COMP 4634: Cybersecurity (Spring 2026)

Lecture Details

Instructor: Dongdong She (dongdong@cse.ust.hk)
Office hours: Wednesday (10-11am) Room 3006, CYT building
TA: TBD
TA Office hours: TBD
Classroom: Room 2504, Academic Building, Lift 25-26
Class hours: Tuesday and Thursday (3:00-4:20pm)
Ed Discussion Board: Link

Course Description

This is an introductory course on cybersecurity. It will cover the full spectrum of the security domain: basic cybersecurity principles, system security, hardware security, web security and network security. Uniquely, this course will tackle the immediate challenges of the AI era, examining adversarial machine learning (ML security), LLM jailbreaking (LLM security), and the security of agentic AI workflows (Agent security). We will introduce fundamental cybersecurity principles and provide concrete examples of security issues that arise when these principles are violated. We then discuss techniques to detect, mitigate and prevent potential security issues.

Course Goal

Foundational Cybersecurity Principles: students can apply core security axioms like the CIA triad (Confidentiality, Integrity, Availability), Principle of Least Privilege, and Defense in Depth to evaluate the security risk of complex software, hardware and AI systems.
System, Network and Web Security: students can identify and demonstrate common vulnerabilities across the computing stack, including memory safety errors (e.g., buffer overflows), web exploits (e.g., XSS, SQL injection), and network protocol weaknesses.
AI Security (ML, LLM, Agents): students can understand the probabilistic failure modes inherent in AI systems (e.g., adversarial examples, data poisoning and jailbreak) and access specific dangers of emerging LLM agents with tool-use capabilities.

Prerequisite

The course requires a basic understanding of operating systems, networking protocols, and programming languages. Programming projects will be done primarily in C and JavaScript, but other languages may be needed. COMP 2012/2012H.

Grading

In-class participation - 5% (in-class question, answering and online discussion at Ed Disussion)
In-class quizzes - 5%
AI Security Project - 10% (Students can select a AI security project they like, then do a in-class presentation, technical demo and Q&A session)
Assignment - 30% (10%*3, three assignments to cover system security, web security and network security)
Midterm exam - 20%
Final exam - 30%

