Graduate Computer Security Fall 2023
This graduate course covers foundational research in computer and network security. The goal of this course is to provide students with a broad understanding of classical and modern security problems, the mental models and techniques commonly used in the field, and practical experience conducting security research. This class will consist of reading and discussing academic papers and conducting and presenting an original research project. See the schedule for details.
Note: For historical reasons, the official registrar course title is "Introduction to Computer Security"; however this will be a graduate research course that assumes students have already taken CMSC 23200 (Intro to Security), or have equivalent knowledge. CMSC 23200 will not be offered until Winter 2023.
Much of the course's structure and reading list is adapted from similar classes at peer universities, including CS 261N at UC Berkeley, CS 356 at Stanford, CSE 227 at UCSD, and CS8803-EMS at Georgia Tech.
Instructor
Course Information
| Prerequisites | CMSC 23200 or equivalent |
| Lectures | Classes will be held from 1:30p - 2:50p on Mondays and Wednesdays in Ryerson Physics Lab, Room 255. |
| Office Hours | Wednesdays 3:00p - 4:00p in JCL 255 |
| Textbook | These is no textbook for the course. This class will be focused on research paper reading, all of which are freely accessible via campus's network or the UChicago library proxy. Please contact me if you have any issues accessing assigned readings. |
| Communication | All online discussion and communication will happen via the Ed Discussion platform
(also accessible via the course Canvas). You can post here to find teammates for your projects, as well as post a private message to me with questions, issues, or concerns you have. (Note: Ignore the Canvas titling for the course (CMSC 23200), that is an incorrect historical artifact.) |
| Submission of work | All assignments will be collected via Gradescope.
Class homeworks (written responses for the required readings), are due by 11:00am prior to the corresponding course; i.e., homeworks for Monday's required readings are due by 11:00am on Monday and homeworks for Wednesday's required readings are due by 11:00am on Wednesday. |
Grading
Your course grade is based on four components: (1) reading and discussion for the assigned course papers, (2) presenting and leading the discussion for one assigned paper, and (3) completing a group research project.
Readings Responses and Discussion (30%)
Each class will explore a sub-area of computer security through discussions of 1-2 research papers.
Students are expected to thoroughly read each of the required papers beforehand.
To faciliate this understanding, students will submit a written response for each paper prior to the start of class (11:00am on Gradescope); for multiple papers, include both responses in a single PDF.
Each paper's written response should address the following general points:
- What are the paper's main contributions? (3-5 sentences max)
- What parts of the paper are questionable? (E.g., methodology, omissions, relevance, presentation, ethics.) (3-5 sentences max)
- Propose at least one question that you would like to have the class discuss about the paper.
- What parts of the paper do you find unclear? (Optional)
- Additionally, some homeworks will include an additional specific question or sometimes two regarding the topic, such as challenging you to come up with and defend a proposed solution.
No late written homeworks will be accepted, however, I will drop your two lowest scoring homework sets (two class's papers). In-class attendance and participation will be excused for illness, academic/research travel, and case-by-case circumstances.
Presenting and Leading a Paper Discussion (10%)
Each student will present and lead the discussion for one of the assigned papers during the quarter (sign-ups will happen during the third class of the quarter). For the first two weeks of paper presentations (Weeks 3 & 4), student-led papers will be presented in teams of 2 students.
For your presentation, email me your slides no later than 11:00am prior to the class you're presenting at (same deadline as the reading assignments).
You are not required to submit the written response for any of the required papers that day; you can simply submit a document stating that you were a discussion lead for that day along with the paper title.
Paper presentations should be structured similar to the presentations I use in class and should cover the following key aspects: (1) What is the problem (key research questions) of the paper? (2) What is the motivation for the paper? (3) Provide a brief overview of any important background or prior work (4) What are the methods and approach to solving the problem (for measurement papers, this will be an overview of the data collection and analysis methods; for papers that develop a system, method, or attack, this will be a discussion of the techniques) (5) What are the results and what was the evaluation or analysis? (6) What are the limitations of the work (evaluation pitfalls, future work, etc.)?
