Instructor: Stephen Checkoway, sfc@uic.edu
Lectures: Tuesday and Thursday. 15:30–16:45 in Taft Hall 204
Office hours: Wednesday 15:00–16:00 in SEO 1236
This course will explore recent advances in software security. Students will read, analyze, and discuss recent and/or important computer security papers. A variety of topics will be discussed, based on student interest. Possible topics include low-level software security, web security, applied cryptography, embedded system security, language-based security, and privacy.
Grades will be determined as follows:
Paper summaries: 10%
Project and presentation: 40%
Class participation: 50%
Students are required to have taken and passed a graduate course in computer security. Students are expected to be familiar with low-level software security, operating systems, C, and assembly.
Reading, analyzing, and discussing academic papers is the primary component of this course. To that end, each student is expected to read every paper and come to class prepared to discuss them. To facilitate an interesting discussion, a written summary of the day's papers are due by 6 am on the day of the class.
Reading and comprehending a research paper can be a challenging activity. When reading a paper, keep these questions in mind:
What problem does this work try to solve? (Note that this isn't a question about what technical problem the paper overcomes.)
Is this an important problem?
Why is prior work (if any) insufficient to solve the problem?
What is the proposed solution?
What technical contribution does the proposed solution contain?
How is the proposed solution evaluated?
Is the evaluation reasonable?
How would you continue this line of research? (I.e., what future work would you do if you were working on this topic.)
You will write a structured paper summary for each paper we read in the course. The summary is due at 6 am on the day of the class. If for whatever reason you cannot do so, you must contact the instructor no later than the day before; no nonemergency exceptions. Use the summary template to write your summary and turn them in using BlackBoard. You should write about a paragraph for each section in the template. Summaries should not consist of sentences copied from the paper. Use your own words to describe the key ideas.
We will discuss the papers we read in class. This is a key component of the course. Everybody must participate. The paper summaries are intended to help you focus your thoughts about the papers.
The other major component of the course is a research project that you may do in any area of computer security, including those not covered in class. The project will consist of original research.
You will give a 10–15 minute presentation on the last week of class about your project and submit a short 5–8 page writeup (in USENIX format). The goal is to have the resulting writeup to be of sufficient quality and novelty to submit to a workshop or conference in computer security.
For the project, you will form teams of three. A team of two or four students may be required depending on class size, but they are strongly discouraged.
Once you have picked a team, you will write a one-page project proposal, due in class on Thursday January 21, and a two-page project status update, due in class on Thursday March 3.
Project presentations will take place in class on Tuesday, April 26 and Thursday April 28. If you are presenting on Tuesday, your final report is due on Thursday and if you are presenting on Thursday, your final report is due on Tuesday.
There are no exams.
You may work with your assigned project team on the project. It is expected that all students in a team contribute to all parts of the project, including giving the final presentation.
The deadlines for the project presentation and writeup are hard: no late assignments will be accepted.
Students are expected to do their own work. Cheating will not be tolerated and any student who engages in forbidden conduct will be subjected to the disciplinary process. Cheaters will receive a failing grade in the course.