Course Description Class Logistics & Grading Topics Important Dates
Instructor: Prateek Saxena (prateeks at comp dot nus dot edu dot sg)
TAs Aashish Kolluri (cs3235.ta at
Room & Timings: RMI-SR1, Wednesday 8:00 - 10:00 am
IVLE Page: CS3235
Semester: AY 2018/2019 Semester 2


* End-term Exam will be in-class

Course Description

Computers are instruments to improve efficiency. Often, their design is not robust against an intellegent adversary. Computer security is the science of studying why our computing techniques and systems fail, and ultimately to build them robustly. This is an undergraduate-level module on foundations of secure systems, covering the fundamental principles behind "adversarial thinking" and robust design of computer algorithms/systems. The course will highlight real-world designs, machine code exploitation, and Internet protocols.

The goal of this class is to enable students to:

  • Audit system design and implementation with an adversarial mindset
  • Design and implement exploits for real security bugs.
  • Develop secure applications.
  • Be able to design defenses & outline their limitations.

Schedule & Syllabus

The table below lists the schedule of topics.

WeekDateTopic (Optional) Additional ReadingsAnnouncements
1 16 Jan Introduction and Network Security Book G & T -- Chapter 5, 6.1, 7.1  
2 23 Jan

Symmetric Key Cryptography

Book G & T -- Chapter 2.1, Book D & K -- Chapter 3.1, 3.2., 3.3, 3.4

A1 out
3 30 Jan Asymmetric Crypto & Key Exchange Protocols

Book D & K -- Chapter 2.1.1, 2.1.2, 2.1.5, Book D & K -- Chapter 4.1

4 4 Feb HTTPS & Limitations Book G & T -- Chapter 5, 6.1, 7.1  
- 6 Feb

No lecture -- Public Holiday

5 13 Feb

No lecture -- Instructor out out town (Tutorials are still running)

GDB Tutorial (IVLE)  
6 20 Feb

Memory Safety Vulnerabilities

Smashing The Stack For Fun And Profit

Exploiting Format String Vulnerabilities

Understanding Integer Overflow in C/C++ (Section 1- 3 suffice)

Book G & T -- Chapter 3.4

A2 out
7 27 Feb Recess Week    
8 6 Mar Defenses for Memory Safety    
9 13 Mar OS Security

Improving Host Security with System Call Policies

Preventing Privilege Escalation

Book G & T -- Chapter 1.3, 3.1, 3.3, 4.3, 4.5


20 Mar

Web Injection Attacks & Defenses


27 Mar

Program Analysis   A2 due date
12 3 Apr

Availability & Trust Through Decentralization


A3 out

10 Apr

Outsourced Computing



17 Apr

End-term Exam


A3 due date


Textbooks & Readings

There are no mandatory textbooks for this course. The lecture slides, indicated papers, and the tutorial content will constitute the main reading material. You are expected to take your own notes, and interpret / extrapolate the findings beyond the reading material for homeworks and exams.
Optional textbook(s):

  • Introduction to Cryptography - Principles and Applications / By Hans Delfs, Helmut Knebl. (referred to as "D & K")
    ( Available via the NUS online library).
  • Introduction to computer security / By Michael T. Goodrich, Roberto Tamassia (referred to as "G & T").
    (Available on loan from the NUS library)

Class Logistics & Grading

This class requires some hands-on programming and experimentation. I will explain the detailed logistics of the course in the first lecture. There will no final exam. Attending tutorials is optional, but recommended. All material covered in lectures and tutorials is part of the syllabus.

Grade distribution is as follows:

  • Assignments (65%)
  • End-term exam (35%)

All assignments are to be done in groups of two, or individually if you prefer. The end-term exam is likely to be open-book (subject to change!) and will be during the lecture timings.

Each student is expected to have access to his/her own laptop / desktop.

All experimental assignments are distributed as VirtualBox VMs; you are expected to be able to setup and run these VMs.

If you do not have access to your own laptop / desktop, you should approach the instructor within the first week of the course. Note that there are student labs on campus for those who do not have access to personal computers.


Who should take this class?

This is a foundations course interested in computer security. As pre-requisite, we assume basic familiarity with mathematical proofs, elementary number theory (e.g. the concept of groups), OS concepts (processes, virtual memory), basics of theory of computation (finite state machines, computability, and complexity), basics of discrete probability, the C programming language, and PHP/JS.

The class is designed to be somewhat self-paced and self-taught; all graded assignments are done at home.

The IVLE forum is your best friend --- if you get stuck, ask questions and exchange ideas freely on the forum or consult the web. The instructor and TAs will *not* help debug your code, or tell you how to overcome technical difficulties.



Please see IVLE. All waiver requests are handled solely by CS curriculum committee (email cs-curriculum the-at-symbol

Note on Ethics

In this class, you will be exposed to several powerful attack techniques. This class is not an invitation exploit vulnerabilities in the wild without informed consent of all involved parties. Attacking someone else's computer system is an offence; you are expected to use your knowledge with discretion.

There is no restriction on your communication with other students. We follow an honor code: You are expected to do your homeworks in discussion with your group members, but each student is expected to understand all solutions submitted in the end. Exams are to be taken individually. Violations of the honor code tantamounts to academic dishonestly, which are dealt with in accordance with NUS academic policies.