(###)

CPSC 538M: Systems Security

[**Overview**](#overview) **//** [**Registration and Prerequisites**](#registration-and-prerequisites) **//** [**Evaluation**](#course-structure-and-grading) **//** [**Class schedule**](#reading-list)

Overview

This is a graduate course covering topics on security and privacy techniques for software systems in the web, cloud, mobile, and edge.

Learning objectives:

get familiar with cutting edge research topics in systems security
understand the key components of executing a systems security research project (both attack and defense mechanisms) from reading papers
be able to apply the security research to your area of practice
evaluate your interest in the field for future research

Instructor: Aastha Mehta ( [firstname]k[lastinitial] [AT] cs.ubc.ca )

Office hours: Mon, 11:00 - 12:00h PT, or by appointment

Class hours: Tue/Thu 11:00 – 12:30 hours PT, ORCH 3058

Teaching Assistant: Zainab Saeed Wattoo

Web tools: Piazza, HotCRP

Registration and Prerequisites

Registration: Note, the last date to add/drop out of the course is 19 Sep 2022.

Prerequisites: Undergraduate knowledge of operating systems, architecture, networking, databases is essential. Any background in security is welcome but not required. The course is intended for Masters and Ph.D. students in Computer Science, but enterprising Bachelors students who fulfill the above pre-requisites are welcome to participate.

Evaluation

The primary goal of this course is to prepare you to do research. Therefore, the evaluation for this course consists of only two components (tentative, subject to change until the beginning of the course):

Class participation: 35%
Project: 65%

Class participation (35%):

Students are expected to read the assigned reading material before each class and come prepared with questions and a critical analysis of the papers. You are also encouraged to read the additional reading material. In the class, we will discuss the reading material and applications of the ideas beyond the papers. You are will be graded based on the quality of participation.
In addition, each student is expected to give feedback on at least one other group’s project proposal. Your feedback will count towards your class participation points.

Project (65%): The course project must be done in teams of 2-4. The goal of the project is to conduct original research in computer security. You are encouraged to come up with your own ideas, but you can talk to the instructor for some ideas that are well-scoped for a course project.

The project deliverables will include a research proposal, a proposal presentation, a final presentation, and a final report. For more details, please check the project page.

Class schedule

Here is a tentative schedule of papers to be covered in the class.

