Course Description
This course aims to provide a comprehensive understanding of the context and foundational principles of security research and practice. We will begin by exploring key questions such as the reasons for the success or failure of certain security technologies, how to measure security and assess risk, and the economics of security. Additionally, we will gain an understanding of an attacker's mindset by studying various recent attacks. These questions and studies will serve as a foundation for the course, and will help students develop a well-rounded view of security research.
Building on this foundation, we will delve into state-of-the-art research and current activities in various areas of computer security, including software security, web security, security and privacy issues in cloud computing, mobile devices and networks, and IoT devices and systems. We will discuss how to define and address security research questions in these settings, and explore new threats emerging from platforms and applications such as AR and VR, cloud and mobile platforms, and IoT and Blockchain systems. The course will also cover various analysis techniques and tools for vulnerability discovery and threat analysis, as well as approaches for building in better security in these platforms and applications.
This course is ideal for students who are interested in learning about current research activities and conducting research projects in computer security. The course will provide students with a comprehensive understanding of the field, and enable them to make informed decisions about their own research projects.
Expected Background
No prerequisite for graduate students, although sufficient security background is expected. For accelerated undergraduate students, please make sure you completed CSC 302 or check with the instructor.
Textbook
No Textbook
Reference book:
- Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
- Wenliang Du, Computer Security: A Hands-on Approach, ISBN 978-1548367947
Course Content
| # | Date | Topic | Slides | Supporting Materials |
|---|---|---|---|---|
| L1 | Jan 27, 2025 | Introduction | Ch01.pdf | |
| L2 | Jan 27, 2025 | IA-32 Register, Byte Ordering | Ch02.pdf | |
| L3 | Feb 03, 2025 | X86 Assembly & Stack | Ch03.pdf | |
| L4 | Feb 03, 2025 | Stack & Stack Frame | Ch04.pdf | |
| L5 | Feb 10, 2025 | Stack Frame & Calling Convention | Ch05.pdf | |
| Lab 1 (10 points) |
Feb 10, 2025 |
Lab1: Stack, Stack Frame & CrackMe
Due on: 02/24/2025 23:59:59
|
lab1.pdf |
|
| L6 | Feb 10 & 17, 2025 | System Call & Shellcode & Stack Overflow | Ch06.pdf | |
| L7 | Feb 24, 2025 | CVE-2006-3439 |
Ch07.pdf CVE-2006-3439 Static Analysis Report |
|
| Lab 2 (10 points) |
Mar 03, 2025 |
Lab2: Analyzing Buffer Overflow Vulnerability in NETAPI32.DLL
Due on: 03/31/2025 23:59:59
|
lab2.pdf | |
| L8 | Mar 17 & 24, 2025 | CVE-2008-4250 | Ch08.pdf |
|
| Lab 3 (10 points) |
Mar 24, 2025 |
Lab3: Analyzing Buffer Overflow Vulnerability CVE-2008-4250 in NETAPI32.DLL
Due on: 04/14/2025 23:59:59
|
lab3.pdf |
|
| L9 | Mar 31, 2025 | Web Security Online Asynchronous |
Ch09.pdf | |
| L10 | Apr 07, 2025 | Stealth process | Ch10.pdf |
|
| L11 | Apr 14, 2025 | Kernel Rootkit | Ch11.pdf | |
| L12 | Apr 21, 2025 | Volatility and Stuxnet | Ch12.pdf | |
| Final Project (30 points) |
Apr 21, 2025 | Final Project
Due on: 05/10/2025 23:59:59
|
FinalProject.pdf |
|
Tutorials and Supporting Materials
Presentation Rubric (total 15%)
| Category | Percentage | Criteria |
|---|---|---|
| Content | 8% |
|
| Presentation | 5% |
|
| Q&A Session | 1% |
|
| Peer Engagement | 1% |
|