Computer security is one of the most exciting and challenging areas in all of computer science. For the world’s largest technology companies, securing their computer systems is one of their top priorities. While technology has changed, the fundamental problems of securing computer systems have stayed remarkably similar. This course provides an in-depth examination of a selection of issues in computer security. This semester, readings are organized around two broad themes, and a potpourri of other late-breaking topics.
The first broad theme will examine the implications of modern system complexity: as systems become more complex, how do our existing assumptions break down, and how does this breakdown lead to new attack vectors? Further, what are the fundamental approaches for defense, and specific instantiations of those ideas for specific threat models?
The second broad theme will take a tour through the rich sub-area of data-oblivious computing, which has the promise to deliver strong security despite the above challenges. Our tour will take us from the bottom to top of the stack: starting with the (mainly, but not necessarily) cryptographic primitives that data obliviousness is built on, and moving up through the stack touching on algorithms, PL/compilers and leakage analysis.
Topics from the two broad themes will touch on issues across the computing stack and security field, e.g., related to compilers, programming languages, algorithms, systems, hardware and cryptography.
Last but definitely not least, we will dedicate a significant amount of time going over late-breaking results spanning a variety of sub-disciplines (mainly ones not covered in the above themes). This year, the selection of late-breaking results was taken from the “best paper” lists at this year’s Usenix and Oakland conferences.
The expectations for all students in this course are as follows:
This course will include topics related computer security and privacy. As part of this investigation we may cover technologies whose abuse could infringe on the rights of others. As computer scientists, we rely on the ethical use of these technologies. Unethical use includes circumvention of an existing security or privacy mechanisms for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possibly more severe academic and legal sanctions.
Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. If in doubt, we can refer you to an attorney.
Please review the Campus Administrative Manual (especially the Policy on Appropriate Use of Computers and Network Systems at the University of Illinois at Urbana-Champaign) for guidelines concerning proper use of information technology at Illinois, as well as the Student Code (especially 1-302 Rules of Conduct, 1‑402 Academic Integrity Infractions). As members of the university, you are required to abide by these policies.
The University of Illinois at Urbana-Champaign Student Code should also be considered as a part of this syllabus. Students should pay particular attention to Article 1, Part 4: Academic Integrity. Read the Code at the following URL: http://studentcode.illinois.edu/.
Academic dishonesty may result in a failing grade. Every student is expected to review and abide by the Academic Integrity Policy: http://studentcode.illinois.edu/. Ignorance is not an excuse for any academic dishonesty. It is your responsibility to read this policy to avoid any misunderstanding. Do not hesitate to ask the instructor(s) if you are ever in doubt about what constitutes plagiarism, cheating, or any other breach of academic integrity.
To obtain disability-related academic adjustments and/or auxiliary aids, students with disabilities must contact the course instructor and the as soon as possible. To insure that disability-related concerns are properly addressed from the beginning, students with disabilities who require assistance to participate in this class should contact Disability Resources and Educational Services (DRES) and see the instructor as soon as possible. If you need accommodations for any sort of disability, please speak to me after class, or make an appointment to see me, or see me during my office hours. DRES provides students with academic accommodations, access, and support services. To contact DRES you may visit 1207 S. Oak St., Champaign, call 333-4603 (V/TDD), or e-mail a message to email@example.com. See http://www.disability.illinois.edu/.
Emergency response recommendations can be found at the following website: http://police.illinois.edu/emergency-preparedness/. I encourage you to review this website and the campus building floor plans website within the first 10 days of class. See http://police.illinois.edu/emergency-preparedness/building-emergency-action-plans/.
Any student who has suppressed their directory information pursuant to Family Educational Rights and Privacy Act (FERPA) should self-identify to the instructor to ensure protection of the privacy of their attendance in this course. See http://registrar.illinois.edu/ferpa for more information on FERPA.
All members of the Illinois Computer Science department - faculty, staff, and students - are expected to adhere to the CS Values and Code of Conduct. The CS CARES Committee is available to serve as a resource to help people who are concerned about or experience a potential violation of the Code. If you experience such issues, please contact the CS CARES Committee. The instructors of this course are also available for issues related to this class.