CS261: Security in Computer Systems
Fall 2017


Lectures: Monday and Wednesday, 10:30am-11:59am, 320 Soda
Staff:
Office hours: Tuesdays 2-3pm in Soda 729 (Raluca); Tuesdays 2-3pm in Soda 733 (David)

Piazza:
Sign up for this course's Piazza. Please don't hesitate to ask questions to the class and have discussions there. Moreover, you can use it to find course project teammates.
Contact: Got a question? Post on Piazza.
Course overview:
Graduate survey of modern topics in computer security, including systems techniques, web security, systems based on cryptography, network security, anonymous communication, crypto currencies, trusted computing, mobile computing, usable security, privacy and others. (3 units)
Prerequisites: CS 162 or equivalent.
Assignments:
Grading:




Date Topic + Readings Scribe notes
Wed, Aug 23

Course overview. Hardware enclaves.
Skim Innovative Instructions and Software Model for Isolated Execution, McKeen et al. and Haven, Baumann et al.
Tip: Haven has a summary of SGX that is a good prep for the first reading, which is less friendly.

Mon, Aug 28

Read this overview: Techniques for computing on encrypted data in a practical system, Popa.
Presenter reads first 15 pages of A Proof of Security of Yao's Protocol for Two-Party Computation, Lindell and Pinkas.
Assignment

Notes
Wed, Aug 30

Integrity for outsourced data structures. Read Merkle Hash Trees, Mykletun and Certificate Transparency, Laurie.
Presenter reads VerSum: Verifiable Computations over Large Public Logs.
Assignment

Wed, Sept 6

Network security.
Read A look back at Security Problems in the TCP/IP Protocol Suite, Bellovin.
Presenter reads China's Great Cannon, Marczak et al.
Assignment

Mon, Sept 11

Encrypted databases.
Read Opaque, Zheng et al.
Presenter reads Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating System.
Assignment

Wed, Sept 13

Privilege separation.
Read The Security Architecture of the Chromium Browser, Barth et al.
Presenter reads Privilege separation in HTML5 applications.
Assignment

Mon, Sept 18

Language-based security.
Read Joe-E: A Security-Oriented Subset of Java, Mettler et al.
Presenter reads JFlow: practical mostly-static information flow control, Myers.
Assignment

Wed, Sept 20

Mobile security.
Read Android Permissions: User Attention, Comprehension, and Behavior, Felt et al and How To Ask For Permission, Felt et al.
Presenter reads User-driven access control: Rethinking permission granting in modern operating systems, Roesner et al and Overhaul: Input-Driven Access Control for Better Privacy on Traditional Operating Systems, Onarlioglu et al.
Assignment

Mon, Sept 25

Machine learning security topics: hiding data or models.
Read Privacy-Preserving Ridge Regression on Hundreds of Millions of Records, Nikolaenko et al. You do not need to read IV.E-IV.G (malicious security); focus on understanding IV.A-IV.D.
Presenter reads Machine Learning Classification over Encrypted Data, Bost et al.
[Optional reading: the state-of-the-art in this space is SecureML, Mohassel and Zhang.]
Assignment

Wed, Sept 27

Differential privacy.
Read Privacy integrated queries, McSherry.
Presenter reads: Differentially Private Password Frequency Lists, Blocki et al.
Optional: Dwork's original paper on DP
Assignment

Mon, Oct 2

Proposal due date. SUNDR. Authenticated data structures. Read Secure Untrusted Data Repository (SUNDR), Li et al.
Presenter reads
Assignment TBD

Wed, Oct 4

Bitcoin.
Read How the Bitcoin protocol actually works, Nielsen.
Optional: Bitcoin: A Peer-to-Peer Electronic Cash System, Nakamoto.
Presenter reads Secure multiparty computations on Bitcoin, Andrychowicz and A scalable verification solution for blockchains, Teutsch.
Assignment TBD

Mon, Oct 9

Advanced blockchain-based concepts.
Assignment TBD

Wed, Oct 11

Security of Internet of things.
Assignment TBD

Mon, Oct 16

Web security 1.
Assignment TBD

Wed, Oct 18

Symbolic execution.
Symbolic Execution for Software Testing: Three Decades Later, Cadar et al.
Presenter reads Coverage-based Greybox Fuzzing as Markov Chain, Bohme et al.
Assignment

Mon, Oct 23

Sandboxing.
Assignment TBD

Wed, Oct 25

Usable security.
Assignment TBD

Mon, Oct 30

Side-channel attacks.
Assignment TBD

Wed, Nov 1

Exam.

Mon, Nov 6

Web security 2.
Assignment TBD

Wed, Nov 8

Underground economy.
Assignment TBD

Mon, Nov 13

Secure messaging.
Assignment TBD

Wed, Nov 15

Design day.

Mon, Nov 20

Project presentations.

Mon, Nov 27

Project presentations

-

Wed, Nov 29

Project presentations

-




Related Courses

Security books

Conferences

Building secure systems involves innovating in both systems and security. Therefore, the top conferences in this field are both systems and security conferences.

Systems conferences

Security conferences