(###)

CPSC 538M: Topics in Systems Security

[**Overview**](#overview)  **//**  [**Registration and Prerequisites**](#registration-and-prerequisites)  **//**  [**Evaluation**](#course-structure-and-grading)  **//**  [**Class schedule**](#reading-list)

Overview

This is a graduate course covering topics on security and privacy techniques for software systems in the web, cloud, mobile, and edge.

Learning objectives:

Instructor: Aastha Mehta ( [firstname]k[lastinitial] [AT] cs.ubc.ca )

Office hours: Fri, 11:00 - 12:00h PT, or by appointment

Class hours: Tue/Thu 11:00 – 12:30 hours PT, ORCH 3058

Teaching Assistant: Zainab Saeed Wattoo

Web tools: TBA

Registration and Prerequisites

Registration: Note, the last date to add/drop out of the course is 26 Sep 2022.

Prerequisites: Undergraduate knowledge of operating systems, architecture, networking, databases is essential. Any background in security is welcome but not required. The course is intended for Masters and Ph.D. students in Computer Science, but enterprising Bachelors students who fulfill the above pre-requisites are welcome to participate.

Evaluation

The primary goal of this course is to prepare you to do research. Therefore, the evaluation for this course consists of only two components (tentative, subject to change until the beginning of the course):

Class participation (35%):

Project (65%): The course project must be done in teams of 2-4. The goal of the project is to conduct original research in computer security. You are encouraged to come up with your own ideas, but you can talk to the instructor for some ideas that are well-scoped for a course project.

The project deliverables will include a research proposal, a proposal presentation, a final presentation, and a final report. For more details, please check the project page.

Class schedule

Here is a tentative schedule of papers to be covered in the class.

