CS 489/698 - Software and Systems Security
Course website for CS 489/698 (S23 term)
Course website under construction
The course syllabus, including the grading scheme and course outline should be stable now while assignment details and slides for each individual lecture will be updated as the course progresses.
About CS 489/698
This course provides an introduction to security issues in modern software, operating systems, and other computing platforms (e.g., mobile and cloud environments). It examines causes of security breaches and gives methods to help detect, isolate, and prevent them.
Students completing this course should be able to identify common attack vectors against modern computing environments and deploy state-of-the-practice detection and defense practices.
Course lectures are scheduled at 11:30am - 12:50pm every Tuesday and Thursday at MC 4058.
This course is run primarily through this course website and Piazza. While everyone can access the syllabus, weekly schedule, and an overview of modules and assignments from this website, enrolled students should use Piazza for discussion and private communications.
Assignment 1 released
Assignment 1 is released and available at this page. The due date is June 9th end of day.
Good luck with the assignment!
Relations to CS458
This course extends on system and software security topics of CS458. Specifically, this course aims to provide a deeper dive into common attack vectors, defense mechanisms, and state-of-the-practice detection tools that are only hand-waved in CS458.
A detailed (and non-exhaustive) diff on the topics covered in this course (in this particular pilot offering) and CS458 is shown below:
Extended coverage on software security topics
- Weird machine as semi-formal modeling of exploitation
- Advanced attack vectors (e.g., race conditions, logic bombs)
- Program hardening techniques (e.g., canaries, sanitizers)
- Vulnerability detection techniques (e.g., fuzzing, symbolic execution)
Extended coverage on system security topics
- Sandbox mechanisms (e.g., virtualization, containers, seccomp)
- OS-provided defenses (e.g., ASLR, anti-virus)
New topics on securing modern computing platforms
- Hardware security (including side channels, TEEs, security accelerators, etc)
- Mobile security (including Android permission framework, mobile app security, etc)
Cryptography-related topics not covered in this course
- Basics of cryptography (including encryption, hash, MAC, digital signature)
- (In)security of networking protocols (e.g., WEP, IPSec, TLS, PGP, etc)
Privacy-related topics not covered in this course
- Private-enhancing technologies (e.g., Tor, Remailer, PIR, etc)
- Privacy notions (e.g., k-anonymity, l-diversity, t-closeness, etc)
- Differential privacy