CS 356 is graduate research seminar that covers foundational work and current topics in computer and network security. The course introduces students to reading research papers in security, provides a foundation in applied security research techniques, and prepares students to perform their own original security research. Students will read and discuss published research papers as well as complete an original research project in small groups.
Lecture: Mon/Wed 1:30–2:50 PM. 50-51B.
Instructor: Zakir Durumeric
Office Hours: Mon/Wed 3:00–4:00 PM, or by appointment. Gates 280.
Prerequisites: CS 356 is open to Ph.D. and masters students as well as advanced undergraduate students. While the course has no official prerequisites, it requires a mature understanding of software systems and networks.
This course does not teach security foundations, but rather covers formative literature and cutting-edge research in the field. I strongly encourage undergraduate students to first take CS 155: Computer and Network Security. Please contact me if you're unsure whether you should take the course.
The tentative schedule and required readings for the class are below:
USENIX ;login:. James Mickens.
1984 Turing Award Lecture. Ken Thompson.
WWW '10. Sid Stamm, Brandon Sterne, Gervase Markham.
CCS '16. Steve Englehardt and Arvind Narayanan.
2008. Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger.
CCS '15. David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Beguelin, Paul Zimmermann.
SEC '99. Alma Whitten, J. D. Tygar.
SEC '13. Devdatta Akhawe, Adrienne Porter Felt.
SEC '01. David Moore, Geoffrey Voelker, Stefan Savage.
SIGCOMM '06. Anirudh Ramachandran and Nick Feamster.
CCS '09. Brett Stone-Gross, Marco Cova, Lorenzo Cavallaro, Bob Gilbert, Martin Szydlowski, Richard Kemmerer, Christopher Kruegel, Giovanni Vigna.
SEC '11. Juan Caballero, Chris Grier, Christian Kreibich, Vern Paxson.
Oakland '11 K. Levchenko, A. Pitsillidis, N. Chachra, B. Enright, M. Felegyhazi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, N. Weaver, V. Paxson, G. M. Voelker, and S. Savage.
Kurt Thomas, Danny Yuxing Huang, David Wang, Elie Bursztein, Chris Grier, Thomas Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna.
CCS '07. Hovav Shacham.
Oakland '13. Laszlo Szekeres, Mathias Payer, Tao Wei, Dawn Song.
Oakland '16. Adam Barth, Collin Jackson, Charles Reis, Google Chrome Team.
OSDI '16. Sergei Arnautov, Bohdan Trach, Franz Gregor, Thomas Knauth, Andre Martin, Christian Priebe, Joshua Lind, Divya Muthukumaran, Dan O’Keeffe, Mark Stillwell, David Goltzsche, David Eyers, Rudiger Kapitza, Peter Pietzuch, Christof Fetzer.
SEC '01. Dawn Song, David Wagner, Xuqing Tia.
CCS '09. Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage.
Oakland '19. Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, Yuval Yarom.
ISCA '14. Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, Onur Mutlu.
SEC '17. Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, Yi Zhou.
SOSP '17. Amit Levy, Bradford Campbell, Branden Ghena, Daniel B. Giffin, Pat Pannuto, Prabal Dutta, Philip Levis.
SEC '11. Stephen Checkoway, Damon McCoy, Brian Kantor, Danny Anderson, Hovav Shacham, Stefan Savage.
Oakland '08. Daniel Halperin, Thomas S. Heydt-Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno, William H. Maisel.
SEC '04. Roger Dingledine, Nick Mathewson, Paul Syverson.
Oakland '16. Michael Tschantz, Sadia Afroz, Anonymous, Vern Paxson.
2013 CADO Policy Report. Julian Sanchez.
Harold Abelson, Ross Anderson, Steven Bellovin, Josh Benaloh, Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter Neumann, Ronald Rivest, Jeffrey Schiller, Bruce Schneier, Michael Specter, Daniel Weitzner.
SEC '15. Marcela Melara, Aaron Blankstein, Joseph Bonneau, Edward Felten, Michael Freedman.
No assigned reading.
No assigned reading.
Oakland '10. Robin Sommer and Vern Paxson.
Oakland '16. Nicholas Carlini and David Wagner.
Blog Post. Bill Marczak and John Scott-Railton.
CHI '18. Diana Freed, Jackeline Palmer, Diana Minchala, Karen Levy, Thomas Ristenpart, Nicola Dell.
CHES. Georg Becker, Francesco Regazzoni, Christof Paar, Wayne Burleson.
Symantec Technical Report. Nicolas Falliere, Liam Murchu, Eric Chien.
Oakland '17. Cormac Herley and P.C. van Oorschot.
SIGCOMM '15. Sam Burnett and Nick Feamster.
This course is composed of two main parts: reading and discussion, and a group project. Grading will be based on:
Readings and Discussion (40%)
We will read and discuss 1–2 topical papers for each class. Students should come prepared to actively discuss assigned papers and to make substantive intellectual contributions. Before each section, students will submit a short (400 word) summary and reaction for each each paper. Grading will be based 20% on these written responses and 20% on in-class participation.
Do not underestimate the amount of time required to properly read and process a research paper. Expect to spend several hours preparing for each section.
Course Project (60%)
Students will complete a quarter-long original research project in small groups (1–3 students) on a topic of their own choosing. Groups will present their work during the last two sections of class as well as submit a 6–10 page report, similar to the papers we read in the course.
Projects have four graded components:
In past offerings, well-executed projects have led to publications at top-tier security conferences and workshops. I'm happy to work with groups to publish their work.