Course Description Class Logistics & Grading Topics Important Dates
Instructor: Prateek Saxena (prateeks at comp dot nus dot edu dot sg)
TAs Kareem Shehata, Jason Zhijingcheng Yu
TA Email:cs3235.ta at gmail.com
Room & Timings: Zoom, Tuesday 8:00 - 10:00 am (See Conferencing tab in LumiNUS)
LumiNUS Page: CS3235
Semester: AY 2021/2022 Semester 2

Announcements

All Announcements will be posted on LumiNUS

Course Description

Computers are instruments to improve efficiency. But, computer systems often fail in the hands of an intellegent adversary. Computer security is the science of studying why our computing systems fail, and ultimately, how to build them robustly. This is an undergraduate-level module on foundations of secure systems, covering the fundamental principles behind "adversarial thinking" and robust design of computer algorithms/systems. The course takes you through a bottom-up view of the threats arising at various layers of the computing stack of a modern app.

The goal of this class is to enable students to:

  • Make well-reasoned arguments about the security / insecurity of computer systems
  • Gain a broad view of threat models arising in modern apps
  • Tinker with attacks!
  • Compose multiple defense primitives for security

Schedule & Syllabus

The table below lists the schedule of topics.

DateTopic
Week 1

Introduction
Week 2

Network Attacks and Firewalls
Week 3

Cryptographic Secure channels: Building Blocks (I)

Week 4

No class due to public holiday
Week 5

Cryptographic Secure channels: Building Blocks (II)
Week 6

Cryptographic Secure channels: SSL / TLS and HTTPS

Recess Week --- No Class
Week 7

Practical Failures and Insufficiency of Secure Channels
Week 8

In-class Midterm (Week 1-7 content only)

Week 9

Web Security: Authentication and Authorization

Week 10

Web Security: SOP and Injection attacks

Week 11 Software Security: Memory Errors
Week 12 Software Security: Memory Safety

Week 13

OS Security: Isolation and Sandboxing Policies

Textbooks & Readings

There are no required textbooks for this course. The lecture slides, homeworks, and the tutorial content will constitute the main learning material. You are expected to take your own notes during lectures, and interpret / extrapolate the findings beyond the reading material for homeworks and exams.
Optional textbook(s):

  • Introduction to Cryptography - Principles and Applications / By Hans Delfs, Helmut Knebl. (referred to as "D & K")
    (Available via the NUS online library).
  • Introduction to computer security / By Michael T. Goodrich, Roberto Tamassia (referred to as "G & T").
    (Available on loan from the NUS library)

Class Logistics & Grading

Please attend the first lecture online on LumiNUS for more information on grading and other logistics. There will be no final exam. Attending tutorials are strongly recommended.

Grade distribution is as follows:

  • 1 Open-book Midterm (34%)
  • Homework segments (66%)

The course is divided into three segments: Cryptography (Week 2-7), Web security (Week 9-10), and Software Security (Week 11-13). Each segment has homeworks. The weightage of each of the 3 homework segments is equal and is 33% of the total grade. Your best 2 (out of the 3) segments scores will be counted for grades. As an example, suppose you score 10/33, 20/33, and 30/33 in the 3 segments of the module, your score will be 50 (= 20 + 30) out of 66 points, and this will weigh 66% towards the final grade. The remaining 34% of the final grade is calculated from your midterm score.

Homeworks are to be done individually. Lectures will be online via Zoom, so please see the "Conferencing" tab on LumiNUS. If this directive changes, class announcements will be sent out. There are 2 tutorial slots per week, one of which will be face-to-face and the other online via Zoom.

Each student is expected to have access to his/her own laptop / desktop. If you do not have access to your own laptop / desktop, you should approach the instructor within the first week of the course. Note that there are student labs on campus for those who do not have access to personal computers.

Please ask questions and exchange ideas freely on the LumiNUS class forum or consult the web to learn things not explicitly covered in lecture notes.

Prerequisites

Please see Lecture 1 slides. You must also take the LumiNUS pre-requisite quiz before the due date. If you score below 50% on it, we advise you to not continue with the module.

Note on Ethics & Academic Honesty

In this class, you may be exposed to computer exploitation techniques. This class is not an invitation exploit vulnerabilities in the wild without informed consent of all involved parties. Attacking someone else's computer system is an offence; you are expected to use your knowledge with discretion. All students must comply with NUS academic honesty policies. Academic dishonesty will result in a fail grade.

For homework assignments, you are only allowed to reference materials provided in the lecture slides, notes, and handouts. You can use the web to investigate concepts unclear to you in more depth. You are encouraged to freely discuss general ideas or useful references on the class forum. But, you must not discuss solutions to exercises directly or share any code or code references, publicly or privately, that give away the solutions. If unsure, ask the TAs for permission via the class forum and cite external sources to avoid any doubt of misconduct. You are not allowed to search the Internet for direct solutions. If you receive help from someone which has been useful, after checking with the TAs / instructor, please acknowledge it in your submission. Best to fully disclose your source of knowledge in your submissions if in doubt.

The midterm is in-class during lecture hours. It is open-book, but you are not allowed to use any online resources.