Graduate Computer Security

UCSD CSE 227, Spring 2026

This graduate-level course focuses on computer security: the study of computer systems in the presence of an adversary. The course is a breadth course designed to give students exposure to many aspects of computer security, with topics including systems security, web security, edge security, and user privacy. The course will introduce students to modern research challenges in the area and the standards for how we design safer and more secure computer systems. Students will primarily read, synthesize, present, and discuss research papers. The course will culminate in a presentation of a quarter-long research project that students will conduct in small groups.

Course Information

Lecture: Tu/Th 9:30–10:50 AM. Warren Lecture Hall 2204.

Instructor: Deepak Kumar
Office Hours: Tuesday 11:00–12:00 PM, or by appointment, CSE 3248.

Teaching Assistant: Arshia Arya
Office Hours: Wednesdays, 1-2pm, CSE B240A

Prerequisites: Some systems and cybersecurity knowledge is helpful, but not required. This is a research focused course, so students who are excited to explore novel topics are encouraged to enroll.

Communication: We use Canvas for announcements; You can find the syllabus here.

Submissions: All course assignments will be submitted through Gradescope. Entry Code: ZJ57EJ.

Schedule

The tentative schedule and readings for the class are below:

3/31  Introduction and Administrivia [slides]

Course introduction, definitions, reflections on trusting trust.

4/1  Threat Models & the Science of Security [slides]

How do we do computer security research? What are our goals? How do we measure those goals?

4/7  Software Security [slides]

Smashing The Stack For Fun And Profit [link]

The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86)" [link]

4/9  Side Channels

Lest We Remember: Cold-Boot Attacks on Encryption Keys [link]

Keyboard Acoustic Emanations Revisited [link]

4/14  IoT Devices

Skill Squatting Attacks on Amazon Echo [link]

[Optional] Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems [link]

4/16  Web Fundamentals

Robust Defenses for Cross-Site Request Forgery [link]

Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials. [link]

4/21  Web Ecosystem

Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016 [link]

Formalizing Dependence of Web Infrastructure [link]

4/23  TLS I

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. [link]

The Security Impact of HTTPS Interception [link]

4/28  No class

Class is cancelled today. Meet with your project partners!

4/30  TLS II (On Zoom)

Tracking Certificate Misissuance in the Wild [link]

The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software [link]

5/5  DDoS & Botnets

Inferring Internet Denial-of-Service Activity [link]

Assessing the Aftermath: the Effects of a Global Takedown against DDoS-for-hire Services [link]

5/7  Network Censorship

Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China [link]

Digital Discrimination of Users in Sanctioned States: The Case of the Cuba Embargo [link]

5/12  DNS

An Illustrated Guide to the Kaminsky DNS Vulnerability [link]

Forward to Hell? On the Potentials of Misusing Transparent DNS Forwarders in Reflective Amplification Attacks [link]

[Optional] How DNS Works [link]

5/14  Spam and e-Crime

Click trajectories: End-to-end analysis of the spam value chain [link]

Re: CAPTCHAs – Understanding CAPTCHA-Solving Services in an Economic Context [link]

5/19  Usability and Human Factors

Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0 [link]

Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness [link]

5/21  No class

Class is cancelled today. Meet with your project partners!

5/26  AI Security and Privacy

Watch this talk by Nicholas Carlini about AI vulnerability finding: [link]

Large-scale online deanonymization with LLMs [link]

5/26  Security & Society

Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites [link]

SoK: Hate, harassment, and the changing landscape of online abuse. [link]

6/2  Research Project Presentations

Presentations on the quarter-long project.

6/4  Research Project Presentations

Presentations on the quarter-long project.

Course Structure

This is a discussion oriented research course. Students will be responsible for reading and discussing papers in class and working on a quarter-long project in groups of 3-4. Grading is based on the following components:

Attendance (5%)

Attendance is mandatory in class and constitutes 5% of your grade. You can miss up to 2 classes without penalty and without needing to justify your absence to me. If you have additional conflicts, please contact me directly.

Participation (20%)

Most class sessions will be structured as a discussion-forward lecture run by me. The primary mechanism for discussion is through cold calls, which are random calls to students to answer questions. These questions are a mix of testing comprehension of the reading material as well as getting students talking and discussing the topics in each paper. You get 3 "passes" over the quarter where you can skip the question if you have not read the paper. The expectation is that you will have read the papers in advance. If you have not read the paper in advance, you must disclose this when called on. Violations of this policy amount to an Academic Integrity violation.

Term Project (75%) [You can find the project specification here.]

Students will work on an independent research project over the term in groups of 3-4, which will culminate in a project presentation and small (~5 page) writeup. The grade is divided into several subparts:

  • Project Intention Form (10%) – This form will commit your group members and the general project direction you are going in. Due 4/10 by EOD. Fill out the form here: https://forms.gle/bgaAtD742X8YSxgw5
  • Midpoint Check-In Document and Meeting (15%) – This 2-page document describes your current status on the project and will serve as the basis for our meeting where we discuss more about the project in detail. Due 5/8 by EOD.
  • Final Presentation (25%) – This 15 minute presentation will be given in the final week of the quarter.
  • Final Writeup (25%) – This 5-page document describes the work completed over the quarter and the project. Due 6/9 by EOD.