Piazza | Grading | Instructor and TA | Texts |
Lectures | Schedule | Course Description | Special needs |
In the class, we will discuss the principles and practice of computer system security, with particular emphasis on:
One of the main objectives of this course is adversarial thinking: students should be able to quickly zoom in on the weakest link in any security technology, or system design. Students should be able to imagine how an attacker might break their system, and build in protection and mitigation measures to ward off such attacks.
This is a hands-on course, where students learn by carrying out several short assignments and a final project. Some assignments will be aimed at in-depth understanding of software vulnerabilities by developing exploits. Others will be aimed at tools and techniques used for mitigating security threats. All of them are designed to prepare you for a final project that will be completed by groups of 2 to 4. All of these assignments and the projects provide a taste of research in software and systems security.
Some assignments are best carried out by teams of two. Please find a suitable project partner right at the beginning of the course in order to avoid problems later. You can do these assignments alone, but that obviously will mean more effort.
Note that lecture recordings are from a previous offering of this course. While most of the material has not changed, the depth of coverage in a few topics will differ to some extent. So, use these recordingly as supplementary material, but not as a substitute for in-person lectures.
Topic # |
Topics and Lecture Recordings | Slides | Notes |
1 | Introduction |   | |
2a |
Memory Corruption Vulnerabilities I
|
PDF |
C Runtime Environment C/C++ Object Layout Memory Errors and Defenses |
2b | Exploit Assignment Discussion |   |   |
2c |
Memory Corruption Vulnerabilities II
|
  | |
3 | More Software Vulnerabilities | 4 | Malware |
5 | Defenses for Untrusted Code and Malware | ||
6 | Binary analysis and instrumentation | PDF |
|
6a | Midterm review discussion |   |   |
7 | Cryptography Basics*
|
||
8 | Identification and Authentication 1h 11m 1h 6m
Reading: Password Security: A Case History Reading: Lamport's One-Time Password Scheme | ||
9 | OS Security and Access Control
Reading: Confining Root Programs with Domain and Type Enforcement |
||
10 | Virtual Machines 1hr 6 mins | ||
11 | Web security | ||
12 | Intrusion Detection 0:35 0:30 | ||
13 | Vulnerability analysis: Fuzzing and Symbolic Execution 1:12 | ||
14 | Side-channel attacks 0:53 Reading: Metdown and Spectre attacks |
||
15 | Course Summary |
* Topics marked with an asterisk were recorded outside of normal class hours.
Dates for assignments and mid-term exams are subject to change.
Date | Day | Item |
September 23 | Thursday | Exploit assignment |
October 5 | Tuesday | Quiz I |
October 16 | Saturday | Lab 2 |
October 28 | Thursday | Mid-term Exam |
November 3 | Wednesday | Lab 3 |
November 9 | Tuesday | Project selection due |
November 16 | Tuesday | Quiz II |
November 30 | Tuesday | Quiz III |
December 13 | Monday | Project submission |
December 15 | Wednesday | Final exam |
Late submission policy: You can take a total of two late days across the three programming assignments/labs. Just inform the TA whenever you want to take a day off. A day is defined as 24 hours. You can use both late days for one assignment, or use one late day each for two of the assignments.
R. Sekar
Office: Rm 364 New Computer Science
Office Hours: Wed 11:30am to 12:30 on ZoomIf you experience difficulties in joining the zoom call, please send me email (my last name at cs.stonybrook.edu).
Rory Bennett
Office Hours: Mon, Fri 11am to noon on zoom
Email: rmbennett at cs dot stonybrook dot edu
There is no textbook for this course. We will rely primarily on class notes.
Your final grades will be computed as follows. The wieightings are approximate, and will change over the semester, stabilizing about half way into the semester.
Copying homework solutions or programming assignments from a fellow student or from the Internet, and all other forms of academic dishonesty, are considered serious offenses. They will be prosecuted to the maximum extent permitted by university policies.
If you have special needs, concerns or a disability, please contact the staff at Student Accessibility Support Center (SASC). SASC staff will review your concerns and determine, with you, what accommodations are necessary and appropriate. All information and documentation will remain confidential.