CS 356 is graduate course that covers foundational work and current topics in computer and network security. The course consists of reading and discussing published research papers, presenting recent security work, and completing an original research project.
Discussion: Mon/Wed 1:00–2:20 PM. Via Zoom.
This course is largely based on in-person discussion rather than lecture. Online attendance and participation is required.
Instructor: Zakir Durumeric
Office Hours: Monday 1:30–3:00 PM, or by appointment. Using Lecture Zoom.
Course Assistant: Fraser Brown. Office hours by appointment.
Prerequisites: CS 356 is open to all graduate students as well as advanced undergraduate students. While the course has no official prerequisites, it requires a mature understanding of software systems and networks. I encourage undergraduate students to first take CS 155: Computer and Network Security.
Submissions: All course assignments should be submitted through Gradescope. Enrollment code: MGNYR2.
The tentative schedule and required readings for the class are below:
SEC '12. N. Heninger, Z. Durumeric, E. Wustrow, J.A. Halderman.
Short Blog Post. Chris Palmer.
CCS '14. Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, Claudia Diaz.
Oakland '09. Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar.
2008. Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger.
CCS '15. D. Adrian, K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green, J.A. Halderman, N. Heninger, A. Springall, E. Thomé, L. Valenta, B. VanderSloot, E. Wustrow, S. Zanella-Beguelin, P. Zimmermann.
SEC '13. Devdatta Akhawe, Adrienne Porter Felt.
Oakland '20. Matthew Bernhard, Allison McDonald, Henry Meng, Jensen Hwa, Nakul Bajaj, Kevin Chang, J. Alex Halderman
CCS '08. Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey Voelker, Vern Paxson, and Stefan Savage.
SEC '19. Grant Ho, Asaf Cidon, Lior Gavish, Marco Schweighauser, Vern Paxson, Stefan Savage, Geoffrey Voelker, David Wagner
WEIS '15. Kurt Thomas, Danny Yuxing Huang, David Wang, Elie Bursztein, Chris Grier, Thomas Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna.
SEC '16. K. Thomas, J. Elices Crespo, R. Rasti, J. Picod, C. Phillips, M. Decoste, C. Sharp, F. Tirelo, A. Tofigh, M. Courteau, L. Ballard, R. Shield, N. Jagpal, M. Abu Rajab, P. Mavrommatis, N. Provos, E. Bursztein, D. McCoy.
SEC '01. David Moore, Geoffrey Voelker, Stefan Savage.
SEC '17. M. Antonakakis, T. April, M. Bailey, M. Bernhard, E. Bursztein, J. Cochran, Z Durumeric, J.A. Halderman, L. Invernizzi, M. Kallitsis, D. Kumar, C. Lever, Z. Ma, J. Mason, D. Menscher, C. Seaman, N. Sullivan, K. Thomas, Y. Zhou.
SEC '01. Dawn Song, David Wagner, Xuqing Tia.
CCS '09. Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage.
Oakland '19. P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, Y. Yarom.
Oakland '15. Marc Andrysco, David Kohlbrenner, Keaton Mowery, Ranjit Jhala, Sorin Lerner, and Hovav Shacham
SEC '11. Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage.
SOSP '17. Amit Levy, Bradford Campbell, Branden Ghena, Daniel B. Giffin, Pat Pannuto, Prabal Dutta, Philip Levis.
Oakland '16. Nicholas Carlini and David Wagner.
Oakland '10. Robin Sommer and Vern Paxson.
SEC '04. Roger Dingledine, Nick Mathewson, Paul Syverson.
SIGCOMM '15. Sam Burnett and Nick Feamster.
2013 CADO Policy Report. Julian Sanchez.
H. Abelson, R. Anderson, S. Bellovin, J. Benaloh, M. Blaze, W. Diffie, J. Gilmore, M. Green, S. Landau, P. Neumann, R. Rivest, J. Schiller, B. Schneier, M. Specter, D. Weitzner.
Blog Post. Bill Marczak and John Scott-Railton.
CHI '18. Diana Freed, Jackeline Palmer, Diana Minchala, Karen Levy, Thomas Ristenpart, Nicola Dell.
CHES '13. Georg Becker, Francesco Regazzoni, Christof Paar, Wayne Burleson.
Symantec Technical Report. Nicolas Falliere, Liam Murchu, Eric Chien.
Oakland '17. Cormac Herley and P.C. van Oorschot.
Attendance required. No assigned reading.
Attendance required. No assigned reading.
This course is composed of three parts: reading and discussing foundational papers in every class, reading and presenting recent work for one class, and completing a group research project. Grading will be based on:
Readings and Discussion (30%)
We will read and discuss 1–2 papers for each class. Typically, these are formative works in an area of security. Students should come prepared to actively discuss assigned papers and to make substantive intellectual contributions. This means that you need to thoroughly read each paper ahead of time. Before each section, students will submit a short (400 word) summary and reaction for each each paper, as well as a proposal of one discussion question for class.
Students should submit the reading assignments through Gradescope by noon on the day of each class.
Grading will be based 20% on these written responses and 10% on in-class participation. We do not allow any late days for paper reactions, but students may skip two paper summaries and two lectures without penalty. Participation grades are based on not only attendence, but active participation during class discussion.
Do not underestimate the amount of time required to properly read and process a research paper. Expect to spend several hours preparing for each section.
Topic Presentation (15%)
While reading a few formative papers helps demonstrate how a subfield started, it oftentimes leaves us wondering how the area has evolved. To fill this gap, pairs of students will read 3-4 more recent papers and provide a 20 minute presentation about the current state of a research area at the start of one class.
Course Project (55%)
Students will complete a quarter-long original research project in small groups (1–3 students) on a topic of their own choosing. Groups will present their work during the last two sections as well as submit a 6–10 page report, similar to the papers we read in the course.
Projects have four graded components:
Students should submit all reports through Gradescope by 11:59PM on the day of each deadline.
In past offerings, well-executed projects have led to publications at top-tier security conferences and workshops. I'm happy to work with groups to publish their work.