Date	Topic	Preparation material	Additional resources
Sep 06	Imagine Day
Sep 08	Overview		[How to read a paper](https://cseweb.ucsd.edu/~dstefan/cse227-spring19/papers/keshav:how.pdf)
Sep 13	Compliance in systems	[Guardat](https://aasthakm.github.io/files/eurosys15-guardat.pdf)
Sep 15	Compliance in applications	[Qapla](https://aasthakm.github.io/files/sec17-qapla.pdf)	[Scooter & Sidecar](https://dl.acm.org/doi/pdf/10.1145/3453483.3454072)
Sep 20	Compliance in distributed systems	[Zanzibar](https://www.usenix.org/system/files/atc19-pang.pdf)	[IVD](https://research.facebook.com/file/2955782641347996/63-ivd-camera-ready-sp17.pdf)
Sep 22	Non-interference principle	[Decentralized Label Model](https://www.cs.cornell.edu/andru/papers/iflow-tosem.pdf)	[DC Labels](http://www.cse.chalmers.se/~russo/publications_files/nordsec2011.pdf)
Sep 27	IFC in language runtimes	[RESIN](https://pdos.csail.mit.edu/papers/resin:sosp09/resin:sosp09.pdf)	[Hails](https://www.usenix.org/system/files/conference/osdi12/osdi12-final-35.pdf)
Sep 29	IFC in big data systems	[Grok/Legalese](https://www.andrew.cmu.edu/user/danupam/sen-guha-datta-oakland14.pdf)
Oct 04	Software vulnerabilities	[Eternal War in Memory](https://nebelwelt.net/files/13Oakland.pdf)
Oct 06	Control flow safety	[In-kernel CFI in ARM](https://www.usenix.org/system/files/sec22fall_yoo.pdf)	[CFI principles](https://users.soe.ucsc.edu/~abadi/Papers/cfi-tissec-revised.pdf) [CFI Bending](https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-carlini.pdf)
Oct 11	Software fault isolation	[XFI](https://www.usenix.org/legacy/event/osdi06/tech/full_papers/erlingsson/erlingsson.pdf)	[SFI principles](https://cseweb.ucsd.edu/~dstefan/cse227-spring21/papers/tan:sfi.pdf)
Oct 13	Privilege separation	[Preventing Privilege Escalation](https://www.usenix.org/legacy/events/sec03/tech/full_papers/provos_et_al/provos_et_al.pdf)
Oct 18	Virtualization and Isolation *Project proposal reports due*	[KVM/ARM](http://www.cs.columbia.edu/~nieh/pubs/asplos2014_kvmarm.pdf) [Firecracker](https://www.usenix.org/system/files/nsdi20-paper-agache.pdf)
Oct 20	Hardware isolation primitives	[Video](https://www.youtube.com/watch?v=MREwcSo0uz4)
Oct 25	Project proposal presentations
Oct 27	SGX-based TEEs	[SCONE](https://www.usenix.org/system/files/conference/osdi16/osdi16-arnautov.pdf)	[Rkt-io](https://lsds.doc.ic.ac.uk/sites/default/files/rkt-io-eurosys21.pdf)
Nov 01	ARM TEEs	[ReZone](https://www.usenix.org/system/files/sec22fall_cerdeira.pdf)	[Sanctuary](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_01A-1_Brasser_paper.pdf)
Nov 03	RISC-V TEEs	[PENGLAI](https://www.usenix.org/system/files/osdi21-feng.pdf)
Nov 08	TEEs for GPUs	[Graviton](https://www.usenix.org/system/files/osdi18-volos.pdf)	[HIX](http://calab.kaist.ac.kr:8080/~jhuh/papers/jang_asplos19.pdf)
Nov 10	mid-term break
Nov 15	Network side-channel attacks	[Side channels in web](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/WebAppSideChannel-final.pdf) [Beauty and the Burst](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-schuster.pdf)	[Survey](https://dl.acm.org/doi/pdf/10.1145/3457904)
Nov 17	Network side-channel mitigations	[Tamaraw](https://www.freehaven.net/anonbib/cache/ccs2014-fingerprinting.pdf) [DynaFlow](https://people.csail.mit.edu/devadas/pubs/wpes18.pdf)	[IFS scheduling](https://www.cis.upenn.edu/~sga001/papers/ifs-ccs21.pdf)
Nov 22	Microarchitectural side channels	[Fantastic Timers](https://gruss.cc/files/fantastictimers.pdf) [Flush+Reload](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-yarom.pdf)	[Survey](https://eprint.iacr.org/2016/613.pdf) [NetCAT](https://download.vusec.net/papers/netcat_sp20.pdf)
Nov 24	Transient execution attacks	[Spectre](https://spectreattack.com/spectre.pdf) [Speculative type confusion](https://www.usenix.org/system/files/sec21-kirzner.pdf)	[Survey](https://dl.acm.org/doi/pdf/10.1145/3442479)
Nov 29	Transient execution attack mitigations	[Swivel](https://www.usenix.org/system/files/sec21fall-narayan.pdf)	[ConTExT](http://www.attacking.systems/web/files/context.pdf)
Dec 01	Constant-time implementation	[Reading](https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/mitigate-timing-side-channel-crypto-implementation.html)	[Predictive Mitigation](https://www.cs.cornell.edu/andru/papers/ccs10.pdf)
Dec 06	Final project presentation	[How to give a great research talk](https://www.microsoft.com/en-us/research/academic-program/give-great-research-talk/)
Dec 20	Final project reports due	[How to write a great research paper](https://www.microsoft.com/en-us/research/academic-program/write-great-research-paper/)

(###) Additional reading

(###) Acknowledgements

UBC’s main Vancouver campus—including our classroom and other course spaces—is located on the traditional, ancestral and unceded territory of the Musqueam people. These lands have always been a place of learning for Musqueam youth, who were instructed in their culture, history, and tradition, and who in turn shared their knowledge with a new generation.