CS 356 is graduate research seminar that covers foundational work and current topics in computer and network security. The course introduces students to reading research papers in security, provides a foundation in applied security research techniques, and prepares students to perform their own original security research. Students will read and discuss published research papers as well as complete an original research project in small groups.
Lecture: Mon/Wed 1:30–2:50 PM. 50-51B.
Instructor: Zakir Durumeric
Office Hours: Mon/Wed 3:00–4:00 PM, or by appointment. Gates 280.
Course Assistant: Dima Kogan. Office hours by appointment.
Assignment Submission: We are using Gradescope (enrollment code: MRZEZ3) for submission of assignments and project reports.
Prerequisites: CS 356 is open to Ph.D. and masters students as well as advanced undergraduate students. While the course has no official prerequisites, it requires a mature understanding of software systems and networks.
I strongly encourage undergraduate students to first take CS 155: Computer and Network Security. This course does not teach security foundations, but rather covers formative literature and cutting-edge research. Please contact me if you have any questions.
The tentative schedule and required readings for the class are below:
USENIX ;login:. James Mickens.
1984 Turing Award Lecture. Ken Thompson.
WWW '10. Sid Stamm, Brandon Sterne, Gervase Markham.
CCS '16. Steve Englehardt and Arvind Narayanan.
2008. Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger.
CCS '15. David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, Paul Zimmermann.
SEC '99. Alma Whitten, J. D. Tygar.
SEC '13. Devdatta Akhawe, Adrienne Porter Felt.
SEC '01. David Moore, Geoffrey Voelker, Stefan Savage.
SIGCOMM '06. Anirudh Ramachandran and Nick Feamster.
CCS '09. Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna.
SEC '11. Juan Caballero, Chris Grier, Christian Kreibich, Vern Paxson.
Oakland '11 K. Levchenko, A. Pitsillidis, N. Chachra, B. Enright, M. Felegyhazi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, N. Weaver, V. Paxson, G. M. Voelker, and S. Savage.
Kurt Thomas, Danny Yuxing Huang, David Wang, Elie Bursztein, Chris Grier, Thomas Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna.
CCS '07. Hovav Shacham.
Oakland '13. Laszlo Szekeres, Mathias Payer, Tao Wei, Dawn Song.
Technical Report '08. Adam Barth, Collin Jackson, Charles Reis, Google Chrome Team.
OSDI '16. Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark Stillwell, David Goltzsche, David Eyers, Rudiger Kapitza, Peter Pietzuch, Christof Fetzer.
SEC '01. Dawn Song, David Wagner, Xuqing Tia.
CCS '09. Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage.
Oakland '19. Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom.
ISCA '14. Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, Onur Mutlu.
SEC '17. Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou.
SOSP '17. Amit Levy, Bradford Campbell, Branden Ghena, Daniel B. Giffin, Pat Pannuto, Prabal Dutta, Philip Levis.
SEC '11. Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage.
Oakland '08. Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, William H. Maisel.
SEC '04. Roger Dingledine, Nick Mathewson, Paul Syverson.
Oakland '16. Michael Tschantz, Sadia Afroz, Anonymous, Vern Paxson.
2013 CADO Policy Report. Julian Sanchez.
Harold Abelson, Ross Anderson, Steven Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter Neumann, Ronald Rivest, Jeffrey Schiller, Bruce Schneier, Michael Specter, Daniel Weitzner.
SEC '15. Marcela Melara, Aaron Blankstein, Joseph Bonneau, Edward Felten, Michael Freedman.
No assigned reading.
No assigned reading.
Oakland '16. Nicholas Carlini and David Wagner.
Oakland '10. Robin Sommer and Vern Paxson.
Blog Post. Bill Marczak and John Scott-Railton.
CHI '18. Diana Freed, Jackeline Palmer, Diana Minchala, Karen Levy, Thomas Ristenpart, Nicola Dell.
CHES. Georg Becker, Francesco Regazzoni, Christof Paar, Wayne Burleson.
Symantec Technical Report. Nicolas Falliere, Liam Murchu, Eric Chien.
Oakland '17. Cormac Herley and P.C. van Oorschot.
SIGCOMM '15. Sam Burnett and Nick Feamster.
This course is composed of two main parts: reading and discussion, and a group project. Grading will be based on:
Readings and Discussion (40%)
We will read and discuss 1–2 topical papers for each class. Students should come prepared to actively discuss assigned papers and to make substantive intellectual contributions. This means that you need to thoroughly read each paper ahead of time. Before each section, students will submit a short (400 word) summary and reaction for each paper, as well as a proposal of one discussion question for class.
Students should submit the reading assignments through Gradescope by noon on the day of each class.
Grading will be based 20% on these written responses and 20% on in-class participation. We do not allow any late days for paper reactions, but students may skip two paper summaries and two lectures without penalty. Participation grades are based on not only attendence, but active participation during class discussion.
Do not underestimate the amount of time required to properly read and process a research paper. Expect to spend several hours preparing for each section.
Course Project (60%)
Students will complete a quarter-long original research project in small groups (1–3 students) on a topic of their own choosing. Groups will present their work during the last two sections as well as submit a 6–10 page report, similar to the papers we read in the course.
Projects have four graded components:
Students should submit all reports through Gradescope by 11:59PM on the day of each deadline.
In past offerings, well-executed projects have led to publications at top-tier security conferences and workshops. I'm happy to work with groups to publish their work.