CSE 523S: Systems Security

Spring 2017

Instructor Patrick Crowley, Jolley Hall 215, pcrowley AT wustl.edu
Course web site http://www.arl.wustl.edu/~pcrowley/cse/523/
Course discussion site
https://piazza.com/wustl/spring2017/cse523s/home
Course Meeting Times Monday & Wednesday 1:00PM-2:30PM in Green Hall, Room L0159
Office Hours By appointment
Prerequisites CSE 361S (or permission of instructor)
Teaching Assistants
 Peter Olson, p.olson wustl.edu
 Aaron Handleman, ahandleman wustl.edu
Office Hours: Jolley 431, Tu 1-2pm & Fri 3-4pm  

Caveat: This syllabus is tentative, and subject to adjustments and changes throughout the semester.

See the course calendar for lecture notes, handout materials, and schedule of classes.

Systems Security

CSE 523S Systems Security will focus on the intersection between computer design and cyber security. Decades of improvement in the price/performance and efficiency of computer systems have ushered in an era of pervasive computing, in which nearly all aspects of modern life are enabled by and dependent upon computer-mediated infrastructure. While performance and efficiency have improved markedly, most measures indicate that computer security has worsened overall in this time frame.

To understand why, we will explore the nature of cyber security, and the role that design choices play in the overall security characteristics of modern computer and network systems. This course will be a blend of study and practice. To motivate our study of concepts, and to make the subject concrete, students will use and write software to illustrate mastery of the material. Projects will include identifying security vulnerabilities, exploiting vulnerabilities, and detecting and defending against exploits. Students will be encouraged to define projects that align well with their research interests and activities.

Course Catalog Description

This course examines the intersection between computer design and information security. While performance and efficiency in digital systems have improved markedly in recent decades, computer security has worsened overall in this time frame. To understand why, we will explore the role that design choices play in the security characteristics of modern computer and network systems. Students will use and write software to illustrate mastery of the material. Projects will include identifying security vulnerabilities, exploiting vulnerabilities, and detecting and defending against exploits. Prereqs: CSE 361S or permission of instructor. 3 units.

Course Topics & Organization

Computer design choices dictate security. The goal of the course is to establish:
Course topics are organized into three consecutive modules, as follows.

Module 1: Principles & Literacy
Week  Topics 
1 Security implications of computer design 
2 System security fundamentals 
3 Vulnerabilities & exploits 
4 Popular tools 

Module 2: Vulnerabilities & Exploits
Week  Topics 
1 Applications & services 
2 Networks & the Internet 
3 Web servers & browsers 
4 The market for exploits 

Module 3: Exploit Detection & Defense
Week  Topics 
1 Signed software & sandboxes 
2 Host and net AV 
3 Design for failure 
4 Malware analysis 

Texts & Reading Material

Primary Textbook:

Other texts, videos and software will be drawn from web sources. 

Assignments

There will be 3 types of assignments:

  1. Readings. We will read excerpts from textbooks along with research papers. The course newsgroup will be used to discuss the material. 
  2. Problem sets and projects.
  3. Presentations. Students will organize and lead one 30-minute presentation.

Exam

There will be no exams.

Grading

Participation 10%
Assignments 90%

Disability Resources

Students with disabilities or suspected disabilities are strongly encouraged to both bring any additional considerations to the attention of the instructor and make full use of the University's Disability Resource Center (http://disability.wustl.edu).

Academic Integrity

(From Undergraduate Programs catalog, p. 16) You are expected to maintain the highest standards of academic integrity and refrain from the forms of misconduct spelled out in the University Academic Integrity Policy, which is published in full in Bearings and elsewhere. Violations will lead to disciplinary action and may result in suspension or expulsion from the University.
Students and faculty have an obligation to uphold the highest standards of scholarship. Plagiarism or other forms of cheating are not tolerated. When a student has violated the standards of the academic community, an instructor may recommend that the student be brought before a disciplinary committee. These are the most frequent areas of violation:
Findings of academic misconduct may result in a written reprimand, failure of an assignment or course, disciplinary probation, withdrawal of merit-based scholarship support, or other sanctions. Severe or repeat offenses may be referred to the University Judicial Board for consideration of suspension or expulsion.