Course Description Class Logistics & Grading Topics Important Dates
Instructor: Prateek Saxena (prateeks at comp dot nus dot edu dot sg)
TAs Shruti Hiray, Kareem Shehata, Zhijingcheng (Jason) Yu, Ahmad Soltani (cs3235.ta at gmail.com)
Room & Timings: Zoom, Teusday 8:00 - 10:00 am (See Conferencing tab in LumiNUS)
LumiNUS Page: CS3235
Semester: AY 2020/2021 Semester 2

Announcements

All Announcements will be posted on LumiNUS

Course Description

Computers are instruments to improve efficiency. But, computer systems often fail in the hands of an intellegent adversary. Computer security is the science of studying why our computing systems fail, and ultimately, how to build them robustly. This is an undergraduate-level module on foundations of secure systems, covering the fundamental principles behind "adversarial thinking" and robust design of computer algorithms/systems. The course takes you through a bottom-up view of the threats arising at various layers of the computing stack of a modern app.

The goal of this class is to enable students to:

  • Make well-reasoned arguments about the security / insecurity of computer systems
  • Gain a broad view of threat models arising in modern apps
  • Tinker with attacks!
  • Compose multiple defense primitives for security

Schedule & Syllabus

The table below lists the schedule of topics.

DateTopic
Week 1 - Jan 12

Introduction

Week 2 - Jan 19

Network Attacks and Firewalls

Week 3 - Jan 26

Cryptographic Secure channels: Building Blocks (I)

Week 4 - Feb 2

Cryptographic Secure channels: Building Blocks (II)

Week 5 - Feb 9

Cryptographic Secure channels: SSL / TLS and HTTPS

Week 6 - Feb 16

Practical Failures and Insufficiency of Secure Channels

Recess Week --- No Class

Week 7 - Mar 2

In-class Midterm (Week 1-6 content only)

Week 8 - Mar 9

Web Security: Authentication and Authorization

Week 9 - Mar 16

Web Security: SOP and Injection attacks

Week 10 - Mar 23 Software Security: Memory Errors
Week 11 - Mar 30 Software Security: Memory Safety

Week 12 - Apr 6

OS Security: Isolation and Sandboxing Policies

Week 13 - Apr 13

OS Security: Isolation and Sandboxing Mechanisms

Textbooks & Readings

There are no required textbooks for this course. The lecture slides, homeworks, and the tutorial content will constitute the main learning material. You are expected to take your own notes during lectures, and interpret / extrapolate the findings beyond the reading material for homeworks and exams.
Optional textbook(s):

  • Introduction to Cryptography - Principles and Applications / By Hans Delfs, Helmut Knebl. (referred to as "D & K")
    ( Available via the NUS online library).
  • Introduction to computer security / By Michael T. Goodrich, Roberto Tamassia (referred to as "G & T").
    (Available on loan from the NUS library)

Class Logistics & Grading

Please attend the first lecture for more information on grading and other logistics. There will be no final exam. Attending tutorials are strongly recommended.

Grade distribution is as follows:

  • 10 Weekly Homeworks (40%)
  • 1 Coding Project (30%)
  • 1 Midterm (30%)

Homeworks are to be done individually. The coding project is to be done in a group of 3. As per university guidelines, lectures will be online only since number of students in the class exceed 50. Tutorials, however, will be conducted face-to-face in the lab.

Each student is expected to have access to his/her own laptop / desktop. If you do not have access to your own laptop / desktop, you should approach the instructor within the first week of the course. Note that there are student labs on campus for those who do not have access to personal computers.

Please ask questions and exchange ideas freely on the LumiNUS class forum or consult the web to learn things not explicitly covered in lecture notes.

Prerequisites

Please see Lecture 1 slides.

Note on Ethics & Academic Honesty

In this class, you may be exposed to computer exploitation techniques. This class is not an invitation exploit vulnerabilities in the wild without informed consent of all involved parties. Attacking someone else's computer system is an offence; you are expected to use your knowledge with discretion. All students must comply with NUS academic honesty policies. Academic dishonesty will result in a fail grade.

For homework assignments, you should cite any permitted external sources, which include papers at academic conferences, online textbooks available through NUS online / physical library, and resources provided by instructors/TA. The permitted sources are your notes from this class and prior ones you've taken for all assignments and exams. You are not allowed to search the Internet for solutions or seek help from any person outside your team, without prior approval from the instructor for homeworks. If you receive help from someone which has been useful, please acknowledge it in your submission.

Collaboration is encouraged in the coding project. In the end, you will be asked to declare which components of the project you meaningfully contributed to (attested to by your teammates), and credit is assigned for those components. Homeworks and midterm exams are to be done individually. The Midterm is open-book, but you are not allowed to use any online resources.