CSE467: Computer Security

Course Information

This course introduces the principles and practices of securing modern computer systems. Starting with seminal works and state-of-the-art security mechanisms, students will learn how to identify security issues and develop solutions for them. Throughout the class, we will explore various security domains, including software security, network security, cryptography, web security, and AI security.

Late Submission Policy

Late submission will be assessed a penalty of 10% per day (We will only accept late submissions of up to 3 days).

Activities: be a white hacker!

Not mandatory, not homework, but participation is highly recommended to upgrade your score.

Activity 1: SaveUNIST

Find and report unknown security problems on campus website (IST homepage)
  • Instruction:
    • Target: UNIST IST hompage
    • Only those who sign the pledge can participate.
    • DO NOT try anything illegal! If you cannot decide by yourself, discuss it with us first
    • Submit your found via email.
      • TO: seongil.wi@unist.ac.kr
      • CC: dy3199@unist.ac.kr
      • Title: [SaveUNIST,ID,Name] Title of the vulnerability
      • Content:
        • Bug description
        • Attack step with exploit
        • Provide a screenshot
        • Describe the security impacts that may occur as a result of the attack
  • Evaluation
    • Each student can submit 2 scenarios until Dec 8
    • Evaluation will be mainly done by TA and professor
    • The evaluation criteria are as follows:
      • Severity
      • Relevance (to this course)

Activity 2: HackGPT

Report NEW security threats potentially caused by ChatGPT
  • Instruction:
    • Read this article and see the existing findings about ill-behaviors of AI models.
    • Come up with a new malicious use of AI
    • Make sure your scenario has not been reported here
    • Submit your scenario via email.
      • TO: seongil.wi@unist.ac.kr
      • CC: dy3199@unist.ac.kr
      • Title: [HackGPT,ID,Name] Title of the vulnerability
      • Content:
        • Input
        • Output
        • Provide a screenshot of the dialog
        • Describe a concrete and detailed scenario (up to 10 sentences)
  • Evaluation
    • Each student can submit 3 scenarios until Dec 7
    • Evaluation will be mainly done by TA and professor
    • The evaluation criteria are as follows:
      • Severity
      • Creativity
      • Relevance (to this course)

Schedule

Date Topic Reading Notes
08/29/2023 Introduction
09/02/2023 Concepts in Security
09/05/2023 Cryptography #1: Classical Cryptography [Introduction to Modern Cryptography Ch1] Activity 2 out
09/07/2023 Cryptography #2: Symmetric-key Encryption (1) [Introduction to Modern Cryptography Ch2, Ch3]
[AES Visualization]
09/12/2023 Cryptography #3-1: Symmetric-key Encryption (2)
Cryptography #3-2: Asymmetric-key Encryption		 [Introduction to Modern Cryptography Ch11, Ch12, Ch13]
[Diffie-Hellman Visualization] 		HW1 out
09/14/2023 Cryptography #4: Public-Key Infrastructure and Integrity [Introduction to Modern Cryptography Ch4, Ch12]
[Birthday Paradox]
09/19/2023 Software Security #1-1: Introduction
Software Security #1-2: Assembly (x86) Overview		 [Machine-Level Representation of Programs]
09/21/2023 Software Security #2: Hijack [GDB manual]
[Smashing the Stack for Fun and Profit] 		HW1 due (11:59PM)
09/26/2023 Software Security #3: Format String & Integer Overflow [Exploiting Format String Vulnerabilities]
[Basic Integer Overflows] 		HW2 out
Quiz1 (Class time)
HW1 due (11:59PM)
09/28/2023 Chuseok
10/03/2023 National Foundation Day
10/05/2023 Software Security #4: Canary & DEP & ROP [Shacham/CCS2007]
[Petsios/ACSAC2015]
10/10/2023 Software Security #5: ASLR & Memory Disclosure & Type Confusion [Shacham/CCS2004]
[Backes/CCS2014]
[Lee/USENIXSEC2015]
10/12/2023 Software Security #6: Use After Free & Secure Coding [SEI CERT C Coding Standard]
10/17/2023 Midterm weak (No exam, no class)
10/19/2023 Midterm weak (No exam, no class)
10/24/2023 Web Security #1: Introduction & Web Programming HW2 Q&A session
HW2 due (11:59PM)
10/26/2023 Web Security #2: Server-side Web Attacks & Defenses [Computer Security and the Internet (CSI) Ch9] HW2 due (11:59PM)
10/31/2023 Web Security #3: Client-side Web Attacks & Defenses (1) [Computer Security and the Internet (CSI) Ch9]
11/02/2023 Web Security #4: Client-side Web Attacks & Defenses (2) [Computer Security and the Internet (CSI) Ch9]
11/07/2023 Network Security #1: Introduction HW3 out
11/09/2023 Network Security #2: Spoofing & Firewalls & IDS
11/14/2023 Protocol Security: SSL/TLS & HTTPS [RFC5246: TLS 1.2]
11/16/2023 Access Control
11/21/2023 Authentication Activity 1 out (Nov. 20~)
11/23/2023 Program Analysis #1: Introduction HW3 due (Nov. 24, 11:59 PM)
11/28/2023 Program Analysis #2: Static Analysis [Schwartz/Oakland2010] Quiz 2 (Class Time)
11/30/2023 Program Analysis #3: Dynamic Analysis [Manes/TSE2021]
12/05/2023 AI Security & Wrap-Up
12/07/2023 Q&A Session Activity 1 due (11:59 PM, Dec. 8)
Activity 2 due (11:59 PM)
12/12/2023 No class (Final weak)
12/14/2023 Final Exam Class Time (17:30 ~ 18:45)

© WebSec Lab all rights reserved.