COMP 4634: Cybersecurity (Fall 2024)

Lecture Details

Instructor: Dongdong She (dongdong@cse.ust.hk)
Office hours: Tuesday (1:30-2:00 pm) Room 3505
TA: Wei Chen (wchenbt@cse.ust.hk)
TA Office hours: TBD
Classroom: LG5202, Lift 10-12
Class hours: Tuesday and Thursday (1:30-2:50 pm)

Course Description

This course covers principles of cybersecurity, including the basics of system security, hardware security, web security, network security, ML security, and LLM security. We show concrete examples of diverse security issues when these principles are violated. We then discuss techniques to detect, mitigate and prevent potential security issues.

Course Goal

The general goal of this course is to help you acquire a basic knowledge of system security, network security, ML security, and LLM security. You can also gain hands-on experience on several classic cybersecurity attacks and defenses.

Prerequisite

The course requires an understanding of operating systems, networking protocols, and a basic understanding of programming languages. Programming projects will be done primarily in C and JavaScript, but other languages may be needed. COMP 2012/2012H and COMP 3631 (optional, waive by request).

Grading

In-class participation - 5%
In-class quizzes - 5%
Assignment - 40%
Midterm exam - 20%
Final exam - 30%

Schedule

Date	Topics	Lecture slides & Reading
03/09	Introduction	slides, class quiz: lock picking competition
05/09	Control hijacking attacks: exploits	slides, additional reading: Hacking blind, A. Bittau et al. Basic Integer Overflows, blexim Use after free exploit example, K. Winterborn Bypassing Browser Memory Protections, A. Sotirov, M. Dowd
10/09	Control hijacking attacks: exploits (cntd.)
12/09	Control hijacking attacks: defenses	slides, additional reading: Return oriented programming, H. Shacham et al. Control flow integrity, M. Abadi et al. ARM Memory Tagging Extension and How It Improves C/C++ Memory Safety, K. Serebryany
17/09	Control hijacking attacks: defenses (cntd.)
19/09	Principle of least privilege, access control, and operating systems security	additional reading: SetUID Demystified, Chen, Dean, and Wagner, 2002. Operating Systems Security, T. Jaeger, 2008. Chapter 4, Security in Ordinary Operating Systems.
24/09	Principle of least privilege, access control, and operating systems security (cntd.)
26/09	Isolation and sandboxing	additional reading: Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, T. Garfinkel Efficient Software-Based Fault Isolation, Robert Wahbe, et al.
03/10	Isolation and sandboxing (cntd.)
08/10	Processor and microarchitecture security: Intel SGX and the Spectre attack	slides, additional reading: Shielding Applications from an Untrusted Cloud with Haven Spectre Attacks: Exploiting Speculative Execution Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX
10/10	Web Security Model	slides, additional reading: Securing Browser Frame Communication. Adam Barth, Collin Jackson, and John C. Mitchell Analyzing and Defending Against Web-based Malware. J. Chang et al. Exposing private information by timing web applications. A. Bortz, D. Boneh, and P. Nandy Web workers Content Security Policies Sandboxed iFrames cors
15/10	Midterm
17/10	Web Attacks	slides, additional reading: Cross site scripting explained, Amit Klein SQL Injection attacks, Chris Anley Robust Defenses for Cross-Site Request Forgery. Adam Barth, Collin Jackson, and John C. Mitchell
22/10	Web Attacks (cntd.)
24/10	Web Defenses	slides, additional reading: Secure Session Management With Cookies for Web Applications. Chris Palmer Origin Cookies: Session Integrity for Web Applications. by Bortz et al.
29/10	Web Defenses (cntd.)
31/10	Network Security	slides, additional reading: A Security Evaluation of DNSSEC with NSEC3, J. Bau and J.C. Mitchell Distributed Firewalls, S. Bellovin Bro: A System for Detecting Network Intruders in Real-Time, V. Paxon
05/11	Network Security (cntd.)
07/11	DoS Attacks and Network Defenses	slides, additional reading: DDoS amplification attack statistics, 2017 The real cause of large DDoS - IP Spoofing, Marek Majkowski, 2018. Practical network support for IP Traceback, S. Savage, et al. A DoS-Limiting Network Architecture, Yang, Wetherall, and Anderson
12/11	DoS Attacks and Network Defenses (cntd.)
14/11	Privacy, Anonymity, and Censorship	slides, additional reading: Tor: the second-generation onion router
19/11	Machine Learning Security: Adverserial Attack	slides, additional reading: TBD
21/11	Machine Learning Security: Adverserial Training and Verification	slides, additional reading: TBD
26/11	Large Language Model Security: Jailbreak and Defense	slides, additional reading: TBD
28/11	Large Language Model Security: Jailbreak and Defense (cntd.)	slides, additional reading: TBD
TBD	Final