Topics

Since this is an experimental course which is being taught for the first time, the topics listed here are tentative. Below is a rough summary.

Week 1

Course outline and logistics Introduction Threat models

Week 2

Control Flow Integrity - Exploits and Defenses

  • Buffer overflow, use after free, ROP, CFI memory safety

Week 3

Access control

  • Least privilege, authorization, discretionary access control, mandatory access control, reference monitors, role-based access control.

Week 4

Information Flow Control

  • Flow policies, security lattices, static and dynamic control, decentralized flow control, taint tracking

Week 5

Privilege separation and isolation

  • VM, containers, sandboxing

Week 6

Auditing and host-based intrusion detection

  • Auditing mechanisms, provenance analysis, APT attack killchain, Mitre framework

Week 7

Recent cloud security papers

  • Taint tracking in microservices
  • New access control models
  • DIFC, dynamic flow control
  • Papers on securing containers and VMs

Week 8

Recent IoT security papers

  • Access control and flow control in IoT
  • Usability of systems and devices

Week 9

Enterprise Security papers

  • Mimicry attacks
  • Integrity of audit logs
  • EDR (Endpoint detection and response) systems

Week 10

Guest Speaker / Topics to be decided based on class interest

Week 11

Guest Speaker / Topics to be decided based on class interest

Week 12 and 13

Project presentations

Previous

Last updated on Sep 5, 2023

Edit this page