Graduate Computer Security Fall 2023

This graduate course covers foundational research in computer and network security. The goal of this course is to provide students with a broad understanding of classical and modern security problems, the mental models and techniques commonly used in the field, and practical experience conducting security research. This class will consist of reading and discussing academic papers and conducting and presenting an original research project. See the schedule for details.

Note: For historical reasons, the official registrar course title is "Introduction to Computer Security"; however this will be a graduate research course that assumes students have already taken CMSC 23200 (Intro to Security), or have equivalent knowledge. CMSC 23200 will not be offered until Winter 2023. Much of the course's structure and reading list is adapted from similar classes at peer universities, including CS 261N at UC Berkeley, CS 356 at Stanford, CSE 227 at UCSD, and CS8803-EMS at Georgia Tech.


Instructor


Course Information

Prerequisites CMSC 23200 or equivalent
Lectures Classes will be held from 1:30p - 2:50p on Mondays and Wednesdays in Ryerson Physics Lab, Room 255.
Office Hours Wednesdays 3:00p - 4:00p in JCL 255
Textbook These is no textbook for the course. This class will be focused on research paper reading, all of which are freely accessible via campus's network or the UChicago library proxy. Please contact me if you have any issues accessing assigned readings.
Communication All online discussion and communication will happen via the Ed Discussion platform (also accessible via the course Canvas).
You can post here to find teammates for your projects, as well as post a private message to me with questions, issues, or concerns you have.
(Note: Ignore the Canvas titling for the course (CMSC 23200), that is an incorrect historical artifact.)
Submission of work All assignments will be collected via Gradescope.
Class homeworks (written responses for the required readings), are due by 11:00am prior to the corresponding course; i.e., homeworks for Monday's required readings are due by 11:00am on Monday and homeworks for Wednesday's required readings are due by 11:00am on Wednesday.

Grading

Your course grade is based on four components: (1) reading and discussion for the assigned course papers, (2) presenting and leading the discussion for one assigned paper, and (3) completing a group research project.

Readings Responses and Discussion (30%)
Each class will explore a sub-area of computer security through discussions of 1-2 research papers. Students are expected to thoroughly read each of the required papers beforehand. To faciliate this understanding, students will submit a written response for each paper prior to the start of class (11:00am on Gradescope); for multiple papers, include both responses in a single PDF. Each paper's written response should address the following general points:

Your written write-ups will compromise 20% of your total grade, and an additional 10% will come from class participation (not only attendance, but actively answering questions, providing your thoughts, and/or asking questions of your own).
No late written homeworks will be accepted, however, I will drop your two lowest scoring homework sets (two class's papers). In-class attendance and participation will be excused for illness, academic/research travel, and case-by-case circumstances.

Presenting and Leading a Paper Discussion (10%)
Each student will present and lead the discussion for one of the assigned papers during the quarter (sign-ups will happen during the third class of the quarter). For the first two weeks of paper presentations (Weeks 3 & 4), student-led papers will be presented in teams of 2 students.

For your presentation, email me your slides no later than 11:00am prior to the class you're presenting at (same deadline as the reading assignments).
You are not required to submit the written response for any of the required papers that day; you can simply submit a document stating that you were a discussion lead for that day along with the paper title.
Paper presentations should be structured similar to the presentations I use in class and should cover the following key aspects: (1) What is the problem (key research questions) of the paper? (2) What is the motivation for the paper? (3) Provide a brief overview of any important background or prior work (4) What are the methods and approach to solving the problem (for measurement papers, this will be an overview of the data collection and analysis methods; for papers that develop a system, method, or attack, this will be a discussion of the techniques) (5) What are the results and what was the evaluation or analysis? (6) What are the limitations of the work (evaluation pitfalls, future work, etc.)? Your presentation should include at least a few questions for discussion, either intermingled throughout the presentation or at the end.

Course Project (60%)
Students will complete an original research project in small groups (1–3 students) on a topic of their choice related to security and privacy research. Each group will submit a 6-10 page written report at the end of the quarter, as well as present their work during the final weeks of class. The grade for your project will consist of the following components:


P/F Grade Policies

As outlined in UChicago's policy, this course may be taken pass/fail (P/F). Students who wish to take the course pass/fail, instead of for a letter grade, must make a Campuswire post with that request by the end of Week 9. A grade of P will be given to students who would have earned a C- or better in the course if it were taken for a letter grade. Note that classes taken pass/fail are unlikely to count toward the computer science major or other graduate degrees, so please only make a P/F request if you understand (in consultation with your advisor) how doing so will impact your ability to count this course towards your degree.

Academic Integrity Policies

The University of Chicago has formal policies related to academic honesty and plagiarism, as described by the university broadly and the college specifically. We abide by these standards in this course. Depending on the severity of the offense, you risk being dismissed altogether from the course. All cases will be referred to the Dean of Students office, which may impose further penalties, including suspension and expulsion. If you have any question about whether some activity would constitute cheating, please ask. In addition, we expect all students to treat everyone else in the course with respect, following the norms of proper behavior by members of the University of Chicago community.

ChatGPT and Language Models: You may not use ChatGPT or any similar AI tool to generate the contents of any assignment you submit, such as the summaries of the required paper readings or your project report materials. You may use such tools to improve the quality of your own original writing. Any use of such tools must be clearly disclosed in the assignment submission, and must include all input prompts given to the tools. You are responsible for all content generated by any such tools as if you had written it yourself.

Wellness

If a personal emergency comes up that might impact your work in the class, please let the instructor know in a Ed Discussion (Canvas) post visible only to the instructors so that the course staff can make appropriate arrangements. University environments can sometimes be very overwhelming, and all of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful. If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. The University of Chicago's counseling services are here to support you. Consider also reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.

If you or someone you know is feeling suicidal or in danger of self-harm, call someone immediately, day or night:
• Student Counseling Urgent Care: (773)702-9800 or in person.
• National Suicide Prevention Lifeline: 1-800-273-8255.