| Instructor: | Prateek Saxena (prateeks at comp dot nus dot edu dot sg) | |
| TAs | Teodora Baluta (cs3235.ta at gmail.com) | |
| Room & Timings: | LT15, Tuesdays 2:00 - 4:00 pm | |
| IVLE Page: | CS3235 | |
| Semester: | AY 2017/2018 Semester 2 |
* End-term Exam will be in-class on April 17th, 2018
Computers are instruments to improve efficiency. Often, their design is not robust against an intellegent adversary. Computer security is the science of studying why our computing techniques and systems fail, and ultimately to build them robustly. In this course, we will look at the fundamental principles behind "adversarial thinking" and robust design of computer algorithms and code. The course will highlight the use of these concepts in real-world designs, machine code exploitation, and Internet protocols. Time permitting, we will look into advance topics such as security of machine learning, cryptocurrencies (like Bitcoin!), and widely deployed cryptographic protocols and OSes.
The goal of this class is to enable students to:
The table below lists the schedule of topics.
| Week | Date | Topic | Readings | Announcements |
|---|---|---|---|---|
| 1 | 16 Jan | Introduction to Computer Security | Book G & T -- Chapter 1.1, Chapter 3.1, and Book D & K - Appendix A.1, A.2 | |
| 2 | 23 Jan | Memory Safety & Secure Coding |
Smashing The Stack For Fun And Profit Exploiting Format String Vulnerabilities Understanding Integer Overflow in C/C++ (Section 1- 3 suffice) Book G & T -- Chapter 3.4 |
|
| 3 | 30 Jan | Privilege Separation & Sandboxing | Improving Host Security with System Call Policies Preventing Privilege Escalation Book G & T -- Chapter 1.3, 3.1, 3.3, 4.3, 4.5 Optional (Advanced): |
|
| 4 | 6 Feb | Network Security & HTTPS |
Book G & T -- Chapter 5, 6.1, 7.1 | Assgt 1 out |
| 5 | 13 Feb | Introduction to Cryptography; Secure Channels (I): Symmetric Key Crypto |
Book G & T -- Chapter 2.1 |
|
| 6 | 20 Feb | Secure Channels (II): Public Key Crypto |
Book D & K -- Chapter 2.1.1, 2.1.2, 2.1.5 | |
| 7 | 27 Feb | Recess Week |
|
|
| 8 | 6 Mar | Integrity & Authenticity: MACs & Digital Signatures | Book D & K -- Chapter 3.1, 3.2., 3.3, 3.4 |
|
| 9 | 13 Mar | Applications: Bitcoin, Blockchain, Certificate Transparency | Book D & K --Chapter 2.2.3, 3.3.4 |
|
| 10 | 20 Mar |
Authentication & Key Exchange Protocols, UI Security |
Book D & K -- Chapter 4.1 |
Assgt 2 out |
| 11 | 27 Mar |
Cloud Security (Integrity) - Trusted Computing [Guest Lecture: Shweta Shinde] | Lecture Notes |
|
| 12 | 3 Apr | Cloud Security (Privacy) - Encrypted computation, Side channels [Guest Lecture: Shruti Tople] |
|
|
| 13 | 10 Apr |
Review, odds-and-ends |
|
|
| 14 | 17 Apr |
End-term Exam |
|
There are no mandatory textbooks for this course. The lecture slides, indicated papers, and the tutorial content will constitute the main reading material.
You are expected to take your own notes, and interpret / extrapolate the findings beyond the reading material for homeworks and exams.
Optional textbooka:
This class is requires hands-on programming and experimentation. I will explain the detailed logistics of the course in the first lecture. There will no final exam. Attending tutorials is highly recommended. All material covered in lectures and tutorials is part of the syllabus.
Grade distribution is as follows:
All assignments are individual. The final exam is likely to be open-book (subject to change!) and will be in class.
Each student is expected to have access to his own laptop / desktop.
All experimental assignments are distributed as VirtualBox VMs; you are expected to be able to setup and run these VMs.
If you do not have access to your own laptop / desktop, you should approach the instructor within the first week of the course. Note that there are student labs on campus.
Students interested in computer security. We assume basic familiarity with mathematical proofs, elementary number theory (e.g. the concept of groups), OS concepts (processes, virtual memory), basic automata theory (finite state machines), and the C programming language.
The class is designed to be somewhat self-paced and self-taught; all graded assignments are done at home.
The IVLE forum is your best friend --- if you get stuck, ask questions and exchange ideas freely on the forum or consult the web. The instructor and TAs will *not* help debug your code, or tell you how to overcome technical difficulties.
In this class, you will be exposed to several powerful attack techniques. This class is not an invitation exploit vulnerabilities in the wild without informed consent of all involved parties. Attacking someone else's computer system is an offence; you are expected to use your knowledge with discretion.
There is no restriction on your communication with other students. We follow an honor code: You are expected to do your homeworks and exams independently. Collaboration is restricted to gaining knowledge of concepts, but answers to assignment questions are expected to reflect your own work. Violations of the honor code tantamounts to academic dishonestly, which are dealt with in accordance with NUS academic policies.