CS 563: Advanced Computer Security, Fall 2021

Instructor Chris Fletcher cwfletch@illinois.edu
Lecture
Virtual, Wednesday and Friday, 11:00am - 12:15pm CT
Office Hours
Virtual + Siebel Center 4106, Wednesday 3:00pm CT

TA
None!


Computer security is one of the most exciting and challenging areas in all of computer science. For the world's largest technology companies, securing their computer systems is one of their top priorities. While technology has changed, the fundamental problems of securing computer systems have stayed remarkably similar. This course provides an in-depth examination of a selection of issues in computer security. This semester, readings are organized around two broad themes, and a potpourri of other topics.

The first broad theme will examine the implications of modern system complexity: as systems become more complex, how do our existing assumptions break down, and how does this breakdown lead to new attack vectors? Further, what are the fundamental approaches for defense, and specific instantiations of those ideas for specific threat models?

The second broad theme will take a tour through the rich sub-area of data-oblivious computing, which has the promise to deliver strong security despite the above challenges. Our tour will take us from the bottom to top of the stack: starting with the (mainly, but not necessarily) cryptographic primitives that data obliviousness is built on, and moving up through the stack touching on algorithms, PL/compilers and leakage analysis.

Topics from the two broad themes will touch on issues across the computing stack and security field, e.g., related to compilers, programming languages, algorithms, systems, hardware and cryptography. Finally, the potpourri will include timely topics ranging from blockchain to social media/disinformation to machine learning to human-centric security.

Syllabus [pdf]

The information in the syllabus and on this course website is subject to change. Major changes will be recorded in the announcements below.

Announcements

Calendar + lecture slides + submission links + etc. [google sheet]

Paper reading list [google doc]

Lecture/OH zoom link [link]

Class piazza forum [link]


Course Requirements

The expectations for all students in this course are as follows:
  1. Participate: Students will attend every class and actively participate in class discussions.
  2. Read Literature: Students will read all of the assigned papers in advance of each class.
  3. Present Literature: Students will present research papers and lead the ensuing class discussion.
  4. Write Reviews: Each week, students write a conference-style review for each assigned paper. These reviews will be submitted prior to the start of the class and graded by the instructors. Details about paper summary expectations will be discussed in the first class as part of the introductory material.
  5. Complete a Term Project: Students will conduct a major reserch project in security, with the chief deliverable being a conference-style paper at the end of the semester. Project topics will be discussed in class after the introductory material is completed. As part of the term project, there will be another milestones throughout the semester (e.g., project proposals) that will be graded as homework assignment and discussed with the intructors outside of class. Projects teams may include groups of up to 2 students; however, groups of greater size will be expected to make greater progress. The instructors will advise each team/individual independently as needed. The project grade will be a combination of grades received for a number of milestone artifacts and the final conference-quality report.

Ethics, Law, and University Policies Warning

This course will include topics related computer security and privacy. As part of this investigation we may cover technologies whose abuse could infringe on the rights of others. As computer scientists, we rely on the ethical use of these technologies. Unethical use includes circumvention of an existing security or privacy mechanisms for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possibly more severe academic and legal sanctions.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. If in doubt, we can refer you to an attorney.

Please review the Campus Administrative Manual (especially Policy on Appropriate Use of Computers and Network Systems at the University of Illinois at Urbana-Champaign) for guidelines concerning proper use of information technology at Illinois, as well as the Student Code (especially 1-302 Rules of Conduct, 1‑402 Academic Integrity Infractions). As members of the university, you are required to abide by these policies.


Academic Integrity Policy

The University of Illinois at Urbana-Champaign Student Code should also be considered as a part of this syllabus. Students should pay particular attention to Article 1, Part 4: Academic Integrity. Read the Code at the following URL: http://studentcode.illinois.edu/.

Academic dishonesty may result in a failing grade. Every student is expected to review and abide by the Academic Integrity Policy: http://studentcode.illinois.edu/. Ignorance is not an excuse for any academic dishonesty. It is your responsibility to read this policy to avoid any misunderstanding. Do not hesitate to ask the instructor(s) if you are ever in doubt about what constitutes plagiarism, cheating, or any other breach of academic integrity.


Students with Disabilities

To obtain disability-related academic adjustments and/or auxiliary aids, students with disabilities must contact the course instructor and the as soon as possible. To insure that disability-related concerns are properly addressed from the beginning, students with disabilities who require assistance to participate in this class should contact Disability Resources and Educational Services (DRES) and see the instructor as soon as possible. If you need accommodations for any sort of disability, please speak to me after class, or make an appointment to see me, or see me during my office hours. DRES provides students with academic accommodations, access, and support services. To contact DRES you may visit 1207 S. Oak St., Champaign, call 333-4603 (V/TDD), or e-mail a message to disability@uiuc.edu. http://www.disability.illinois.edu/.


Emergency Response Recommendations

Emergency response recommendations can be found at the following website: http://police.illinois.edu/emergency-preparedness/. I encourage you to review this website and the campus building floor plans website within the first 10 days of class. http://police.illinois.edu/emergency-preparedness/building-emergency-action-plans/


Family Educational Rights and Privacy Act (FERPA)

Any student who has suppressed their directory information pursuant to Family Educational Rights and Privacy Act (FERPA) should self-identify to the instructor to ensure protection of the privacy of their attendance in this course. See http://registrar.illinois.edu/ferpa for more information on FERPA.


The above information is subject to change.