Graduate Computer Security

UCSD CSE 227, Winter 2025

This graduate-level course focuses on computer security: the study of computer systems in the presence of an adversary. The course is a breadth course designed to give students exposure to many aspects of computer security, with topics including systems security, web security, edge security, and user privacy. The course will introduce students to modern research challenges in the area and the standards for how we design safer and more secure computer systems. Students will primarily read, synthesize, present, and discuss research papers. The course will culminate in a presentation of a quarter-long research project that students will conduct in small groups.

Course Information

Lecture: Tu/Th 12:30–1:50 PM. Ridge Walk Academic Complex 0121.

Instructor: Deepak Kumar
Office Hours: Tuesday 2:00–3:00 PM, or by appointment, CSE 3248.

Teaching Assistant: Tianyi Shan
Office Hours: Friday 11am – 12pm via Zoom (available on Canvas).

Prerequisites: Some systems and cybersecurity knowledge is helpful, but not required. This is a research focused course, so students who are excited to explore novel topics are encouraged to enroll.

Communication: We use Canvas for announcements; discussion happens on Piazza. You can find the syllabus here.

Submissions: All course assignments will be submitted through Gradescope. Entry Code: WWEYY2.

Schedule

The tentative schedule and readings for the class are below:

1/7  Introduction and Administrivia

Course introduction, definitions, reflections on trusting trust. [slides]

1/9  Threat Models & the Science of Security

How do we do computer security research? What are our goals? How do we measure those goals? [slides]

1/14  CLASS CANCELLED DUE TO INSTRUCTOR ILLNESS

1/16  Software Security [slides]

Smashing The Stack For Fun And Profit [link]

The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86)” [link]

1/21  Side Channels

Lest We Remember: Cold-Boot Attacks on Encryption Keys [link]

Keyboard Acoustic Emanations Revisited [link]

1/23  IoT Devices

Skill Squatting Attacks on Amazon Echo [link]

Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems [link]

1/28  Web Fundamentals

Robust Defenses for Cross-Site Request Forgery [link]

Parse Me, Baby, One More Time: Bypassing HTML Sanitizer via Parsing Differentials. [link]

1/30  Web Tracking

Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016 [link]

The Web Never Forgets: Persistent Tracking Mechanisms in the Wild [link]

2/4  TLS I

Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. [link]

The Security Impact of HTTPS Interception [link]

2/6  TLS II

The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software [link]

Tracking Certificate Misissuance in the Wild [link]

2/11  DDoS & Botnets

Inferring Internet Denial-of-Service Activity [link]

Understanding the Mirai Botnet [link]

2/13  DNS

How DNS Works [link]

An Illustrated Guide to the Kaminsky DNS Vulnerability [link]

2/18  Network Censorship

Censored Planet: An Internet-wide, Longitudinal Censorship Observatory [link]

Throttling Twitter: An Emerging Censorship Technique in Russia [link]

2/20  No class

Class is cancelled today. Meet with your project partners!

2/27  Spam and e-Crime

Click trajectories: End-to-end analysis of the spam value chain [link]

Re: CAPTCHAs – Understanding CAPTCHA-Solving Services in an Economic Context [link]

2/29  Usability and Human Factors

Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0 [link]

Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness [link]

3/4  Security & Society

Sok: Hate, harassment, and the changing landscape of online abuse. [link]

Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites [link]

3/6  Ethics

Ethical frameworks and computer security trolley problems: Foundations for conversations [link]

The moral character of cryptographic work [link]

3/11  Research Project Presentations

Presentations on the quarter-long project.

3/13  Research Project Presentations

Presentations on the quarter-long project.

Course Structure

This is a discussion oriented research course. Students will be responsible for reading and discussing papers in class and working on a quarter-long project in groups of 3-4. Grading is based on the following components:

Attendance (5%)

Attendance is mandatory in class and constitutes 5% of your grade. You can miss up to 2 classes without penalty and without needing to justify your absence to me. If you have additional conflicts, please contact me directly.

Participation (20%)

Most class sessions will be structured as a discussion-forward lecture run by me. The primary mechanism for discussion is through cold calls, which are random calls to students to answer questions. These questions are a mix of testing comprehension of the reading material as well as getting students talking and discussing the topics in each paper. You get 3 “passes” over the quarter where you can skip the question if you have not read the paper. The expectation is that you will have read the papers in advance. If you have not read the paper in advance, you must disclose this when called on. Violations of this policy amount to an Academic Integrity violation.

Term Project (75%) [You can find the project specification here.]

Students will work on an independent research project over the term in groups of 3-4, which will culminate in a project presentation and small (~5 page) writeup. The grade is divided into several subparts:

  • Project Intention Form (10%) – This form will commit your group members and the general project direction you are going in. Due 1/17 by EOD. Fill out the form here: https://forms.gle/3efhZJAmfG9Gv4xF8
  • Midpoint Check-In Document and Meeting (15%) – This 2-page document describes your current status on the project and will serve as the basis for our meeting where we discuss more about the project in detail. Due 2/14 by EOD.
  • Final Presentation (25%) – This 15 minute presentation will be given in the final week of the quarter.
  • Final Writeup (25%) – This 5-page document describes the work completed over the quarter and the project.