Course Description Class Logistics & Grading Topics Important Dates List of Projects
Instructor: Prateek Saxena (dcsprs at nus dot edu dot sg)
Room & Timings: VCR Room1 , Tuesdays Noon - 2pm
IVLE Page: CS6231 (counts towards "Computer Systems" cluster for PhD students)
Semester: AY 2013/2014 Semester 1


  • Aug 20th : First paper reading assignment is out. Due on Aug 28th.
  • Aug 12th : No summary is expected for week 1 reading. It will not be graded.
  • Aug 12th : Project Proposal requirement released (see below). Due on Sep 9th midnight.
  • Nov 26th : Final paper submission and poster instructions updated on IVLE. Due on Dec 3 and Dec 6 midnight (SGT) respectively.

Course Description

Security breaches cost billions of dollars worth of damage to the computing industry. Today, cybercriminals control armies consisting of several millions of compromised machines. Attacks are increasingly being perpetrated towards enterprises, individuals, critical infrastructure and even governments. At the same time, our computer systems and platforms are fast evolving to meet the demands of the industry and other sciences (like genomics). Outsourcing of big data, increasing use of personalized devices, and our growing dependence on the web and social networking services is transforming the Internet and computer systems. Have you thought about how computer systems can be designed to secure against the practical challenges for the next 10 years and beyond?

The goal of this class is to enable students to:

  • Identify emerging and open problems in system security research.
  • Apply a set of advanced primitives / techniques in designing security solutions.
  • Critically review the security of new systems.
  • Compare and contrast the security choices in new operating systems
  • Build a research prototype, or write a survey paper for 1 problem in security.

Topics & Readings

In each class, we will discuss one fundamental security concept or technique. The concept or technique will explained in the context of a problem in computer systems design. Following each class is one or more papers available for reading, which will be made available on the day of the class. You can read the paper to see how the concept is applied, or gainer a deeper understanding of the concept. You can submit paper summary for any 6 of the readings that you have read (see below).

The table below lists the schedule of topics.

113 AugIntroduction to Computer Security & Course Overview Database Metatheory: Asking the Big Queries No summary expected
220 AugSecure Channels BlackHat USA 2011: SSL And The Future Of Authenticity
Assignment: A1
Due on Aug 28th
327 AugIsolation, Permissions and Delegation Jekyll on iOS: When Benign Apps Become Evil
Assignment: A2
Due on Sep 3rd
43 SepReference Monitors, Probabilistic Defenses & Puzzles Transparent ROP Exploit Mitigation Using Indirect Branch Tracing
Assignment: A3
Due on Sep 10th
510 SepVirtualization & Trusted Computing NoHype: Virtualized Cloud Infrastructure without the Virtualization
Assignment: A4
Due on Sep 17th
617 SepInformation Flow Control Assessing security threats of looping constructs
Assignment: A5
Due on Sep 24th
71 OctSymbolic Analyses Higher Order Test Generation
Assignment: A6
Due on Oct 8th
88 OctType Safety CCured: Type-Safe Retrofitting of Legacy Code
Assignment: A7
Due on Oct 15th
922 OctCryptographic File Systems Lest We Remember: Cold Boot Attacks on Encryption Keys
Assignment: A8
Due on Oct 29th
1029 OctSecure Outsourced Storage Iris: A Scalable Cloud File System with Efficient Integrity Checks
Assignment: A9
Due on Nov 5th
115 NovPrivate Computation on Outsourced Data AUTOCRYPT: Enabling Homomorphic Computation on Servers to Protect Sensitive Web Content
Assignment: A10
Due on Nov 12th
1212 NovAnonymity vs. Differential Privacy Robust De-anonymization of Large Sparse Datasets
Assignment: A11
Due on Nov 21st

Paper Summary Exercise

For each paper, we will release a set of questions that will help your critically think about what you learnt from the paper. The questions are designed to be somewhat open-ended, and may not have a single right answer. So, feel free to write your interpretation of the concepts you read. Your response is to be submitted as a paper summary.

Each paper summary is graded out of 5 points, and you are expected to submit only 6 paper summaries. Your first 6 paper summary scores are counted towards your final grade. That is, if choose to submit paper summaries for all the weeks, we will take your paper summary scores for your first 6 weeks.

Paper summaries are to be submitted before the next lecture at 9 a.m., in PDF format. Please submit it directly on IVLE in the workbin. Please include your name and matriculation number in your submission. Please name your submission PDF file in the format: "Week-<N>-<your-matriculation-number>;", where N is the week number (from the table above). For example, if your matriculation number is "A4878822" and your submission is for the paper posted in week 3, then the filename should be "Week-3-A4878822".

Please run a plaigarism check on your submission. This is available built into IVLE.

Class Logistics & Grading

This class is a research-focused class. It counts towards the computer systems cluster requirement for PhD students. I will explain the detailed logistics of the course in the first lecture. There will be no exam, labs or tutorials for the course. I intend to keep the classes for critical and lively discussions. To get the most out of the class, ask a lot of questions! Naive questions are often the best.

The main deliverable in the class is a term project. You are expected to write a 6-10 page (in 10pt ACM style) paper on any topic with relevance to security. See the projects page for more details. Your project can be done in a team of at most 2 students.

  • Term Paper - 60%
    • Proposal - 10%
    • Progress Report (Presentation) - 10%
    • Final paper - 40%
  • Final Poster Presentation - 10%
  • Paper Summaries (any 6) - 30%

Who should take this class?

This is a research focussed class with a heavy weightage on producing a useful research paper. In lectures, we will broadly discuss emerging challenges and attacks, with specific defense concepts. Take this class if you want to explore research ideas in security. I strongly invite students who are still choosing their research areas to this class. I am also keen to see students from outside of security come and apply their knowledge, especially if you work in PL, operating systems, machine learning, HCI or NLP. The best ideas arise from "out-of-the-box" thinking. Students who are passionate about building systems and have a curiosity about computer security are welcome. If you are unsure about about whether taking this class, I encourage you to show up for the first lecture.


The prerequisite is good undergraduate level understanding of computer science and having taken a undergraduate or graduate course in security. Exceptions to prerequisite requirements are allowed with the permission of the instructor.

Note on Ethics

In this class, you will be exposed to several powerful attack techniques. This class is not an invitation exploit vulnerabilities in the wild without informed consent of all involved parties. Attacking someone else's computer system is an offence; you are expected to use your knowledge with discretion.

For all readings and assignments, please feel free to discuss with your peers and use the Internet. But, you should write up your own submissions and cite any external resources you utilize in your write-ups. All students must comply with NUS academic honesty policies.

Important Dates

  • Aug 27 - Formation of project groups. Each group can have a maximum of two students. Select a broad target for project.
  • Sep 9 - Submission of research proposals on IVLE (2-3 pages). Each group should submit only one copy of the project statement, i.e. either of the two members can upload.
  • Oct 22 - Submission of project progress report (3 - 5 pages).
  • Dec 3 - Submission of final term paper (6 - 16 pages, double-column 10pt format).
  • Dec 6 - Project poster Presentation (Open to view by everyone in the CS / IS dept, and external industry visitors).

List of Projects

Here is an initial list of project ideas to help you get started on research problem. You are encouraged to find and work on a problem that you really like, even if it has only some relevance to computer security. If you have your own idea, that's good!