CS 858: Selected Topics in Systems Security — Winter 2023

>
Course Staff N. Asokan (instructor) Hossam ElAtali (expert)
E-mail nasokan@uwaterloo.ca
Seminar times Tue/Thu, 8:30–9:50 am in DC 2585

Suggested Reading List.

Overview

Software systems written in memory-unsafe languages like C and C++ are pervasive. Their lack of memory safety leaves them vulnerable to various types of run-time attacks. In this graduate seminar, students will explore the state-of-the-art in run-time attacks and defenses.

Course Description

Class meetings will take place in DC 2585. The seminar will primarily consist of reading, analyzing, presenting, and discussing research papers. There will be one paper assigned to each class meetings (i.e, two papers each week).

All students are required to read both of the papers before the class meeting, and to submit a short (max. 1 page) analysis of each paper. Each paper will have a presenter and a discussion leader assigned to it. Each paper will have a dedicated channel in the Course Teams team. Before the discussion in the class meeting, we will use this channel to post relevant information like discusson questions. After the class meeting discussion about a paper, offline discussion can continue in this channel.

The presenter will do a 20-minute presentation summarizing the paper and identifying at least three discussion questions. The discussion leader will also (independently) prepare at least three discussion questions. After each paper presentation, there will be a class meeting discussion session led by the discussion leader. The discussion can then continue asynchronously on the paper channel in the Course Teams team until noon the next day. The discussion leader will write up and submit a summary of the discussion within three days (i.e., by Friday for Tuesday papers, and by the following Tuesday for Thursday papers.

Guidance for participants (preparing paper summaries, participating in the discussion), presenter (preparing and delivering the paper presentation), and discussion leader (leading and summarizing the discussion) can be found on the Course Info wiki on the Course Teams team.

Presenters will send the link via a direct message to the instructor on the Course Teams team. The instructor will make presentation available to the rest of the class.

Students should stick to the following schedule: More detailed instructions for each of the above can be found on the Course Info wiki in the Course Teams team.

Signup for papers: There is a Signup sheet in the Course Teams team which lists the dates on which each paper in the reading list is to be presented and discussed. Each student is required to sign up, by noon on Jan 12 for one paper as the presenter and another paper as the discussion leader. Sign-up is done on a first-come-first-serve basis.

If we do not have enough students present and lead discussion on all the listed papers, we will extend the signup so that students can bid to present or lead discussion an additional paper for an extra credit.

Note that all times for this course are specified in Eastern Time (the timezone of Waterloo and Toronto).

Projects

Students will work in groups of 2–3 on an original research project on a systems security topic, preferably related to run-time attacks and defenses. Each group will submit a proposal and the optional team charter (by direct message to the course staff on the Course Teams team ) no later than 2 Feb at noon. Students are strongly encouraged to briefly discuss their project idea with the instructor well in advance of this deadline. The project will typically involve developing or analyzing a software artifact. In some cases, the project can also be an extensive and thorough systematization of knowledge activity (comprehensive survey and synthesis). Near the end of term, the groups will get the chance present their work to the class in a brief conference-style presentation on 4 Apr or 6 Apr. The slides for the presentaions must be submitted (on CrowdMark) by 3 Apr at noon. In addition, by 11 Apr noon they will produce and submit (on CrowdMark) a workshop-quality paper, 8–10 pages in length in standard ACM conference style format describing their artifact and project. The paper should include a contribution paragraph where the contribution of each group member is clearly outlined. It should also include a link to the software project repository (where applicable).

Grading

Grades for this seminar will be calculated as follows:

15%Paper presentations
15%Leading discussions
10%Paper summaries
10%Participation in paper discussions
50%Project
7.5% (tentative) Extra credit for volunteering to present or lead discussion on an additional paper (if needed)

Late policy: Late submission of a deliverable will be docked 10% of the marks for that deliverable, up to three days. No marks will be awarded for deliverables that are delayed by more than three days.

To provide some workload flexibility, only your top 12 paper summaries and top 12 discussion contributions will count towards your final grade.

The instructor reserves the right to alter your final project grade to reflect your contributions, as per your submitted group contracts.

Academic Integrity

Note that students are not generally permitted to submit the same work for credit in multiple classes. For example, if a student has reviewed or presented one of the papers in another seminar class, he or she should avoid reviewing or presenting it again for this class.

The general university policy:

Note for Students with Disabilities

AccessAbility Services, located in Needles Hall, Room 1401, collaborates with all academic departments to arrange appropriate accommodations for students with disabilities without compromising the academic integrity of the curriculum. If you require academic accommodations to lessen the impact of your disability, please register with AccessAbility at the beginning of each academic term.

Mental Health Support

All of us need a support system. We encourage you to seek out mental health supports when they are needed. Please reach out to Campus Wellness and Counselling Services.

We understand that these circumstances can be troubling, and you may need to speak with someone for emotional support. Good2Talk is a post-secondary student helpline based in Ontario, Canada that is available to all students.

Territorial Acknowledgement

We acknowledge that we live and work on the traditional territory of the Attawandaron (Neutral), Anishinaabeg, and Haudenosaunee peoples. The University of Waterloo is situated on the Haldimand Tract, the land promised to the Six Nations that includes ten kilometres on each side of the Grand River.