CSE 509 (original) (raw)
CSE 509 Computer System Security
Fall 2024
| Course Description | Instructor and TA | Texts | Lectures | Grading | Special needs |
|---|
Course Description
In the class, we will discuss the principles and practice of computer system security, with particular emphasis on:
- software vulnerabilities and advances in exploit techniques
- vulnerability analysis and mitigation techniques
- binary analysis, reverse engineering and instrumentation
- operating system security, isolation and sandboxing
- advanced attack campaign detection and forensics
One of the main objectives of this course is adversarial thinking: students should be able to quickly zoom in on the weakest link in any security technology, or system design. Students should be able to imagine how an attacker might break their system, and build in protection and mitigation measures to ward off such attacks.
This is a hands-on course, where students learn by carrying out three programming assignments and a final project. Some assignments will be aimed at in-depth understanding of software vulnerabilities by developing exploits. Others will be aimed at tools and techniques used for mitigating security threats. All of them are designed to prepare you for a final project that will be completed by groups of 2 to 4. All of these assignments and the projects provide a taste of research in software and systems security.
Some assignments are best carried out by teams of two. Please find a suitable project partner right at the beginning of the course in order to avoid problems later. You can do these assignments alone, but that obviously will mean more effort.
Course Topics
- Processor and virtual machine security
- Operating system security
- Cryptography and authentication
- Access control
- Software vulnerabilities and exploit techniques
- Vulnerability analysis
- Vulnerability mitigation techniques
- Intrusion detection
- Malware
- Defenses for untrusted code and malware
- Reverse engineering We will reorder these topics during the semester in order to ensure that topics relevant for the course project are covered early on.
Lectures
| Topic# | Description | Slides |
|---|---|---|
| 1 | Introduction | |
| 2 | Memory Corruption Vulnerabilities | |
| 3 | Processor and Virtual Machine Security | |
| 4 | Operating System Security | |
| 5 | Cryptography Basics | |
| 6 | Authentication | |
| 7 | Access control | |
| 8 | Malware | |
| 9 | Untrusted code | |
| 10 | Binary code security | |
| 11 | Binary Instrumentation | |
| 12 | Vulnerability Discovery | |
| 13 | Software Vulnerabilities II | |
| 14 | Web Security | |
| 15 | Intrusion Detection | |
| 16 | Side-Channel Attacks |
In place of the two in-person lectures in the last week of classes, please listen to the following lectures from a previous offering of the course. (All of this material is included in the final exam.)
- CVE, CWE, and Principles of Secure system design:19 mins,24 mins
- CSRF and Clickjacking: 28 mins
- Client-side attacks and summary: 12 mins
- Intrusion Detection 0:35
- Side-channel attacks 0:53
Class Place and Time:
- Lecture time/location: Tue/Thu at 5:00pm to 6:20pm Javits 102
- First lecture: August 27, Tuesday
- Last lecture: December 5, Thursday
- Final Exam: December 12, Thursday, 5:30pm to 8:00pm, Javits 102
- No classes:
- October 15 (Fall Break)
- November 28 (Thanksgiving Break)
Late submission policy: You can take a total of 72 late hours across the programming assignments/labs. We will apply the late hours based on the time of your latest submission for each programming assignment.
Instructor:
R. Sekar
Office: Rm 364 New Computer Science
TA:
Information about the TAs and their office hours are posted on Piazza.
Texts:
There is no textbook for this course. We will rely primarily on class notes.
Grading
You will be handed homework problems sets in order to help you prepare for the exams. You will not have to submit solutions to these problem sets, but in order to encourage you to actually work out the problems, we may hold short quizzes in the class that test you on problems very similar to those in the problem sets. My intent is that quizzes require no preparation beyond solving problems in the associated homework problem set. In order to further reduce the stress involved in these quizzes, we automatically scale up your score in each quiz by a factor of 4/3, up to a maximum of 100%.
Your final grades will be determined from your exam grades, programming assignments and the final project. Exams and quizzes will contribute 60% of the grade while the project and the programming assignments will coutribute about 40%.
Copying homework solutions or programming assignments from a fellow student or from the Internet, and all other forms of academic dishonesty, are considered serious offenses. They will be prosecuted to the maximum extent permitted by university policies.
Special Needs
If you have special needs, concerns or a disability, please contact the staff at Student Accessibility Support Center (SASC). SASC staff will review your concerns and determine, with you, what accommodations are necessary and appropriate. All information and documentation will remain confidential.