Schedule

Date	Topics	Lecture slides & Reading
03/02	Introduction & Quiz: lock picking competition	slides, additional reading: Learn Lock Picking, YouTube Video Reflections on Trusting Trust, Ken Thompson What is really going On inside your node_modules folder? Part 1: System Security
05/02	Control hijacking attacks: exploits	slides, additional reading: Hacking blind, A. Bittau et al. Basic Integer Overflows, blexim Use after free exploit example, K. Winterborn Bypassing Browser Memory Protections, A. Sotirov, M. Dowd
10/02	Control hijacking attacks: exploits (cntd.)
12/02	Control hijacking attacks: defenses	slides, additional reading: Return oriented programming, H. Shacham et al. Control flow integrity, M. Abadi et al. ARM Memory Tagging Extension and How It Improves C/C++ Memory Safety, K. Serebryany
24/02	Principle of least privilege, access control, and operating systems security	slides, additional reading: SetUID Demystified, Chen, Dean, and Wagner, 2002. Operating Systems Security, T. Jaeger, 2008. Chapter 4, Security in Ordinary Operating Systems.
26/02	Principle of least privilege, access control, and operating systems security(cntd.)
03/03	Isolation and sandboxing	slides, additional reading: Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, T. Garfinkel Efficient Software-Based Fault Isolation, Robert Wahbe, et al.
05/03	Testing for Vulnerabilities	slides, additional reading: Rules to hack by, Mark Dowd An example: Exploiting Broadcom’s Wi-Fi Stack, by Gal Beniamini, Google project zero. Real world fuzzing, by Charlie Miller
10/03	Processor and microarchitecture security: Intel TDX and the Spectre attack	slides, additional reading: Intel TDX Demystified Spectre Attacks: Exploiting Speculative Execution Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX
12/03	Web Security Model	slides, additional reading: Securing Browser Frame Communication, Adam Barth, Collin Jackson, and John C. Mitchell Analyzing and Defending Against Web-based Malware, J. Chang et al. Exposing private information by timing web applications, A. Bortz, D. Boneh, and P. Nandy Web workers Content Security Policies Sandboxed iFrames cors
17/03	Web Attacks	slides, additional reading: Cross site scripting explained, Amit Klein SQL Injection attacks, Chris Anley Robust Defenses for Cross-Site Request Forgery, Adam Barth, Collin Jackson, and John C. Mitchell
19/03	Web Defenses	slides, additional reading: Secure Session Management With Cookies for Web Applications, Chris Palmer Origin Cookies: Session Integrity for Web Applications, by Bortz et al.
24/03	Midterm
26/03	Brief overview of cryptography	slides, additional reading: The BREACH attack: encryption and compression don't mix, by Gluck, Harris, and Prado
31/03	HTTPS: goals and pitfalls	slides, additional reading: ForceHTTPS: protecting high-security web sites from network attacks, by A. Barth and C. Jackson The case for short-lived certificates, by Topalovic et al.
02/04	Internet Protocols	slides, additional reading: A look back at Security Problems in the TCP/IP Protocol Suite, S. Bellovin, ACSAC 2004. BGP Security in Partial Deployment, Lychev, Goldberg, Schapira, 2013. DNS cache poisoning, Steve Friedl
09/04	Internet Security	slides, additional reading: A Security Evaluation of DNSSEC with NSEC3, J. Bau and J.C. Mitchell Distributed Firewalls, S. Bellovin Bro: A System for Detecting Network Intruders in Real-Time, V. Paxon
14/04	DoS Attacks and Network Defenses	slides, additional reading: DDoS amplification attack statistics, 2017 The real cause of large DDoS - IP Spoofing, Marek Majkowski, 2018. Practical network support for IP Traceback, S. Savage, et al. A DoS-Limiting Network Architecture, Yang, Wetherall, and Anderson
16/04	Privacy, Anonymity, and Censorship	slides, additional reading: Tor: the second-generation onion router
21/04	Machine Learning Security: Adversarial Example and Defense	slides, additional reading: Explaining and Harnessing Adversarial Examples, Ian Goodfellow, et al, ICLR 2015 Towards Deep Learning Models Resistant to Adversarial Attacks, Aleksander Madry, et al, ICLR 2018
23/04	Large Language Model Security: Jailbreak and Prompt Injection	slides, additional reading: Universal and Transferable Adversarial Attacks on Aligned Language Models, Andy Zou, et al, Usenix Security 2024 Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection, Kai Greshake, et al, AI Sec 2023 Jailbreaking ChatGPT via Prompt Engineering: An Empirical Study, Yi Liu, et al, NDSS 2024
28/04	Large Language Model Security: Defense	slides, additional reading: SmoothLLM: Defending Large Language Models Against Jailbreaking Attacks, A. Robey, et al, ICLR 2024 Llama Guard: LLM-based Input-Output Safeguard for Human-AI Conversations , Hakan Inan et al, Meta AI Safety Alignment Should be Made More Than Just a Few Tokens Deep, Xiangyu Qi, et al, ICLR 2025 Outstanding Paper
30/04	LLM Agent Security: Risk in tool invocation	slides, additional reading: InjecAgent: Benchmarking Indirect Prompt Injections in Tool-Integrated Large Language Model Agents, Qiusi Zhan, et al, ACL finding 2024 On the Security of Tool-Invocation Prompts for LLM-Based Agentic Systems: An Empirical Risk Assessment, Yuchong Xie, et al, Arxiv preprint 2025
05/05	AI Security Project Presentation & Demo
07/05	AI Security Project Presentation & Demo (cntd.)