**CSE 227: Graduate Computer Security** [*Deian Stefan*](https://cseweb.ucsd.edu/~dstefan/) About ============================================================== This course focuses on computer security, exploring a range of topics – from systems security, to web security, edge security, and privacy – to illustrate some of the modern research challenges in the area and the standards for advancement. It is not designed to be a tutorial course, but rather to give students the context to understand current security research and evaluate their interest in the field. The course will examine both the defensive and offensive side of the field. At the conclusion of the course, the students will have the foundation to conduct research in computer security and to apply the latest security research to a particular area of practice. Lectures: : Tuesday and Thursday, 5:00--6:20pm, Mosaic 0204 Staff: : **Instructor**: Deian Stefan : **Teaching Assistant**: Hosein Yavarzadeh Office hours: : **Deian**: Wednesday, 6:30--7:30pm, 3126 Class discussion: : [Piazza](https://piazza.com/ucsd/spring2025/cse227) : We'll use the CSE slack channel `cse227-sp25` Calendar and Readings ============================================================== Tue Apr 1 2025: Introduction - *Reading*: - [Reflections on Trusting Trust](papers/thompson:reflections.pdf) by K. Thompson - *Additional reading*: - [How to Read a Paper](papers/keshav:how.pdf) by S. Keshav Thu Apr 3 2025: Low-level vulnerabilities and defenses - *Reading*: - [Hacking Blind](papers/bittau:brop.pdf) by A. Bittau et al. Tue Apr 8 2025: Low-level vulnerabilities and defenses - *Reading*: - [AEG: Automatic Exploit Generation](papers/avgerinos:aeg.pdf) by T. Avgerinos et al. - *Additional reading*: - [Sys: A Static/Symbolic Tool for Finding Good Bugs in Good (Browser) Code](https://cseweb.ucsd.edu/~dstefan/pubs/brown:2020:sys.pdf) by F. Brown et al. Thu Apr 10 2025: Low-level vulnerabilities and defenses - *Reading*: - [How to Secure Existing C and C++ Software without Memory Safety](https://arxiv.org/abs/2503.21145) by U. Erlingsson - [Low-Level Software Security by Example](papers/erlingsson:low.pdf) by U. Erlingsson et al. Tue Apr 15 2025: No class Thu Apr 17 2025: No class Tue Apr 22 2025: Privilege separation - *Reading*: - [Preventing Privilege Escalation](papers/provos:ssh.pdf) by N. Provos et al. Thu Apr 24 2025: Software fault isolation - *Reading*: - [Retrofitting Fine Grain Isolation in the Firefox Renderer](papers/narayan:retrofitting.pdf) by S. Narayan et al. - *Additional reading*: - [Principles and Implementation Techniques of Software-Based Fault Isolation](papers/tan:sfi.pdf) by G. Tan Tue Apr 29 2025: OS security - *Reading*: - [seL4: Formal Verificaiton of an OS Kernel](papers/sel4.pdf) by G. Klein et al. Thu May 1 2025: OS Security - *Reading*: - [Language Support for Fast and Reliable Message-based Communication in Singularity OS](https://cseweb.ucsd.edu/~dstefan/cse291-winter18/papers/singularity.pdf) by M. Fahndrich Fri May 2 2025: Status update Tue May 6 2025: OS Security - *Reading*: - [Firecracker: Lightweight Virtualization for Serverless Applications ](https://www.usenix.org/conference/nsdi20/presentation/agache) by A. Agache et al. Thu May 8 2025: Web-server security - *Reading*: - [Building Secure High-Performance Web Services with OKWS](krohn:okws.pdf) by M. Krohn Tue May 13 2025: Web-server security - *Reading*: - [Hails: Protecting Data Privacy in Untrusted Web Applications](https://cseweb.ucsd.edu/~dstefan/pubs/giffin:2012:hails.pdf) by D. Stefan et al. Thu May 15 2025: Web-server security - *Reading*: - [Edna: Disguising and Revealing User Data in Web Applications](https://pdos.csail.mit.edu/papers/edna:sosp23.pdf) by L. Tsai Fri May 16 2025: Status update Tue May 20 2025: Hardware security - *Reading*: - [Spectre Attacks: Exploiting Speculative Execution](papers/spectre.pdf) by P. Kocher et al. Thu May 22 2025: Hardware security - *Reading*: - [Efficiently Mitigating Transient Execution Attacks using the Unmapped Speculation Contract](papers/behrens:ward.pdf) by J. Behrens et al. Tue May 27 2025: Hardware security - * - [SoK: Understanding Design Choices and Pitfalls of Trusted Execution Environments](https://dl.acm.org/doi/10.1145/3634737.3644993) by M. Li et al. Thu May 29 2025: Hot topics Fri May 30 2025: Status update Tue Jun 3 2025: Hot topics Thu Jun 5 2025: MS Comprehensive exam Evaluation ============================================================== Since the primary goal of this course is to prepare to you to do research, the evaluation for this course is simple: (1) class participation and (2) research project. Participation (35%) -------------------------------------------------------------- You are expected to read the assigned paper(s) before each meeting. In class we will discuss the interesting parts of the paper(s). You are expected to do any background reading on your own and come prepared with questions and an evaluation of the paper. Research project (65%) -------------------------------------------------------------- You will work on projects in groups of 3-5. The goal of the project is to conduct original research in security. You are encouraged to come up with your own project idea, but we have a few ideas that are well-scoped for a quarter project. At the end of the quarter, you are expected to turn in a short research paper (6-10 pages) and give a 7-10 minute talk. We will have periodic status updates to help you stay on track. Comprehensive exam (25%) -------------------------------------------------------------- If you are a MS student taking the comprehensive exam: your project will be worth 40% (not 65%) and the exam will be worth 25%. Project ideas ============================================================== Take a look at [Stefan's list of project ideas](https://cseweb.ucsd.edu//classes/fa21/cse227-a/projects.html). Here is a list of new projects: - Sandbox a serious third-party C library in a popular C++ program using RLBox. - Extend Wasm with provably-safe inline assembly. - Verify the SFI safety of binaries compiled with wasm2c (via Clang). - Find bugs by combining source-level static checking (e.g., CodeQL) with low-level symbolic execution (a la Sys). - Statically (or symbolically) check the IPC layerof Firefox (or Chrome). - Design and implement an RLBox like system for Rust. - Extend Rust's bindgen to sandbox C code in Rust projects. - Extend Node.js' Node-API to sandbox C code for Node. - Sandbox CPython code. - Analyze the implications of undefined behavior in sandboxing systems. - Add hardware backed (e.g., ARM MTE or CHERI) to Memory Safe Wasm (MSWasm) compiler. - Sandbox (e.g., using containers) npm install scripts. - Implement a transparency system for (detecting supply chain attacks on) npm. - Implement a language-level module sandboxing system for Node.js. - Analyze the top n Node.js module to understand if a capability security model is practical. - Analyze (attack) the pre-processing stage (e.g., image decoding library) of typical neural network pipelines. - Verify/check analysis passes (e.g., effects, alias) in JITs. - Verify peep hole optimizations in the Firefox JIT. - Verify the security of the V8 Sandbox. - Port the V8 Sandbox to Firefox' SpiderMonkey. - Find bugs in or verify uBPF's code generation. Hall of fame ============================================================== List of papers that started out as CSE 227 projects: - CoResident Evil: Covert Communications in the Cloud with Lambdas, Anil Yelam, Ariana Mirian, Keerthana Ganesan, Shibani Subbareddy, and Stefan Savage, Proceedings of the Web Conference (WWW), Ljubljana, Solvenia, April 2021. - Доверя́й, но проверя́й: SFI safety for native-compiled Wasm, Evan Johnson, David Thien, Yousef Alhessi, Shravan Narayan, Fraser Brown, Sorin Lerner, Tyler McMullen, Stefan Savage, and Deian Stefan, Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2021. - Retrofitting Fine Grain Isolation in the Firefox Renderer, Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan, Proceedings of the USENIX Security Symposium, August 2020. - Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems, Ruffin White, Gianluca Caiazza, Chenxu Jiang, Xinyue Ou, Zhiyue Yang, Agostino Cortesi, Henrik Christensen, Proceedings of Workshop on Software Security for Internet of Things (SSIoT), June 2019. - FaCT: A Flexible, Constant-Time Programming Language, Sunjay Cauligi, Gary Soeller, Fraser Brown, Brian Johannesmeyer, Yunlu Huang, Ranjit Jhala, and Deian Stefan, Secure Development Conference (SecDev), September 2017. - On the (In)effectiveness of Mosaicing and Blurring as Tools for Document Redaction, Steven Hill, Zhimin Zhou, Lawrence Saul, and Hovav Shacham, Privacy Enhancing Technologies Symposium, Darmstadt, Germany, July 2016. - Fast and Vulnerable: A Story of Telematic Failures, Ian Foster, Andrew Prudhomme, Karl Koscher, and Stefan Savage, Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), Washington D.C., August 2015. - Are AES x86 Cache Timing Attacks Still Feasible? (short paper), Keaton Mowery, Sriram Keelveedhi, and Hovav Shacham, Proceedings of the Cloud Computing Security Workshop (CCSW), October 2012. - When Good Services Go Wild: Reassembling Web Services for Unintended Purposes, Feng Lu, Jiaqi Zhang, and Stefan Savage, Proceedings of the USENIX Workshop on Hot Topics in Security, Bellevue, WA, August 2012. - Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks, Keaton Mowery, Sarah Meiklejohn, and Stefan Savage, Proceedings of the USENIX Workshop On Offensive Technologies (WOOT), San Francisco, CA, August 2011. - Extracting Device Fingerprints from Flash Memory by Exploiting Physical Variations, Pravin Prabhu, Ameen Akel, Laura Grupp, Wing-Key Yu, G. Edward Suh, Edwin Kan, and Steven Swanson, Proceedings of the 4th International Conference on Trust and Trustworthy Computing (TRUST), Pittsburg, Pennsylvania, June 2011. - Privacy-preserving Network Forensics, Mikhail Afanasyev, Tadayoshi Kohno, Justin Ma, Nick Murphy, Stefan Savage, Alex C. Snoeren, and Geoffrey M. Voelker, Communications of the Association for Computing Machinery 54(5), May 2011. - Got Traffic? An Evaluation of Click Traffic Providers, Qing Zhang, Thomas Ristenpart, Stefan Savage, and Geoffrey M. Voelker, Proceedings of the WICOM/AIRWeb Workshop on Web Quality (WebQuality), Hyderabad, India, Mar 2011. - Neon: System Support for Derived Data Management, Qing Zhang, John McCullough, Justin Ma, Navil Schear, Michael Vrable, Amin Vahdat, Alex C. Snoeren, and Geoffrey M. Voelker, Proceedings of the ACM International Conference on Virtual Execution Environments (VEE), Pittsburgh, PA, March 2010. - When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC, Erik Buchanan, Ryan Roemer, Hovav Shacham, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008, pages 27-38. - Reconsidering Physical Key Secrecy: Teleduplication via Optical Decoding, Benjamin Laxton, Kai Wang, and Stefan Savage, Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, October 2008, pages 469-77.