Skip to main content Link Menu Expand (external link) Document Search Copy Copied
CS 489/698 (S23)

CS 489/698 - Software and Systems Security

Course website for CS 489/698 (S23 term)

Course website under construction

The course syllabus, including the grading scheme and course outline should be stable now while assignment details and slides for each individual lecture will be updated as the course progresses.

About CS 489/698

This course provides an introduction to security issues in modern software, operating systems, and other computing platforms (e.g., mobile and cloud environments). It examines causes of security breaches and gives methods to help detect, isolate, and prevent them.

Students completing this course should be able to identify common attack vectors against modern computing environments and deploy state-of-the-practice detection and defense practices.

Course lectures are scheduled at 11:30am - 12:50pm every Tuesday and Thursday at MC 4058.

This course is run primarily through this course website and Piazza. While everyone can access the syllabus, weekly schedule, and an overview of modules and assignments from this website, enrolled students should use Piazza for discussion and private communications.

Latest Announcement

Assignment 4 released

Aug 1 · 0 min read

Hi class,

Assignment 4 is released and available at this page. The due date is August 11th end of day.

Good luck with the assignment!

Best Regards,
Meng

All announcements

Relations to CS458

This course extends on system and software security topics of CS458. Specifically, this course aims to provide a deeper dive into common attack vectors, defense mechanisms, and state-of-the-practice detection tools that are only hand-waved in CS458.

A detailed (and non-exhaustive) diff on the topics covered in this course (in this particular pilot offering) and CS458 is shown below:

Extended coverage on software security topics

  • Weird machine as semi-formal modeling of exploitation
  • Advanced attack vectors (e.g., race conditions, logic bombs)
  • Program hardening techniques (e.g., canaries, sanitizers)
  • Vulnerability detection techniques (e.g., fuzzing, symbolic execution)

Extended coverage on system security topics

  • Sandbox mechanisms (e.g., virtualization, containers, seccomp)
  • OS-provided defenses (e.g., ASLR, anti-virus)

New topics on securing modern computing platforms

  • Hardware security (including side channels, TEEs, security accelerators, etc)
  • Mobile security (including Android permission framework, mobile app security, etc)

Cryptography-related topics not covered in this course

  • Basics of cryptography (including encryption, hash, MAC, digital signature)
  • (In)security of networking protocols (e.g., WEP, IPSec, TLS, PGP, etc)

Privacy-related topics not covered in this course

  • Private-enhancing technologies (e.g., Tor, Remailer, PIR, etc)
  • Privacy notions (e.g., k-anonymity, l-diversity, t-closeness, etc)
  • Differential privacy