-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
executable file
·180 lines (157 loc) · 8.92 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
---
layout: basic
title: "EECS 588: Computer & Network Security"
---
<div id="main">
<style>
table,td { vertical-align: top; margin-left: 0; padding-left: 0; padding-bottom:2pt; }
h3 { margin-top: 15px; margin-bottom: 5px; }
span.note {
font-style: italic;
color:#cc0000;}
</style>
<table>
<tr>
<td><b>Professor:</b></td>
<td><a href="https://ensa.fi/"><b>Roya Ensafi</b></a></b></td>
</tr>
<tr>
<td></td>
<td>Student hours: Tu 5:30–6:30 PM ET or by appointment</td>
</tr>
<tr>
<td><b>Credits:</b></td>
<td>4. This course counts towards meeting software quals requirements.</td>
</tr>
<tr>
<td><b>Prerequisites:</b> </td>
<td>EECS 482 Operating Systems, EECS 489 Computer Networks, EECS 388 Introduction to Security, or grad standing.<br>
Success in this course requires a mature understanding of software systems.</td>
</tr>
<tr>
<td><b>Enrollment:</b> </td>
<td>All students registering for the class will be first put on the waitlist, an override will be issued around the time of the first class, holding back some capacity for potential new students.</td>
</tr>
<tr>
<td><b>Lectures:</b></td>
<td>TuTh 3:30–5:30 PM ET</td>
</tr>
<tr>
<td><b>GSI:</b></td>
<td><a href="https://ramakrishnansr.com/">Ram Sundara Raman</a> (Student hours: Mo 12:00–1:00 PM ET or by appointment)</td>
</tr>
<tr>
<td><b>Forum:</b></td>
<td>We will use <a href="https://umich.instructure.com/courses/393792">Canvas</a> for submitting and peer-reviewing Paper Responses and <a href="https://piazza.com/umich/Fall2020/eecs588">Piazza</a> for online discussion and announcements.<br>
<span class="note">Please use <a href="mailto:[email protected]">[email protected]</a> for all correspondence and reporting administrative issues.</span></td>
</tr>
<tr>
<td><b>Resources</b></td>
<td>
<a href="https://www.cse.umich.edu/security/">Security Research at Michigan</a><br>
<a href="https://wiki.eecs.umich.edu/secrit/index.php/Main_Page">Security Reading Group</a><br>
</td>
</tr>
</table>
<p>This intensive research seminar covers foundational work and
current topics in computer systems security. We will read research
papers and discuss attacks and defenses against operating systems,
client-side software, web applications, and IP networks. Students
will be prepared for research in computer security and for
security-related research in other subareas, and they will gain
hands-on experience designing and evaluating secure systems.</p>
<h2>Preliminary Topic List</h2>
<p>There will be many opportunities to tailor the course to your
backgrounds and interests. The tentative list of topics below should
give you an idea of what to expect. See <a href="readings.html">reading list</a> for additional details. Please
get in touch if you have questions or suggestions.
<br/>
<a href="static/key.jpg"><img style="display: block; background-color: white; padding: 8px 10px; margin: 0 0 10px 10px; border:1px solid #888; float:right" src="static/key_sm.jpg"></a>
<h3>Network Security</h3>
<small>The security mindset, thinking like an attacker, reasoning about risk, research ethics<br>
Network protocols security: TCP and DNS – attacks and defenses<br>
Denial of service attacks, botnets and defenses<br>
</small>
<h3>Privacy and Human Factors</h3>
<small>Anonymity, secure messaging, censorship resistance, circumvention<br>
Authentication, usability in security and privacy<br>
Privacy attacks and privacy enhancing technologies<br>
</small>
<h3>Systems Security</h3>
<small>Key exchange, public-key cryptography, real-world cryptography attacks<br/>
The TLS protocol, certificate ecosystem<br>
Malware: viruses, spyware, rootkits – operation and detection<br>
Hardware attacks, side-channels and OS-level defenses<br/>
Critical systems, physical attacks</small>
<h3>Special Topics</h3>
<small>
Machine learning<br/>
Election security and surveillance<br/>
Mobile security</small>
<h2>Grading</h2>
There will be no exams. Instead, your grade will be based on the
following:
<p><b>Class Participation (10%)</b> — You will read one or two research papers for each class. After paper presentation by a group, we will discuss the strengths, weaknesses, scope, and future research areas related to the paper. Please try to attend the class discussions and be prepared to make
substantive intellectual contributions. Participation on Canvas and Piazza discussions will also be considered towards this grade.</p>
<p><b><a href="readings.html">Paper Responses</a>
(15%)</b> — You are required to write a short critical response
for each paper we read (excluding <i>recommended</i> papers). Responses are due at
the beginning of class. You will also review and rate your peers' reviews after the class. Look for evidence that the reviewever thought carefully about the topic. </p>
<p><b>Paper Presentation
(25%)</b> — Working with a partner, choose one of the topics from the reading list, read both the required and recommended papers, and prepare a 50 minute presentation. 30 minutes of your presentation should discuss details of the required paper and and the other 20 minutes should present an overview of the recommended papers and general research in the area. You will receive a Google Form after the first class that will let you choose a topic of preferance.</p>
<p><b><a href="project.html">Research Project</a>
(50%)</b> — You will conduct an extended research project during
the semester, with the goal of writing a publishable workshop paper.
