| Instructor: | Prateek Saxena (prateeks at comp dot nus dot edu dot sg) | |
| TA: | Zhijingcheng (Jason) Yu | TA Email: | cs5231.ta at gmail.com |
| Timings: | Online, Friday 6:30 - 8:30 pm | |
| LumiNUS Page: | CS5231 | |
| Semester: | AY 2020/2021 Semester 1 |
Security breaches cost billions of dollars worth of damage to the computing industry. Attacks are increasingly being perpetrated towards enterprises, individuals, and critical government infrastructure. At the same time, there is increasing use of personalized devices and software that wasn't designed with security and privacy in mind. Have you thought about how secure computer systems could be designed to tackle emerging threats?
In this course, we will study how to analyze and design existing and next-generation systems software. The course covers fundamental concepts of secure systems design and a few advanced research topics.
The goal of this class is for you to:
The table below lists the schedule of topics.
| Date | Topic |
|---|---|
| 14 Aug | Introduction |
| 21 Aug | Network Layer Attacks, Secure Channels (HTTPS) |
| 28 Aug | Practical Limitations of Secure Channels (Homework 1 out) |
| 4 Sep | Software Vulnerabilities (I) (Homework 1 due) |
| 11 Sep | Software Vulnerabilities (II) |
| 18 Sep | In-class Quiz (Lec 1-3 content only) (Homework 2 out) |
| 25 Sep | Recess Week --- No Class |
| 2 Oct | Memory Safety |
| 9 Oct | Isolation and Sandboxing: Policies |
16 Oct |
Process-Level Isolation and Privilege Separation (Homework 2 due) |
23 Oct |
Virtualization and Trusted Execution Environments |
| 30 Oct | In-class Quiz (Lec 4-8 content only) |
| 6 Nov | Privacy: Concepts, Attacks, and Defenses (Homework 3 out) |
13 Nov |
Advanced Topics (e.g Security and Privacy for ML systems, Blockchains, etc.) (Homework 3 due) |
Please attend the first lecture for more information on grading and other logistical informaton. There will be no final exam, labs or tutorials for this module.
Grade distribution is as follows:
Homeworks can be done in groups of 2 or individually. As per university guidelines, classes will be online only since number of students in the class exceed 50.
This is a graduate-level class for students interested in security, both conceptually and operationally. The class is designed to be somewhat self-paced; all graded assignments are done at home. Being a graduate class, you are expected to pick-up and learn new things on your own with help from your friends / teammates and from the web. The LumiNUS forum is your friend. Please ask questions and exchange ideas freely on the forum or consult the web.
The prerequisite is good undergraduate level understanding of computer science and having taken a undergraduate or graduate course in security. Exceptions to prerequisite requirements are allowed with the official permission of the graduate office solely.
In this class, you may be exposed to computer exploitation techniques. This class is not an invitation exploit vulnerabilities in the wild without informed consent of all involved parties. Attacking someone else's computer system is an offence; you are expected to use your knowledge with discretion. All students must comply with NUS academic honesty policies.
For homework assignments, you should cite any permitted external sources, which include papers at academic conferences, online textbooks available through NUS online / physical library, and resources provided by instructors/TA. The permitted sources are your notes from this class and prior ones you've taken for all assignments and exams. You are not allowed to search the Internet for solutions or seek help from any person outside your team, without prior approval from the instructor for homeworks. If you receive help from someone which has been useful, please acknowledge it in your submission.
All in-class quizzes are to be done completely individually. The quizzes are open-book, but you are not allowed to use any online resources. All communication should go through the instructors.