Course Description Class Logistics & Grading Topics Important Dates List of Projects
Instructor: Prateek Saxena (dcsprs at nus dot edu dot sg)
Room & Timings: COM1-02-04 , Mondays 3-5pm
IVLE Page: CS6283 (counts towards "Computer Systems" cluster for PhD students)
Semester: AY 2012/2013 Semester 2


  • April 1st : Project progress presentations in-class on April 8th. No reading for the class.
  • Jan 16th : Submit your paper summary for week 2 by email. Subject line should be "[CS6283] Paper Summary Week-2". The submission file naming instructions are as below.
  • Jan 10th : The paper reading for the first lecture is online. No paper summary is expected for the first week's paper.

Course Description

Security breaches cost billions of dollars worth of damage to the computing industry. Today, cybercriminals control armies consisting of several millions of compromised machines. Attacks are increasingly being perpetrated towards enterprises, individuals, critical infrastructure and even governments. At the same time, our computer systems and platforms are fast evolving to meet the demands of the industry. Outsourcing of big data, increasing use of personalized devices, and our growing dependence on the web and social networking services is transforming the Internet and computer systems. Have you thought about how computer systems can be designed to secure against the practical challenges for the next 10 years and beyond?

In this course, we will study the design of next-generation computer systems from a security perspective. The course introduces you to the security problems in emerging computer systems that have rich interfaces to the cloud, mobile / smartphones and traditional operating systems. We will discuss attacks on many components of computer systems: databases, computer architecture, programming languages, networks, web, and operating systems. Hopefully, this will give you glimpse of how techniques from OS design, cryptography, machine learning, formal methods and attack research are being combined in this field. This class focuses on the principles of attack research and defense, on devising new definitions of security and on developing scientific techniques to achieve them.

In this class, you can expect to learn the following:

  • How to make systematic security arguments.
  • Develop an "attacker's mindset", i.e., given any computer system, evaluate its security rigorously.
  • Identify the security properties of an ideal next-generation computing systems infrastructure.

Topics & Readings

This is a tentative list of topics for the course. The goal of in-class lectures is to give a broad overview of the emerging problems, with emphasis on identifying new problems rather than their immediate solutions. In lectures, I will cover one sub-topic in depth and give a broad overview of the remaining problem space. This is to stimulate your thinking about new problems and understanding where present computer systems lack desired security.

114 JanIntroduction to Computer Security & Course OverviewA Cryptographic File System for Unix
221 JanAttacks on Cloud StorageCryptDB: Protecting Confidentiality with Encrypted Query Processing
328 JanAttacks on Cloud ComputationHey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds
44 FebWeb SecuritySigning Me onto Your Accounts through Facebook and Google
618 FebMalware & Operating System AttacksYour Botnet is My Botnet: Analysis of a Botnet Takeover
74 MarMobile OS Attacks: What's different from Traditional OS SecurityA Study of Android Application Security
511 MarchNetwork Security: Classical & Emerging AttacksBlackHat USA 2011: SSL And The Future Of Authenticity
918 MarAnalysis & Penetration Testing Tools: Theory to PracticeEXE: Automatically Generating Inputs of Death
1025 MarProtecting Data & User PrivacyVanish: Increasing Data Privacy with Self-Destructing Data
111 AprAdvanced Abstractions for PrivacyTaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
128 AprIn-class Project Progress Presentations No reading
1315 AprMisc. Topics Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks

Paper Summaries

Paper summaries are to be submitted before the papers are discussed in class. Here is what to include in your paper summary. Paper summaries are due 9 a.m. on each Monday before the lecture, in PDF format. Please submit it directly on IVLE in the workbin "CS6283 - Paper Summary Submissions". Please include your name in your submission. Please name your submission PDF file in the format: "Week-<N>-<your-matriculation-number>;", where N is the week number (from the table above). For example, if your matriculation number is "A4878822" and your submission is for the paper discussed in week 3, then the filename should be "Week-3-A4878822".

Each paper summary is graded out of 3 points. Your 10 best paper summary scores are counted towards your final grade. That is, you can choose to submit paper summaries for all 13 weeks, we will take your best 10.

Class Logistics & Grading

This class is a research-focused class. It counts towards the computer systems cluster requirement for PhD students. I will explain the detailed logistics of the course in the first lecture. There will be no exam, labs or tutorials for the course. I intend to keep the classes for critical and lively discussions. To get the most out of the class, ask a lot of questions! Naive questions are often the best.

The main deliverable in the class is a term project. You are expected to write a 6-10 page (in 10pt ACM style) paper on any topic with relevance to security. See the projects page for more details. Your project can be done in a team of at most 2 students.

  • Term Paper - 60%
    • Proposal - 10%
    • Progress Report - 10%
    • Final paper - 40%
  • Final Poster Presentation - 10%
  • Paper Summaries (any 10) - 30%

Who should take this class?

This is a research focussed class with a heavy weightage on producing a useful research paper. In lectures, we will broadly discuss emerging challenges and attacks, with lesser focus on their specific defense techniques. Take this class if you want to explore research ideas in security. I strongly invite students who are still choosing their research areas to this class. I am also keen to see students from outside of security come and apply their knowledge, especially if you work in PL, operating systems, machine learning or NLP. The best ideas arise from "out-of-the-box" thinking. Students who are passionate about building systems and have a curiosity about computer security are welcome. If you are unsure about about whether taking this class, I encourage you to show up for the first lecture.


The prerequisite is good undergraduate level understanding of computer science and having taken a undergraduate or graduate course in security. Exceptions to prerequisite requirements are allowed with the permission of the instructor.

Note on Ethics

In this class, you will be exposed to several powerful attack techniques. This class is not an invitation exploit vulnerabilities in the wild without informed consent of all involved parties. Attacking someone else's computer system is an offence; you are expected to use your knowledge with discretion.

For all readings and assignments, please feel free to discuss with your peers and use the Internet. But, you should write up your own submissions and cite any external resources you utilize in your write-ups. All students must comply with NUS academic honesty policies.

Important Dates

  • Jan 28 - Formation of project groups. Each group can have a maximum of two students.
  • Feb 8 - Submission of research proposals on IVLE (2-3 pages). Each group should submit only one copy of the project statement, i.e. either of the two members can upload.
  • Apr 7 - Submission of project progress report (in-class 15 min presentation).
  • May 6 - Submission of final term paper (6-10 pages).
  • May 10 - Project poster Presentation at SOC Showcase Sem II (Open to view by everyone in the CS and IS dept.).

List of Projects

Here is an initial list of project ideas to help you get started on research problem. You are encouraged to find and work on a problem that you really like, even if it has only some relevance to computer security. If you have your own idea, that's good!