CS 858: Selected Topics in Systems Security — Winter 2021

Course Staff N. Asokan (instructor) Hans Liljestrand (expert)
E-mail nasokan@uwaterloo.ca hans.liljestrand@uwaterloo.ca
Seminar times (tentative) Tuesdays, 2:30–4:00 pm
Virtual Drop-In Hours Thursdays, 2:30–3:30 pm, or by appointment

Suggested Reading List

Students only:

Course LEARN site

Course Teams team


Software systems written in memory-unsafe languages like C and C++ are pervasive. Their lack of memory safety leaves them vulnerable to various types of run-time attacks. In this graduate seminar, students will explore the state-of-the-art in run-time attacks and defenses.

Course Description

This synchronous seminar will take place within the Course Teams team. The seminar will primarily consist of reading, analyzing, presenting, and discussing research papers. There will be two papers assigned to each class period.

All students are required to read both of the papers before the class, and to submit a short (~1 page) analysis of each paper. Each paper will have a presenter and a discussion leader assigned to it. Each paper will have a dedicated channel in the Course Teams team. All activities related to a paper will take place in the corresponding paper channel.

The presenter will do a 20-minute presentation summarizing the paper and identifying at least three discussion questions. The discussion leader will also (independently) prepare at least three discussion questions. After each paper presentation, there will be a synchronous discussion session led by the discussion leader. The discussion can then continue asynchronously on the paper channel in the Course Teams team until the end of the next day. The discussion leader will write up and submit a summary of the discussion by the end of the week.

Guidance for participants (preparing paper summaries, participating in the discussion), presenter (preparing and delivering the paper presentation), and discussion leader (leading and summarizing the discussion) can be found on the Course Teams team.

Presenters will pre-record their presentations, upload it to Stream (login using your UW credentials to upload), and send the link to the course instructor on the Course Teams team. They will also upload a copy of their slides on the Course CrowdMark site

Students should stick to the following schedule:

Signup for papers: There is a Signup sheet in the Course Teams team which lists the dates on which each paper in the reading list is to be presented and discussed. Each student is required to sign up, by 5:00 pm on Thursday, January 14 for one paper as the presenter and another paper as the discussion leader. Sign-up is done on a first-come-first-serve basis.

If we do not have enough students present and lead discussion on all the listed papers, we will extend the signup so that students can bid to present or lead discussion an additional paper for an extra credit.

Note that all times for this course are specified in Eastern Time (the timezone of Waterloo and Toronto).


Students will work in groups of 2–3 on an original research project on a systems security topic, preferably related to run-time attacks and defenses. Each group will submit a proposal and the optional team charter (on CrowdMark) no later than 4 Feb at 5:00 pm. Students are strongly encouraged to briefly discuss their project idea with the instructor well in advance of this deadline. The project will typically involve developing or analyzing a software artifact. In some cases, the project can also be an extensive and thorough systematization of knowledge activity (comprehensive survey and synthesis). Near the end of term, time permitting, the groups will get the chance present their work to the class in a brief conference-style presentation. In addition, by 14 Apr at 5:00 pm they will produce and submit (on CrowdMark) a workshop-quality paper, 8–10 pages in length in standard ACM conference style format describing their artifact and project. The paper should include a contribution paragraph where the contribution of each group member is clearly outlined. It should also include a link to the software project repository (where applicable).


Grades for this seminar will be calculated as follows:

15%Paper presentations
15%Leading discussions
10%Paper summaries
10%Participation in paper discussions
7.5% (tentative) Extra credit for volunteering to present or lead discussion on an additional paper (if needed)

Late policy: Late submission of a deliverable will be docked 10% of the marks for that deliverable, up to three days. No marks will be awarded for deliverables that are delayed by more than three days.

To provide some workload flexibility, only your top 12 paper summaries and top 12 discussion contributions will count towards your final grade.

The instructor reserves the right to alter your final project grade to reflect your contributions, as per your submitted group contracts.

Asynchronous Accommodations

If you cannot attend synchronous class sessions, please let us know in advance (within the first two weeks of the course) and we will provide an opportunity for you to shift the weighting of your class participation mark towards forum participation. All other grade components will remain unchanged.

Academic Integrity

Note that students are not generally permitted to submit the same work for credit in multiple classes. For example, if a student has reviewed or presented one of the papers in another seminar class, he or she should avoid reviewing or presenting it again for this class.

The general university policy:

Note for Students with Disabilities

AccessAbility Services, located in Needles Hall, Room 1401, collaborates with all academic departments to arrange appropriate accommodations for students with disabilities without compromising the academic integrity of the curriculum. If you require academic accommodations to lessen the impact of your disability, please register with AccessAbility at the beginning of each academic term.

Coronavirus Information and Resources

Mental Health Support

All of us need a support system. We encourage you to seek out mental health supports when they are needed. Please reach out to Campus Wellness and Counselling Services.

We understand that these circumstances can be troubling, and you may need to speak with someone for emotional support. Good2Talk is a post-secondary student helpline based in Ontario, Canada that is available to all students.

Territorial Acknowledgement

We acknowledge that we live and work on the traditional territory of the Attawandaron (Neutral), Anishinaabeg, and Haudenosaunee peoples. The University of Waterloo is situated on the Haldimand Tract, the land promised to the Six Nations that includes ten kilometres on each side of the Grand River.