Date Topic Preparation material Additional resources
Sep 06 Overview [How to read a paper](https://cseweb.ucsd.edu/~dstefan/cse227-spring19/papers/keshav:how.pdf)
Sep 08 Compliance in systems [Guardat](https://aasthakm.github.io/files/eurosys15-guardat.pdf)
Sep 13 Compliance in applications [Qapla](https://aasthakm.github.io/files/sec17-qapla.pdf) [Scooter & Sidecar](https://dl.acm.org/doi/pdf/10.1145/3453483.3454072)
Sep 15 Compliance in distributed systems [Zanzibar](https://www.usenix.org/system/files/atc19-pang.pdf) [IVD](https://research.facebook.com/file/2955782641347996/63-ivd-camera-ready-sp17.pdf)
Sep 20 Non-interference principle [Decentralized Label Model](https://www.cs.cornell.edu/andru/papers/iflow-tosem.pdf) [DC Labels](http://www.cse.chalmers.se/~russo/publications_files/nordsec2011.pdf)
Sep 22 IFC in language runtimes [RESIN](https://pdos.csail.mit.edu/papers/resin:sosp09/resin:sosp09.pdf) [Hails](https://www.usenix.org/system/files/conference/osdi12/osdi12-final-35.pdf)
Sep 27 IFC in big data systems [Grok/Legalese](https://www.andrew.cmu.edu/user/danupam/sen-guha-datta-oakland14.pdf)
Sep 29 Software vulnerabilities [Eternal War in Memory](https://nebelwelt.net/files/13Oakland.pdf)
Oct 04 Control flow safety [In-kernel CFI in ARM](https://www.usenix.org/system/files/sec22fall_yoo.pdf)
  • [CFI principles](https://users.soe.ucsc.edu/~abadi/Papers/cfi-tissec-revised.pdf)
  • [CFI Bending](https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-carlini.pdf)
  • Oct 06 Software fault isolation [XFI](https://www.usenix.org/legacy/event/osdi06/tech/full_papers/erlingsson/erlingsson.pdf) [SFI principles](https://cseweb.ucsd.edu/~dstefan/cse227-spring21/papers/tan:sfi.pdf)
    Oct 11 Capabilities [Capsicum](https://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf)
  • [CHERI](https://www.cl.cam.ac.uk/~dc552/papers/201505-oakland2015-cheri-compartmentalization.pdf)
  • [Fat pointers](https://security.csl.toronto.edu/wp-content/uploads/2021/03/xu-ifp-asplos2021.pdf)
  • Oct 13 Privilege separation [Preventing Privilege Escalation](https://www.usenix.org/legacy/events/sec03/tech/full_papers/provos_et_al/provos_et_al.pdf)
    Oct 18 Project proposal presentations
    Oct 20 Virtualization and Isolation TBA [Survey](https://dl.acm.org/doi/pdf/10.1145/2988545)
    Oct 25 Hardware isolation primitives [Video](https://www.youtube.com/watch?)
    Oct 27 SGX-based TEEs [SCONE](https://www.usenix.org/system/files/conference/osdi16/osdi16-arnautov.pdf) [Rkt-io](https://lsds.doc.ic.ac.uk/sites/default/files/rkt-io-eurosys21.pdf)
    Nov 01 ARM TEEs [ReZone](https://www.usenix.org/system/files/sec22fall_cerdeira.pdf) [Sanctuary](https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_01A-1_Brasser_paper.pdf)
    Nov 03 RISC-V TEEs [PENGLAI](https://www.usenix.org/system/files/osdi21-feng.pdf)
    Nov 08 TEEs for GPUs [Graviton](https://www.usenix.org/system/files/osdi18-volos.pdf) [HIX](http://calab.kaist.ac.kr:8080/~jhuh/papers/jang_asplos19.pdf)
    Nov 10 *mid-term break*
    Nov 15 Microarchitectural side channels [Survey: µarch timing attacks](https://eprint.iacr.org/2016/613.pdf)
  • [Fantastic Timers](https://gruss.cc/files/fantastictimers.pdf)
  • [Flush+Reload](https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-yarom.pdf)
  • [NetCAT](https://download.vusec.net/papers/netcat_sp20.pdf)
  • Nov 17 Constant-time implementation [Reading](https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/mitigate-timing-side-channel-crypto-implementation.html) [Predictive Mitigation](https://www.cs.cornell.edu/andru/papers/ccs10.pdf)
    Nov 22 Transient execution attacks
  • [Spectre](https://spectreattack.com/spectre.pdf)
  • [Speculative type confusion](https://www.usenix.org/system/files/sec21-kirzner.pdf)
  • [Survey](https://dl.acm.org/doi/pdf/10.1145/3442479)
    Nov 24 Transient execution attack mitigations [Swivel](https://www.usenix.org/system/files/sec21fall-narayan.pdf) [ConTExT](http://www.attacking.systems/web/files/context.pdf)
    Nov 29 Network side-channel attacks
  • [Side channels in web](https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/WebAppSideChannel-final.pdf)
  • [Beauty and the Burst](https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-schuster.pdf)
  • [Survey](https://dl.acm.org/doi/pdf/10.1145/3457904)
    Dec 01 Network side-channel mitigations
  • [Tamaraw](https://www.freehaven.net/anonbib/cache/ccs2014-fingerprinting.pdf)
  • [DynaFlow](https://people.csail.mit.edu/devadas/pubs/wpes18.pdf)
  • [IFS scheduling](https://www.cis.upenn.edu/~sga001/papers/ifs-ccs21.pdf)
    Dec 06 Final project presentation [How to give a great research talk](https://www.microsoft.com/en-us/research/academic-program/give-great-research-talk/)
    Dec 22 Final project reports due [How to write a great research paper](https://www.microsoft.com/en-us/research/academic-program/write-great-research-paper/)

    (###) Additonal reading





    (###) Acknowledgements

    UBC’s main Vancouver campus—including our classroom and other course spaces—is located on the traditional, ancestral and unceded territory of the Musqueam people. These lands have always been a place of learning for Musqueam youth, who were instructed in their culture, history, and tradition, and who in turn shared their knowledge with a new generation.