ScheduleΒΆ

The schedule will change as the course progresses, in part based on student interests. If you are particularly interested in some topic not covered here, send mail to the course staff (mailto:cs519.cand@gmail.com).

Please visit submission web site to submit your assignments. .. and importantly, ask any questions (and things to discuss) .. with colleagues and staffs via Piazza.

MondayTuesday WednesdayThursday Friday
Apr 2 Apr 3
LEC 1: Introduction to Academic (security) Research
First day of class
Apr 4 Apr 5
LEC 2: How to Read Academic Papers?
Apr 6
Apr 9 Apr 10
LEC 3: Stack Buffer Overflow
Read: Hack #3 BufferOverflow
Read: Tech #4 StackGuard
Read: Tech #5 ShadowStack
Apr 11 Apr 12
LEC 4: Memory Corruption Vulnerabilities
Read: Survey #6 Survey on Memory Attacks
Read: Tech #7 Softbound
Apr 13
Apr 16 Apr 17
LEC 5: Return-Oriented Programming
Read: Hack #9 ROP-black-hat
Read: Tech #10 ROP-ccs
Read: Tech #11 Sigreturn ROP
Apr 18 Apr 19
LEC 6: Control-flow and Code Pointer Integrity
Read: Tech #12 CFI
Read: Tech #13 CPI
Apr 20
Apr 23 Apr 24
LEC 7: Automatic Vulnerability Discovery #1
Read: Tech #14 KLEE - Symbolic execution on source code
Read: Tech #15 AEG - Auto exploit generation on source code
Read: Survey #16 SoK paper on auto exploit/patch
Read: Hack Some note on symbolic execution vs fuzzing
Apr 25 Apr 26
LEC 8: Automatic Vulnerability Discovery #2
Read: Tech #17 KINT - Finding Integer Overflow Vulnerabilities
Read: Tech #18 APISan - Finding API Misuse Vulnerabilities
Apr 27
Apr 30 May 1
LEC 9: Google Chrome Sandbox
Read: Tech #19 Chrome Sandbox
Read: Tech #20 Native Client
May 2 May 3
LEC 10: Other sandboxes
Read: Tech #21 MBox
May 4
May 7 May 8
LEC 11: Project Proposal Presentation
Project Proposal Date
May 9 May 10
LEC 12: Trusted Execution Environment (Intel SGX)
Read: Tech #22 Graphene-SGX
Read: Tech #23 Side-channel attack against SGX
May 11
May 14 May 15
LEC 13: Web Security #1 - XSS, CSRF, CSP
Read: Hack #24 XSS
Read: Hack #25 CSP
May 16 May 17
LEC 14: Web Security #2 - Pollution, Clickjacking, Tracking, etc.
Read: Tech #26 Pollution
Read: Tech #27 Clickjacking
Read: Tech #28 Tracking
May 18
May 21
Conference Travel (IEEE S&P), No class!
May 22
Conference Travel (IEEE S&P), No class!
May 23
Conference Travel (IEEE S&P), No class!
May 24
LEC 15: Project and Assignment
May 25
May 28
Memorial Day
May 29
LEC 16: Side-channel Attacks
Read: Hack #29 Cache Attacks
May 30 May 31
LEC 17: TBD 9-2
Jun 1
Jun 4 Jun 5
LEC 18: Project Presentation #1
Jun 6 Jun 7
LEC 19: Project Presentation #2
The last day of class
Jun 8
Jun 11
Final exam week
(No final!)
Jun 12
Final exam week
(No final!)
Jun 13
Final exam week
(No final!)
Jun 14
Final exam week
(No final!)
Jun 15
Final exam week
(No final!)