This work should be done in a group of size appropriate to the scope
of your investigation. Typical project topics involve analyzing the
security of a system or developing a new security mechanism.</p>
<h2>Ethics, Law, and University Policies</h2>
<p>
To defend a system, you need to be able to think like an attacker,
and that includes understanding techniques that can be used to
compromise security. However, using those techniques in the real
world may violate the law or the university’s rules, and it
may be unethical. Under some circumstances, even probing for
weaknesses may result in severe penalties, up to and including
expulsion, civil fines, and jail time. Our policy in EECS 588 is
that you must respect the privacy and property rights of others at
all times, <b><u>or else you will fail the course</u></b>.
</p>
<p>
Acting lawfully and ethically is your responsibility. Carefully read
the <a href="https://www.law.cornell.edu/uscode/18/1030.html">Computer
Fraud and Abuse Act</a> (CFAA), a federal statute that broadly
criminalizes computer intrusion. This is one of several laws that
govern “hacking.” Understand what the law prohibits
— you don’t want to end up
like <a href="https://en.wikipedia.org/wiki/Sarah_Palin_email_hack">this
guy</a>. The EFF provides helpful advice
on <a href="https://www.eff.org/issues/coders/vulnerability-reporting-faq">vulnerability
reporting</a>
and <a href="https://www.eff.org/issues/coders/grey-hat-guide">other
legal matters</a>. If in doubt, we can refer you to an attorney.
</p>
<p>
Please
review <a href="http://www.itcs.umich.edu/itcsdocs/r1103/">ITS’s
policies on responsible use of technology resources</a>
and <a href="http://caen.engin.umich.edu/policies">CAEN’s
policy documents</a> for guidelines concerning proper use of
information technology at U-M, as well as
the <a href="https://web.eecs.umich.edu/~aey/eecs206/honor.pdf">Engineering Honor
Code</a>. As members of the university, you are required to abide by
these policies.
</p>
<h2>Students with Disabilities</h2>
<p>
If you believe you need an accommodation for a disability, please let thee instructor know at the earliest opportunity. Some aspects of courses may be modified to facilitate your participation and progress. As soon as you make an instructor aware of your needs, they can work with the <a href="https://ssd.umich.edu/">Services for Students with Disabilities (SSD) office</a> to help determine appropriate academic accommodations. Information you provide will be treated as private and confidential.
</p>
<h2>Audio/Video Recordings</h2>
<p>
Course lectures will be audio/video recorded and made available to all students in this course. As part of your participation in this course, you may be recorded. If you do not wish to be recorded, please <a href="mailto:[email protected]"> contact the instructor</a> the first week of class to discuss alternative arrangements. To prevent revealing your identity on recordings, please mute your video during lecture. Also, questions can be submitted via Zoom chat if you do not wish to reveal your voice.
</p>
<p>
Students may not record or distribute any class activity without written permission from the instructor, except as necessary as part of approved accommodations for students with disabilities. Any approved recordings may only be used for the student’s own private use.
</p>
</div>
</body>