CS 858: Selected Topics in Systems Security — Winter 2022
| Course Staff | N. Asokan (instructor) |
| nasokan@uwaterloo.ca | |
| Seminar times | Tue/Thu, 1:00–2:30 pm in DC 2585 |
Suggested Reading List from 2021 (for illustration; expect some
changes for 2022)
Overview
Software systems written in memory-unsafe languages like C and C++ are pervasive. Their lack of memory safety leaves them vulnerable to various types of run-time attacks. In this graduate seminar, students will explore the state-of-the-art in run-time attacks and defenses.
Course Description
This seminar was originally intended to be an in-person seminar. We will use the Course Teams team for asynchronous discussions as well as for synchronous class meetings when in-person class meetings are not feasible. When in-person class meetings are feasible, the meetings will take place in DC 2585. The seminar will primarily consist of reading, analyzing, presenting, and discussing research papers. There will be one paper assigned to each class meetings (i.e, two papers each week).
All students are required to read both of the papers before the class meeting, and to submit a short (~1 page) analysis of each paper. Each paper will have a presenter and a discussion leader assigned to it. Each paper will have a dedicated channel in the Course Teams team. Before the discussion in the class meeting, we will use this channel to post relevant information like discusson questions. After the class meeting discussion about a paper, offline discussion can continue in this channel.
The presenter will do a 20-minute presentation summarizing the paper and identifying at least three discussion questions. The discussion leader will also (independently) prepare at least three discussion questions. After each paper presentation, there will be a class meeting (either in-person or a synchronous meeting in the Course Teams team) discussion session led by the discussion leader. The discussion can then continue asynchronously on the paper channel in the Course Teams team until the end of the next day. The discussion leader will write up and submit a summary of the discussion within two business days (i.e., by Friday for Tuesday papers, and by the following Tuesday for Thursday papers.
Guidance for participants (preparing paper summaries, participating in the discussion), presenter (preparing and delivering the paper presentation), and discussion leader (leading and summarizing the discussion) can be found on the Course Teams team.
Presenters will send the link via a direct message to the instructor on the Course Teams team. The instructor will make presentation available to the rest of the class
Students should stick to the following schedule:- Presenters will send their slides to the instructor by 5:00 pm on the day before the presentaion. The slides should end with a set of (at least three) discussion questions.
- Discussion leaders will submit their set of (at least three) discussion questions to the instructor by 5:00 pm on the day before the presentation (Mondays or Wednesdays). They will submit the discussion summary report to the instructor by 5:00 pm three business days after the day of the presentation (Fridays or Tuesdays). Both of these submissions are done by direct messaging the instructor on the Course Teams team.
- Other participants will submit their summary of the paper (on CrowdMark) by 5:00 pm on the day before the presentation.
Signup for papers: There is a Signup sheet in the Course Teams team which lists the dates on which each paper in the reading list is to be presented and discussed. Each student is required to sign up, by 5:00 pm on Thursday, January 13 for one paper as the presenter and another paper as the discussion leader. Sign-up is done on a first-come-first-serve basis.
If we do not have enough students present and lead discussion on all the listed papers, we will extend the signup so that students can bid to present or lead discussion an additional paper for an extra credit.
Note that all times for this course are specified in Eastern Time (the timezone of Waterloo and Toronto).
Projects
Students will work in groups of 2–3 on an original research project on a systems security topic, preferably related to run-time attacks and defenses. Each group will submit a proposal and the optional team charter (by direct message to the course staff on the Course Teams team ) no later than 3 Feb at 5:00 pm. Students are strongly encouraged to briefly discuss their project idea with the instructor well in advance of this deadline. The project will typically involve developing or analyzing a software artifact. In some cases, the project can also be an extensive and thorough systematization of knowledge activity (comprehensive survey and synthesis). Near the end of term, the groups will get the chance present their work to the class in a brief conference-style presentation on Mar 29 or Apr 5. The slides for the presentaions must be submitted (on CrowdMark) by Mar 28 at 5:00 pm. In addition, by 5 Apr at 5:00 pm they will produce and submit (on CrowdMark) a workshop-quality paper, 8–10 pages in length in standard ACM conference style format describing their artifact and project. The paper should include a contribution paragraph where the contribution of each group member is clearly outlined. It should also include a link to the software project repository (where applicable).
Grading
Grades for this seminar will be calculated as follows:
| 15% | Paper presentations |
| 15% | Leading discussions |
| 10% | Paper summaries |
| 10% | Participation in paper discussions |
| 50% | Project |
| 7.5% (tentative) | Extra credit for volunteering to present or lead discussion on an additional paper (if needed) |
Late policy: Late submission of a deliverable will be docked 10% of the marks for that deliverable, up to three days. No marks will be awarded for deliverables that are delayed by more than three days.
