CS 858: Selected Topics in Systems Security — Winter 2022

Course Staff N. Asokan (instructor)
E-mail nasokan@uwaterloo.ca
Seminar times Tue/Thu, 1:00–2:30 pm in DC 2585

Suggested Reading List from 2021 (for illustration; expect some changes for 2022)


Software systems written in memory-unsafe languages like C and C++ are pervasive. Their lack of memory safety leaves them vulnerable to various types of run-time attacks. In this graduate seminar, students will explore the state-of-the-art in run-time attacks and defenses.

Course Description

This seminar was originally intended to be an in-person seminar. We will use the Course Teams team for asynchronous discussions as well as for synchronous class meetings when in-person class meetings are not feasible. When in-person class meetings are feasible, the meetings will take place in DC 2585. The seminar will primarily consist of reading, analyzing, presenting, and discussing research papers. There will be one paper assigned to each class meetings (i.e, two papers each week).

All students are required to read both of the papers before the class meeting, and to submit a short (~1 page) analysis of each paper. Each paper will have a presenter and a discussion leader assigned to it. Each paper will have a dedicated channel in the Course Teams team. Before the discussion in the class meeting, we will use this channel to post relevant information like discusson questions. After the class meeting discussion about a paper, offline discussion can continue in this channel.

The presenter will do a 20-minute presentation summarizing the paper and identifying at least three discussion questions. The discussion leader will also (independently) prepare at least three discussion questions. After each paper presentation, there will be a class meeting (either in-person or a synchronous meeting in the Course Teams team) discussion session led by the discussion leader. The discussion can then continue asynchronously on the paper channel in the Course Teams team until the end of the next day. The discussion leader will write up and submit a summary of the discussion within two business days (i.e., by Friday for Tuesday papers, and by the following Tuesday for Thursday papers.

Guidance for participants (preparing paper summaries, participating in the discussion), presenter (preparing and delivering the paper presentation), and discussion leader (leading and summarizing the discussion) can be found on the Course Teams team.

Presenters will send the link via a direct message to the instructor on the Course Teams team. The instructor will make presentation available to the rest of the class

Students should stick to the following schedule:

Signup for papers: There is a Signup sheet in the Course Teams team which lists the dates on which each paper in the reading list is to be presented and discussed. Each student is required to sign up, by 5:00 pm on Thursday, January 13 for one paper as the presenter and another paper as the discussion leader. Sign-up is done on a first-come-first-serve basis.

If we do not have enough students present and lead discussion on all the listed papers, we will extend the signup so that students can bid to present or lead discussion an additional paper for an extra credit.

Note that all times for this course are specified in Eastern Time (the timezone of Waterloo and Toronto).


Students will work in groups of 2–3 on an original research project on a systems security topic, preferably related to run-time attacks and defenses. Each group will submit a proposal and the optional team charter (by direct message to the course staff on the Course Teams team ) no later than 3 Feb at 5:00 pm. Students are strongly encouraged to briefly discuss their project idea with the instructor well in advance of this deadline. The project will typically involve developing or analyzing a software artifact. In some cases, the project can also be an extensive and thorough systematization of knowledge activity (comprehensive survey and synthesis). Near the end of term, the groups will get the chance present their work to the class in a brief conference-style presentation on Mar 29 or Apr 5. The slides for the presentaions must be submitted (on CrowdMark) by Mar 28 at 5:00 pm. In addition, by 5 Apr at 5:00 pm they will produce and submit (on CrowdMark) a workshop-quality paper, 8–10 pages in length in standard ACM conference style format describing their artifact and project. The paper should include a contribution paragraph where the contribution of each group member is clearly outlined. It should also include a link to the software project repository (where applicable).


Grades for this seminar will be calculated as follows:

15%Paper presentations
15%Leading discussions
10%Paper summaries
10%Participation in paper discussions
7.5% (tentative) Extra credit for volunteering to present or lead discussion on an additional paper (if needed)

Late policy: Late submission of a deliverable will be docked 10% of the marks for that deliverable, up to three days. No marks will be awarded for deliverables that are delayed by more than three days.

To provide some workload flexibility, only your top 12 paper summaries and top 12 discussion contributions will count towards your final grade.

The instructor reserves the right to alter your final project grade to reflect your contributions, as per your submitted group contracts.

Pandemic Accommodations

In line with the current university plans, class meetings for this course (on Tuesdays and Thursdays) will be held online in the Course Teams team at the beginning of term. If and when the public health situation permits, we will switch to in-person class meetings. However, if the public health situation warrants classes to pivot to online again, we will revert back to using the Course Teams team for the class meetings instead of meeting in-person. Similarly, if you are a presenter or discussion leader for a paper but are unable to attend the session for that paper, in person because of self-isolation requirement, we can hold that session on the Course Teams team instead of in the classroom, provided that you were able to notify at least a day in advance. If you were unable to provide notice, we will make other possible accomodations on a case-by-case basis (e.g., allowing you to present a later paper, if it is possible). Synchronous meetings held in the Course Teams team will be recorded to allow students to refer back to discussions and presentations. The videos will only be accessible to course participants and will be removed at the end of the course.

Academic Integrity

Note that students are not generally permitted to submit the same work for credit in multiple classes. For example, if a student has reviewed or presented one of the papers in another seminar class, he or she should avoid reviewing or presenting it again for this class.

The general university policy:

Note for Students with Disabilities

AccessAbility Services, located in Needles Hall, Room 1401, collaborates with all academic departments to arrange appropriate accommodations for students with disabilities without compromising the academic integrity of the curriculum. If you require academic accommodations to lessen the impact of your disability, please register with AccessAbility at the beginning of each academic term.

Coronavirus Information and Resources

Mental Health Support

All of us need a support system. We encourage you to seek out mental health supports when they are needed. Please reach out to Campus Wellness and Counselling Services.

We understand that these circumstances can be troubling, and you may need to speak with someone for emotional support. Good2Talk is a post-secondary student helpline based in Ontario, Canada that is available to all students.

Territorial Acknowledgement

We acknowledge that we live and work on the traditional territory of the Attawandaron (Neutral), Anishinaabeg, and Haudenosaunee peoples. The University of Waterloo is situated on the Haldimand Tract, the land promised to the Six Nations that includes ten kilometres on each side of the Grand River.