CSE551: Advanced Computer Security

Course Information

This course introduces the principles and practices of securing modern computer systems. Starting with seminal works and state-of-the-art security mechanisms, students will learn how to identify security issues and develop solutions for them. Throughout the class, we will explore various security domains, including software security, cryptography, and web security.

Late Submission Policy

Late submission will be assessed a penalty of 10% per day (We will only accept late submissions of up to 3 days).

Schedule

Date Topic Reading Notes
09/02/2025 Introduction
09/04/2025 Concepts in Security [Schuster/USENIXSEC2017]
09/09/2025 Cryptography #1: Symmetric-key Cryptography [Introduction to Modern Cryptography Ch2, Ch3]
[DES FIPS-46]
[AES Visualization]
09/11/2025 No Class
09/16/2025 Cryptography #2: Asymmetric-key Cryptography [RFC 7919]
[Introduction to Modern Cryptography Ch11, Ch12, Ch13]
[Diffie-Hellman Visualization] 		Project Proposal Due (11:59 PM)
09/18/2025 Cryptography #3: Public-Key Infrastructure, Integrity [Introduction to Modern Cryptography Ch4, Ch12]
[Birthday Paradox]
[Birthday Attack]
09/23/2025 Protocol Security: SSL/TLS [RFC8446] HW1 Out
09/25/2025 Software Security #1: Assembly (x86) & Control Flow Hijack [Machine-Level Representation of Programs]
[Smashing the Stack for Fun and Profit]
09/30/2025 No Class
10/02/2025 No Class
10/07/2025 Chuseok
10/09/2025 Hangul Day HW1 Due (11:59 PM)
10/14/2025 Software Security #2: Canary & DEP [Shacham/CCS2007]
[Petsios/ACSAC2015]
10/16/2025 Software Security #3: ROP & ASLR [Shacham/CCS2007]
[Petsios/ACSAC2015]
[Shacham/CCS2004]
[Backes/CCS2014]
10/21/2025 Midterm week (No exam, No class)
10/23/2025 Midterm week (No exam, No class) Project Checkpoint Due (11:59 PM)
10/28/2025 Software Security #4: Type Confusion & Control Flow Integrity [Abadi/CCS2005]
[Carlini/USENIXSEC2015]
[Conti/CCS2015]
[Lee/USENIXSEC2015] 		HW2 Out
10/30/2025 Web Security #1: Introduction & Web Programming
11/04/2025 Web Security #2: Client-side Security [Liu/ICCCN2005]
[Squarcina/USENIXSEC2023]
[Franken/USENIXSEC2018]
11/06/2025 Web Security #3: Server-side Web Security [Wi/WWW2022]
[Jovanovic/S&P2006]
11/11/2025 Web Security #4: Cross-Site Scripting [Steffens/NDSS2019]
[Son/NDSS2013]
[Lekies/CCS2013] 		HW2 Due (11:59 PM)
11/13/2025 Web Security #4: Cross-Site Scripting (cont.)
11/18/2025 Web Security #5: Content Security Policy [Weichselbaum/CCS2016]
[Roth/CCS2021]
[Wi/NDSS2023] 		HW3 Out
11/20/2025 No Class
11/25/2025 Web Security #5: Content Security Policy (cont.)
11/27/2025 Web Security #6: Cross-Site Request Forgery [Barth/CCS2008]
[Pellegrino/CCS2017]
12/02/2025 Web Security #7: Clickjacking & XS-Leaks [Rautenstrauch/S&P2023]
[Huang/USENIXSEC2012] 		HW3 Due (11:59 PM)
12/04/2025 No Class
12/09/2025 Project Final Presentation #1: Privacy, Netowrk Security
  • [Dahee Kim, Song Kim] Query-Centric Community Hiding via Edge Rewiring
  • [Jaeho Bae] ADTT: Identifying JavaScript Trackers via Interaction Simulation and Dynamic Taint Tracking
  • [Yunseo Jeong] zk-SNARKs Membership Verification
  • [Jiwon Park] ILLUnatic: Effective Bot Screening on Web using Optical Illusion
12/11/2025 Project Final Presentation #2: Software & Browser Security
  • [Minsu Jung, Yunseo Lee] VScoreFuzz: LLM-Based Fuzzing for Security Vulnerability Detection
  • [Euibin Bae] DecomFuzzer: Call Graph Decomposition for Fuzzing Driver
  • [JunYeong Noh] Security-Aware Prompt Engineering for LLM-based Automated Vulnerability Repair
  • [Mingi Jung] Interaction-Aware Fuzzing: Closing the Gap Between Human Use and Automated Browser Testing
12/16/2025 Project Final Presentation #3 System Security & Cryptography
12/18/2025 Final exam Final Report Due
(Dec. 19, 11:59 PM)

© WebSec Lab all rights reserved.