CS 563: Advanced Computer Security, Fall 2023


  • Instructor: Chris Fletcher, cwfletch@illinois.edu
  • Instructor OH: Thursdays, 2:00pm - 3:00pm CT, 4106 SC
  • TA: Sushant Dinesh, sdinesh2@illinois.edu
  • TA OH: Thursdays, 2:00pm - 3:00pm CT, Common area next to SC 4th floor elavators
  • Lecture: Wednesday and Friday, 11:00am - 12:15pm CT, 305 Materials Science & Eng Bld

Course Overview

Computer security is one of the most exciting and challenging areas in all of computer science. For the world’s largest technology companies, securing their computer systems is one of their top priorities. While technology has changed, the fundamental problems of securing computer systems have stayed remarkably similar. This course provides an in-depth examination of a selection of issues in computer security. This semester, readings are organized around two broad themes, and a potpourri of other late-breaking topics.

The first broad theme will examine the implications of modern system complexity: as systems become more complex, how do our existing assumptions break down, and how does this breakdown lead to new attack vectors? Further, what are the fundamental approaches for defense, and specific instantiations of those ideas for specific threat models?

The second broad theme will take a tour through the rich sub-area of data-oblivious computing, which has the promise to deliver strong security despite the above challenges. Our tour will take us from the bottom to top of the stack: starting with the (mainly, but not necessarily) cryptographic primitives that data obliviousness is built on, and moving up through the stack touching on algorithms, PL/compilers and leakage analysis.

Topics from the two broad themes will touch on issues across the computing stack and security field, e.g., related to compilers, programming languages, algorithms, systems, hardware and cryptography.

Last but definitely not least, we will dedicate a significant amount of time going over late-breaking results spanning a variety of sub-disciplines (mainly ones not covered in the above themes). This year, the selection of late-breaking results was taken from the “best paper” lists at this year’s Usenix and Oakland conferences.

Course Requirements

The expectations for all students in this course are as follows:

  • Participate: Students will attend every class and actively participate in class discussions.
  • Read Literature: Students will read all of the assigned papers in advance of each class.
  • Present Literature: Students will present research papers and lead the ensuing class discussion.
  • Write Reviews: Each week, students write a conference-style review for each assigned paper. These reviews will be submitted prior to the start of the class and graded by the instructors. Details about paper summary expectations will be discussed in the first class as part of the introductory material.
  • Complete a Term Project: Students will conduct a major research project in security, with the chief deliverable being a conference-style paper at the end of the semester. Project topics will be discussed in class after the introductory material is completed. As part of the term project, there will be another milestones throughout the semester (e.g., project proposals) that will be graded as homework assignment and discussed with the instructors outside of class. Projects teams may include groups of up to 2 students; however, groups of greater size will be expected to make greater progress. The instructors will advise each team/individual independently as needed. The project grade will be a combination of grades received for a number of milestone artifacts and the final conference-quality report.


Ethics, Law, and University Policies Warning

This course will include topics related computer security and privacy. As part of this investigation we may cover technologies whose abuse could infringe on the rights of others. As computer scientists, we rely on the ethical use of these technologies. Unethical use includes circumvention of an existing security or privacy mechanisms for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possibly more severe academic and legal sanctions.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. If in doubt, we can refer you to an attorney.

Please review the Campus Administrative Manual (especially the Policy on Appropriate Use of Computers and Network Systems at the University of Illinois at Urbana-Champaign) for guidelines concerning proper use of information technology at Illinois, as well as the Student Code (especially 1-302 Rules of Conduct, 1‑402 Academic Integrity Infractions). As members of the university, you are required to abide by these policies.

Academic Integrity

The University of Illinois at Urbana-Champaign Student Code should also be considered as a part of this syllabus. Students should pay particular attention to Article 1, Part 4: Academic Integrity. Read the Code at the following URL: http://studentcode.illinois.edu/.

Academic dishonesty may result in a failing grade. Every student is expected to review and abide by the Academic Integrity Policy: http://studentcode.illinois.edu/. Ignorance is not an excuse for any academic dishonesty. It is your responsibility to read this policy to avoid any misunderstanding. Do not hesitate to ask the instructor(s) if you are ever in doubt about what constitutes plagiarism, cheating, or any other breach of academic integrity.

Students with Disabilities

To obtain disability-related academic adjustments and/or auxiliary aids, students with disabilities must contact the course instructor and the as soon as possible. To insure that disability-related concerns are properly addressed from the beginning, students with disabilities who require assistance to participate in this class should contact Disability Resources and Educational Services (DRES) and see the instructor as soon as possible. If you need accommodations for any sort of disability, please speak to me after class, or make an appointment to see me, or see me during my office hours. DRES provides students with academic accommodations, access, and support services. To contact DRES you may visit 1207 S. Oak St., Champaign, call 333-4603 (V/TDD), or e-mail a message to disability@uiuc.edu. See http://www.disability.illinois.edu/.

Emergency Response Recommendations

Emergency response recommendations can be found at the following website: http://police.illinois.edu/emergency-preparedness/. I encourage you to review this website and the campus building floor plans website within the first 10 days of class. See http://police.illinois.edu/emergency-preparedness/building-emergency-action-plans/.

Family Educational Rights and Privacy Act (FERPA)

Any student who has suppressed their directory information pursuant to Family Educational Rights and Privacy Act (FERPA) should self-identify to the instructor to ensure protection of the privacy of their attendance in this course. See http://registrar.illinois.edu/ferpa for more information on FERPA.

Statement on CS CARES and CS Values and Code of Conduct

All members of the Illinois Computer Science department - faculty, staff, and students - are expected to adhere to the CS Values and Code of Conduct. The CS CARES Committee is available to serve as a resource to help people who are concerned about or experience a potential violation of the Code. If you experience such issues, please contact the CS CARES Committee. The instructors of this course are also available for issues related to this class.