Your presentation should include at least a few questions for discussion, either intermingled throughout the presentation or at the end.
Course Project (60%)
Students will complete an original research project in small groups (1–3 students) on a topic of their choice related to security and privacy research.
Each group will submit a 6-10 page written report at the end of the quarter, as well as present their work during the final weeks of class.
The grade for your project will consist of the following components:
- Project Proposal (5%): Due Oct 13
Submit one proposal per group and list all of the members of your group in the proposal.
Write a concise (approximately 1 page) project proposal that clearly states: (1) the problem you will be tackling and the motivation for your problem (i.e., why it matters and who will it will impact); (2) the key challenges the research will need to solve or study; (3) a high-level sketch of your approach and plan for the project, including milestones and a sketch for how you will evaluate / demonstrate the success of your approach. If there are any special resources you might need, mention these. - Preliminary Report (5%): Due Oct 30
Submit a short (1-2 page) progress report that describes what your group has accomplished, what work still remains, any obstacles your have encountered, and any preliminary insights or results.
Additionally, submit a preliminary related work write-up (1-3 pages) that contains an outline of the different sub-areas (paper subsections) of related work. In each of the outline's subsections, include a short paragraph that (1) summarizes what the subsection of work is about, (2) how it relates to your project, and (3) a list of relevant papers that your final paper will cover in each subsection.
For at least one of these subsections, fully write-up the section as if it were the final paper; the subsection your team writes should cover at least 5 papers. - Project Presentation (10%)
Each group will give a 15 - 20 minute presentation during the final two class days about their research project. - Final Report (40%): Due Dec 8
Submit a technical paper on the research you have done, in the style of conference papers we have read in class, that includes an abstract, introduction, related work, methodology, results, discussion, references, etc. The paper should be 6-10 pages long and use the Usenix Latex template.
State the problem you're addressing, motivate why it is an important or interesting problem, present your research thoroughly and clearly, compare to any related work that may exist, summarize your research contributions, and draw whatever conclusions may be appropriate. Here are two pointers on writing a good technical paper: Vern's advice and Henning's advice.
P/F Grade Policies
As outlined in UChicago's policy, this course may be taken pass/fail (P/F). Students who wish to take the course pass/fail, instead of for a letter grade, must make a Campuswire post with that request by the end of Week 9. A grade of P will be given to students who would have earned a C- or better in the course if it were taken for a letter grade. Note that classes taken pass/fail are unlikely to count toward the computer science major or other graduate degrees, so please only make a P/F request if you understand (in consultation with your advisor) how doing so will impact your ability to count this course towards your degree.Academic Integrity Policies
The University of Chicago has formal policies related to academic honesty and plagiarism, as described by the university broadly and the college specifically. We abide by these standards in this course. Depending on the severity of the offense, you risk being dismissed altogether from the course. All cases will be referred to the Dean of Students office, which may impose further penalties, including suspension and expulsion. If you have any question about whether some activity would constitute cheating, please ask. In addition, we expect all students to treat everyone else in the course with respect, following the norms of proper behavior by members of the University of Chicago community.ChatGPT and Language Models: You may not use ChatGPT or any similar AI tool to generate the contents of any assignment you submit, such as the summaries of the required paper readings or your project report materials. You may use such tools to improve the quality of your own original writing. Any use of such tools must be clearly disclosed in the assignment submission, and must include all input prompts given to the tools. You are responsible for all content generated by any such tools as if you had written it yourself.
Wellness
If a personal emergency comes up that might impact your work in the class, please let the instructor know in a Ed Discussion (Canvas) post visible only to the instructors so that the course staff can make appropriate arrangements. University environments can sometimes be very overwhelming, and all of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful. If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. The University of Chicago's counseling services are here to support you. Consider also reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.If you or someone you know is feeling suicidal or in danger of self-harm, call someone immediately, day or night:
• Student Counseling Urgent Care: (773)702-9800 or in person.
• National Suicide Prevention Lifeline: 1-800-273-8255.