CSC 495/583 Advanced Topics in Computer Security

Attack/Defense, Risk Analysis and more

2018-Spring Course Website

Instructor: Si Chen

Course Logo

Course Description

In this class, we will first explore the context and some foundational questions of security research and practice in general, such as why are some security technologies deployed and others fail, how we measure security and assess risk and the economics of security. We will also learn to have an attacker's mind by studying various recent attacks. These questions and studies will help the students develop a foundation and a well-rounded view of security research. With this foundation, we will then cover some of the state-of-the-art research results and on-going research activities in some topics in software security, web security, security and privacy issues in cloud computing, mobile devices and networks, and IoT devices and systems. We will explore how to define and address security research questions in these settings. In particular, we will discuss new threats emerged from these new platforms and applications such as AR and VR, the rich cloud and mobile platforms, and IoT and Blockchain systems, study various analysis techniques and tools for vulnerability discovery and threat analysis, and explore approaches for building in better security in these platforms and applications. This class is particularly suited to students who are interested in learning about current research activities and conducting research projects in computer security.

Expected Background

No prerequisite for graduate students, although sufficient security background is expected. For undergraduate students, please make sure you completed CSC 302 or check with the instructor.

Textbook

No Textbook

Reference book:

  1. Randal E. Bryant, Davie Richard O'Hallaron, Computer Systems: A Programmer's Perspective, 3rd Edition, ISBN 978-0134092669
  2. Wenliang Du, Computer Security: A Hands-on Approach, ISBN 978-1548367947

Course Content

# Date Topic Slides Supporting Materials
L1 Jan 23, 2018 Introduction ch01.pptx
L2, L3 Jan 25, 2018 / Jan 30, 2018 Web Security and Privacy ch02.pptx
L4 Feb 1, 2018 Web Security and Privacy (2) ch04.pptx Apple.com? Status Bar Spoofing Vulnerability
L5 Feb 8, 2018 Core Defense Mechanisms for Web ch05.pptx
L6 Feb 20, 2018 Large Scale Attacks: DDOS, Worms, and IoT Botnet (Mirai) ch06.pptx Digital Attack Map Slowloris Source Code Mirai Source Code
L7 Feb 27, 2018 Network monitoring and intrusion detection analysis ch07.pptx
R1 Feb 27, 2018 Reading Question 1 Homework 1
L8 March 06, 2018 Privacy and security in Mobile ch08.pptx
L9 March 22, 2018 Blockchain Security ch09.pptx
R1 March 22, 2018 Reading Question 2 Homework 2
FP April 3, 2018 Final Project Final Project
L10 April 10, 2018 Side Channel Attack ch10.pptx

Schedule for Presentations

Tutorials

TBD