Software Security (COMP 790-132)
A secure system is one that will enforce a given policy, even in the face of
malicious activity.
In this class we will learn about different
security policies and how they apply across a variety of application domains. We
will read about mechanisms designed to enforce a given policy and attacks meant
to thwart that same policy.
The class is meant for students who are interested in software and systems
security. The course will be research focused: classes will be centered around
discussion of published research in the security community, students
will work on an original research project, and students will write a
conference-style paper describing their work.
Paper Readings
We will read 1--2 papers per class. The reading for each class is given in
the
schedule. You are required to complete the
reading before class. For each paper you will write a review and email it to me by
11:59 pm the day before the class. The review should be short: one to three sentences
describing the problem addressed and the basic approach; roughly two paragraphs
describing the key insights and assessing the pros and cons of the paper; and as
much space as necessary to list any questions you may have had or any ideas for future work you thought
of. Although your written response will be short, the reading will not be
quick. You will need to read each paper thoroughly and in-depth in order to
write an insightful review and actively participate in the class discussion. An
example of a review written by a student in a previous class can be
found
here.
Security Review
You will conduct two security reviews, each of a system of your choosing, and
submit a write-up for each review. The first review can be done in groups of two,
the second must be done individually. For the review you will determine the
stated and implied security policies of your chosen system, evaluate both the
policies themselves and the system's
efficacy at enforcing those policies, and suggest improvements for increasing
the system's security. For these reviews you may choose any
technology for which security is a concern; you are not limited to only software
systems. The written review will be approximately three pages. We will go over
the details of this assignment in class.
Research Project
You will work in groups of two on an original research project. At the end of
the semester, each group will submit a conference-style paper and give a short
(10--15 min) presentation in class describing
their work. We will discuss possible project ideas in class,
although you are strongly encouraged to develop your own idea. Project proposals
will be due at 11:59 pm on Thursday, January 29th. The final paper will be due
at 11:59 pm on Friday, April 24th.
Key Dates |
|
Grading |
|
Project proposals due |
2/05/15 |
Final project |
45% |
First security review due |
2/26/15 |
Class discussion & written reviews |
40% |
Second security review due |
3/26/15 |
Security reviews |
15% |
Final in-class presentations |
4/23/15 |
|
|
Final paper due |
4/24/15 |
|
|