To provide some workload flexibility, only your top 12 paper summaries and top 12 discussion contributions will count towards your final grade.
The instructor reserves the right to alter your final project grade to reflect your contributions, as per your submitted group contracts.
Pandemic Accommodations
In line with the current university plans, class meetings for this course (on Tuesdays and Thursdays) will be held online in the Course Teams team at the beginning of term. If and when the public health situation permits, we will switch to in-person class meetings. However, if the public health situation warrants classes to pivot to online again, we will revert back to using the Course Teams team for the class meetings instead of meeting in-person. Similarly, if you are a presenter or discussion leader for a paper but are unable to attend the session for that paper, in person because of self-isolation requirement, we can hold that session on the Course Teams team instead of in the classroom, provided that you were able to notify at least a day in advance. If you were unable to provide notice, we will make other possible accomodations on a case-by-case basis (e.g., allowing you to present a later paper, if it is possible). Synchronous meetings held in the Course Teams team will be recorded to allow students to refer back to discussions and presentations. The videos will only be accessible to course participants and will be removed at the end of the course.Academic Integrity
Note that students are not generally permitted to submit the same work for credit in multiple classes. For example, if a student has reviewed or presented one of the papers in another seminar class, he or she should avoid reviewing or presenting it again for this class.
The general university policy:
Academic Integrity: In order to maintain a culture of academic integrity, members of the University of Waterloo community are expected to promote honesty, trust, fairness, respect and responsibility. Check the Office of Academic Integrity's website for more information.
All members of the UW community are expected to hold to the highest standard of academic integrity in their studies, teaching, and research. This site explains why academic integrity is important and how students can avoid academic misconduct. It also identifies resources available on campus for students and faculty to help achieve academic integrity in — and out — of the classroom.
Grievance: A student who believes that a decision affecting some aspect of his/her university life has been unfair or unreasonable may have grounds for initiating a grievance. Read Policy 70 — Student Petitions and Grievances, Section 4. When in doubt please be certain to contact the department's administrative assistant who will provide further assistance.
Discipline: A student is expected to know what constitutes academic integrity, to avoid committing academic offenses, and to take responsibility for his/her actions. Check the Office of Academic Integrity for more information. A student who is unsure whether an action constitutes an offense, or who needs help in learning how to avoid offenses (e.g., plagiarism, cheating) or about "rules" for group work/collaboration should seek guidance from the course professor, academic advisor, or the Undergraduate Associate Dean. For information on categories of offenses and types of penalties, students should refer to Policy 71 — Student Discipline. For typical penalties, check Guidelines for the Assessment of Penalties.
Avoiding Academic Offenses: Most students are unaware of the line between acceptable and unacceptable academic behaviour, especially when discussing assignments with classmates and using the work of other students. For information on commonly misunderstood academic offenses and how to avoid them, students should refer to the Office of Academic Integrity's site on Academic Misconduct and the Faculty of Mathematics Cheating and Student Academic Discipline Policy.
Appeals: A decision made or penalty imposed under Policy 70, Student Petitions and Grievances (other than a petition) or Policy 71, Student Discipline may be appealed if there is a ground. A student who believes he/she has a ground for an appeal should refer to Policy 72, Student Appeals.
Note for Students with Disabilities
AccessAbility Services, located in Needles Hall, Room 1401, collaborates with all academic departments to arrange appropriate accommodations for students with disabilities without compromising the academic integrity of the curriculum. If you require academic accommodations to lessen the impact of your disability, please register with AccessAbility at the beginning of each academic term.
Coronavirus Information and Resources
- Library COVID-19: Updates on library services and operations
- Coronavirus Information for Students This resource provides updated information on COVID-19 and guidance for accommodations due to COVID-19.
Mental Health Support
All of us need a support system. We encourage you to seek out mental health supports when they are needed. Please reach out to Campus Wellness and Counselling Services.
We understand that these circumstances can be troubling, and you may need to speak with someone for emotional support. Good2Talk is a post-secondary student helpline based in Ontario, Canada that is available to all students.
Territorial Acknowledgement
We acknowledge that we live and work on the traditional territory of the Attawandaron (Neutral), Anishinaabeg, and Haudenosaunee peoples. The University of Waterloo is situated on the Haldimand Tract, the land promised to the Six Nations that includes ten kilometres on each side of the Grand River.