CS261: Security in Computer Systems
Fall 2018


Lectures: Monday 1:00pm - 2:29pm, 310 Soda; Wednesday 10:00am - 11:29am, 405 Soda
Staff:
Office hours: Tuesdays 2-3pm in Soda 729 (Raluca); Fridays 4-5pm in Soda 283E (Yuncong Hu)

Piazza:
Sign up for this course's Piazza. Please don't hesitate to ask questions to the class and have discussions there. Moreover, you can use it to find course project teammates.
Contact: Got a question? Post on Piazza.
Course overview:
Graduate survey of modern topics in computer systems security, including secure messaging, blockchain and cryptocurrencies, hardware security, secure federated computation, language-based security, anonymous communication, privacy and others. (3 units)
Prerequisites: CS 162 and CS 161 or equivalent.
Assignments: Each student can choose between doing an in-class presentation or scribing 1 or 2 lectures. Quality technical writing and presentations are very important in research and graduate school.
Grading:




Date Topic + Readings Scribe notes
Wed, Aug 22, 405 Soda

Course overview Merkle trees.
Read Section 8.9 , Dan Boneh and Victor Shoup
and Providing Authentication and Integrity in Outsourced Databases using Merkle Hash Tree's , Mykletun et al.

No scribe. Refer to readings.

Mon, Aug 27, 310 Soda

Secure communications 1
Key Transparency. Read CONIKS, Melara et al.
Optional reading: Certificate Transparency, this Google talk and the full RFC6962.

Lecture Slides
No Scribe Notes.
Wed, Aug 29, 405 Soda

Secure communications 2
Read secure messaging, Unger et al., Sections I-V.C.4.
Presenter reads V.C.5, V.C.6, V.C.7.
Assignment

No lecture slides (white board).
No presentation.
Scribe Notes

Mon, Sept 3, 310 Soda

Labor Day.

Wed, Sept 5, 405 Soda

Infrastructure security
Read Google's infrastructure security.
Presenter reads Google's BeyondCorp.
Assignment

No lecture slides (white board).
Presentation Slides
Scribe Notes

Mon, Sept 10, 310 Soda

Blockchains and cryptocurrency 1
Read the original Bitcoin paper, Nakamoto.
Optional reading: How the Bitcoin protocol actually works, Nielsen (more detailed that the Bitcoin paper).
Presenter reads: Wallets.
Assignment

Lecture Slides
Presentation Slides
Scribe Notes

Wed, Sept 12, 405 Soda

Blockchains and cryptocurrency 2
Read the Ethereum white paper.
Optional: Ethereum yellow paper, Wood (goes in more depth).
Presenter reads: A survey of attacks on Ethereum smart contracts, Atzei et al., and The history of the DAO, Jentzsch.
Assignment

Lecture Slides
Presentation Slides
Scribe Notes

Mon, Sept 17, 310 Soda

Blockchains and cryptocurrency 3
Read: Algorand, Gilad et al.
Presenter reads the same paper.
Assignment

No lecture slides (white board).
Presentation Slides
Scribe Notes

Wed, Sept 19, 405 Soda

Zero-knowledge proofs and applications
Read Zerocash, Ben-Sasson et al.
Optional: full Zerocash paper, which explains the protocols in more detail and also provides more background on the building blocks used.
Presenter reads the same material.
Assignment

No lecture slides (white board).
No presentation slides (white board).
Scribe Notes

Mon, Sept 24, 310 Soda

Hardware security 1
Read Meltdown, Lipp et al.
Presenter reads Spectre, Kocher et al.
Assignment

No lecture slides (white board).
Presentation Slides
Scribe Notes

Wed, Sept 26, 405 Soda

Hardware security 2
Hardware enclaves.
Read Innovative Instructions and Software Model for Isolated Execution (the Intel SGX paper), McKeen et al. This video by McKeen might be easier to follow than the paper.
Presenter reads VC3, Schuster et al.
Optional reading: Intel SGX Explained.
Project proposals due before class.
Assignment

Lecture Slides
Presentation Slides
Scribe Notes

Mon, Oct 1, 310 Soda

Hardware security 3
Read Controlled-Channel Attacks, Xu et al.
Presenter reads Observing and Preventing Leakage in MapReduce, Ohrimenko et al.
Assignment

Lecture Slides
Presentation Slides
Scribe Notes

Wed, Oct 3, 405 Soda Oblivious computation
Read: Batcher's sorting network, and Opaque (all Sections except Sec 6, which is optional), Zheng et al.
Presenter reads the same papers.
Assignment

No lecture slides (white board).
Presentation Slides
No scribe note.

Mon, Oct 8, 310 Soda

Secure computation 1: Garbled circuits and OT
Read A gentle intro to garbled circuits, Yakoubov.
Presenter reads: The Simplest Protocol for Oblivious Transfer, Chou and Orlandi.
Assignment

No lecture slides (white board).
No presentation slides (white board).
Scribe Notes

Wed, Oct 10, 405 Soda

Secure computation 2: Applied MPC.
Read Pretzel, Gupta et al. Sections 1-3.
Presenter reads the same paper.
Assignment

Lecture Slides
Presentation Slides

Mon, Oct 15, 310 Soda

Secure computation 3: secure analytics.
Read Google's federated learning blog post and Google's secure aggregation paper, Sections 1-5.
Optional: Sections 6-10.
Assignment

No lecture slides (white board).

Wed, Oct 17, 405 Soda

Secure computation 4
secure learning. Read: Machine Learning Classification over Encrypted Data, Bost et al.: all sections except for VII which is optional.
Presenter reads: Section VII.
Assignment

Mon, Oct 22, 310 Soda

Attacks on ML
Stealing Machine Learning Models via Prediction APIs, Tramer et al. (Section 6 is optional) and Towards Evaluating the Robustness of Neural Networks, Carlini and Wagner (Sections I-V, the rest are optional).
Presenter 1 reads first paper in full.
Presenter 2 reads second paper in full.

Assignment

Wed, Oct 24, 405 Soda

Software security 1

Mon, Oct 29, 310 Soda

Software security 2

Wed, Oct 31, 405 Soda

Exam.

Mon, Nov 5, 310 Soda

IoT Security 1
attacks.

Wed, Nov 7, 405 Soda

IoT security 2
defense.

Mon, Nov 12

Veterans Day.

Wed, Nov 14, 405 Soda

Anonymous communication

Mon, Nov 19, 310 Soda

Project presentations.

Wed, Nov 21

Non-Instructional Day.

-

Mon, Nov 26, 310 Soda

Project presentations.

-

Wed, Nov 28, 405 Soda

Project presentations.

-




Related Courses

Security books

Conferences

Building secure systems involves innovating in both systems and security. Therefore, the top conferences in this field are both systems and security conferences.

Systems conferences

Security conferences