|Lectures:||TuTh 12:30- 1:50 PM, DBH 1423
||By appointment if needed|
In this course, we lecture and discuss the latest security research in different layers of modern computer systems, for example computer architecture, OS, software, protocols, and algorithms such as machine learning. Students will perform research projects and gain hands-on experience evaluating and designing secure systems.
Tentative Topic List
There will be many opportunities to tailor the course to your backgrounds and interests. The tentative list of topics below should give you an idea of what to expect. See the schedule and reading list for additional details. Please get in touch if you have questions or suggestions.
GradingThere will be no exams. Instead, your grade will be based on the following:
Paper Summary (10%) – You will read one paper each class. You are required to write a short summary and offer critical comments for each paper. I'll look for evidence that you read the paper and thought carefully about the topic. The summaries are due at the beginning of class.
Discussion Participation (15%) – We will discuss the papers you read in class. Come prepared to discuss their strength/weakness and make substantive intellectual contributions. You can sign up to be the discussion lead to get bonus.
Attack/Tool Presentation (25%) – Choose an attack/vulnerability/exploit or a tool from the provided list and explain it and/or demo it in class. In a 10-15 minute presentation, explain the basic background, how the attack works, demo it (when possible), relate it to our daily life, and discuss possible defense/solution. Introduce a tool to show what it can do and how the tool works behind the scene. Give a demo on how to use the tool. Presentations will take place throughout the semester per the course schedule.
Research Project (50%) – You will conduct a research project during the quarter, with the goal of writing a publishable workshop paper. Students are encouraged to work in a small group of size 2 to 3. However, individual project is allowed and the output will be considered corresponding to that. Typical project topics involve analyzing the security of a system, developing a new security mechanism, or re-implementing or adapting an existing attack/defense.
Ethics, Law, and University PoliciesPlease respect the rights and privacy of others. Be aware that Federal and state laws criminalize computer intrusion and wiretapping. You can be expelled by the university and arrested if you violate the policies and laws. When in doubt, consult me or a lawyer.
Computer Fraud and Abuse Act (CFAA)
Electronic Communications Privacy Act (ECPA)
University of California Electronic Communications Policy