Malicious Code Defense: Malicious code such as worms, botnets, spyware, rootkits is
wreaking havoc on the Internet. What are the technical reasons
causing the prevalence of malicious code on the Internet today? What
techniques can we design and develop to defend against it?
OS and Web Security: Operating Systems need to provide a secure platform for
applications. Similarly, the web browser needs to provide a secure
platform for web applications which are becoming increasingly
important. What are the fundamental security properties that an OS or
a web browser should provide? What techniques can we design and
develop to achieve them?
In addition, new Internet algorithms and services such as pay per click ads,
recommender systems and reputation systems are on the rise.
Economic incentives lead to real-world attacks. What new
security issues may these services face? What
techniques can we design and develop to protect them?
Privacy Enhancing Technologies: Huge volumes of data
containing sensitive/private information are being collected and stored
by various sensors/monitoring systems, auditing systems,
etc. Examples include electronic records in health care systems and
location information in ubiquitous computing applications. How can we
protect users' privacy and at the same time enable effective sharing
and utilization of the distributed data? And how can we provide
desirable services to users and protect their privacy even when the
servers are untrusted?
These are among the most pressing security and privacy questions to be
addressed today. By covering state-of-the-art research discoveries and
results, this class endeavors to find answers to these
questions. The goal of this class is twofold: (1) to arm students with a
set of core techniques they can use
to address security and privacy issues in their
research areas, (2) to introduce students to important research
questions and prepare them to conduct additional research
in these areas.
Students are expected to do a 2-person semester-long group project on relevant research topics.
More details coming soon.
20% Class particpation
20% Paper summaries
60% Class project
Prerequisite: No prerequisite for graduate students. For undergraduate students, please check with the instructor.
Class style: This course will be mostly lecture
and in-class discussion oriented. The course is divided into three
topics as outlined above. The instructor will provide
context for each topic, introduce the core techniques, and
lead in-class discussions on challenging issues and open research
Some lectures have required reading, and other lectures have
supplemental readings for those interested in more in-depth learning.
Intended audience: This course is intended for
graduate students interested in the latest technologies in
computer security and privacy. Both first year graduate
students and more senior graduate students are welcome. The topic on privacy
enhancing techniques will be of particular interest to students of
databases and distributed systems; malicious code defense
will espeically interestd students of networking and program analysis; the
topic on OS and Web security will be of particular interest to students of OS; the
final topic has special applicability to social networks and new
Relationship with CS261: This course and CS261
almost have no overlap in terms of materials covered in class. CS261
aims to provide an introduction to basic concepts in computer security,
whereas this course focuses on several most pressing research topics
and aims to introduce students to the most recent results and open
research questions in the selected areas.