on several in-class paper presentations.
This course assumes prior exposure to security. Little time will be spent on introducing foundational security concepts. Instead, the class will focus on recent developments in active research areas. Therefore, if you haven’t previously taken an equivalent course to, e.g., Software Vulnerabilities and Security, you might have a difficult time participating in discussions or properly presenting papers.
Cheating. Presentations and discussion must represent your own effort.
Group work is not allowed unless a problem statement specifically states otherwise. There will be zero-tolerance for cheating; all cheating cases will be brought to OSCCR. Actions that constitute cheating are defined in the University Academic Integrity Policy, and students that participate in this course must acknowledge that they have read and understood this document.
Grading. Late presentations will not be allowed unless an agreement is reached with the professor well in advance of the assigned date.
Reference Material. There is no official textbook for this course. All discussion and presentations will be based on research papers.
Online Discussion. Online discussion and questions will be handled through Piazza, not via email. A best effort attempt will be made to respond to posts within 24 hours on weekdays during normal working hours. To ensure a timely response, do not wait to ask questions until the night before a class meeting or presentation.
Ethics. This course covers sensitive material that includes information on how to exploit vulnerable software. Discussion of attacks is not to be construed as implicit encouragement or permission to perform them. In particular, attacks performed against University resources or the open Internet are expressly prohibited. Students should also be familiar with the University Appropriate Use policy.
Note: Full schedule to be determined after initial class meetings.
|Date||Module||Topics and Readings|
|Fri Sep 09||Foundations||Introduction, Foundations|
|Tue Sep 20||Paper Discussion||Binary Analysis|
|Fri Sep 23||Paper Discussion||Program Testing|
|Tue Sep 27||Paper Discussion||ASLR and CFI|
|Fri Sep 30||Paper Discussion||Bug Testing|
|Tue Oct 04||Paper Discussion||Return-Oriented Programming|
|Fri Oct 07||Paper Discussion||Fine-Grained Randomization|
|Tue Oct 11||Paper Discussion||Data-Flow Analysis|
|Fri Oct 14||Paper Discussion||Fuzzing|
|Tue Oct 18||Paper Discussion||CFI Approximations|
|Fri Oct 21||Paper Discussion||Breaking CFI|
|Tue Oct 25||Paper Discussion||Static Analyses|
|Fri Oct 28||Paper Discussion||Abstraction Recovery|
|Tue Nov 08||Paper Discussion||Randomization Attacks|
|Fri Nov 11||Paper Discussion||More Randomization|
|Tue Nov 15||Paper Discussion||More CFI|