About

Welcome to the Spring 2024 Advanced Computer Security (COMP70004/COMP97109) course. At the end of the course, you will have an in-depth understanding of the themes and challenges of host-level native, web, mobile, and cyber-physical systems security and privacy. Many of the skills learned in this module will directly influence your ability to create secure software and systems. You will also develop abilities to analyse and critique foundational and state of the art research papers in this space.

Prerequisites

To do well in this course, you should ideally have maturity in both the mathematics of computer science and in the engineering of computer systems. This means that you should: have a good understanding of data structures and algorithms; be comfortable writing programs from scratch in C, Java, and a scripting language like Python or JavaScript; be comfortable writing and debugging assembly code; and be reasonably comfortable in a command-line Unix development environment (gdb, gcc, etc). You should also have a good understanding of computer architecture, operating systems, and computer networks. It would also help to know a bit about programming languages and compilers. It would also be helpful to be comfortable with web technologies such as HTML and JavaScript. Recommended (not required) prerequisites are Web and network security • Operating systems • Networks and Communications Related courses: • Privacy Enhancing Techniques • Cryptography• Software Reliability • Program Analysis.

Don't panic

Do not be scared if the list above seems a bit daunting: it is not likely that many of the enrolled students will have the "perfect" background in all of these topics. If you are missing a few of these skills, you should be able to learn them quickly, possibly with the assistance of our helpful TAs. You will need to learn things as you encounter them; this is a feature, not a bug. Most importantly, you should be eager to challenge yourself and learn!

Reading

This year, there will be only one required textbook for this course: Foundations of Security, Daswani, Kern, and Kesavan, ISBN 1-59059-784-2. This book should be available from the University bookstore and other retailers. Note, however, that there will be other handouts and supplementary reading materials that will be posted on the class schedule. You will need to read these before each class. These articles will often h4ave a research focus, which frequently means that you will need to spend more some time on each, perhaps marking them up as you read. Please refer to these helpful guides on how to read research papers critically: link-1, link-2, link-3. Through these readings, you will be exposed to some topics that are "off the beaten path" and get more exposure to bleeding-edge research in computer security.

Course Staff

Hours

  • Part A Live Time (from 16th of January to 8th of February): Tuesday 14:00--16:00, Thursday 11:00--13:00
  • Part B Live Time (from 13th of February to 7th of March): Tuesday 14:00--16:00, Thursday 11:00--13:00
  • Tuesday Room:: HXLY 144
  • Thursday Room:: HXLY 144

Class schedule

This schedule is subject to modification; please check back often...

# Date Description Reading Assessment
January 16, 2024
January 18, 2024
January 23, 2024
January 25, 2024
January 30, 2024
February 1, 2024
February 6, 2024
February 8, 2024
February 13, 2024
February 15, 2024
February 20, 2024
February 22, 2024
February 27, 2024
February 29, 2024
March 5, 2024

Guest lectures:

TBD

Assessment

Paper summaries:

As part of the course, you'll be expected to submit three paper summaries for the papers -- you'll get to pick which papers you want to write the reviews for. This should be individual work. Check the schedule for the paper review submission date. To help you with this, we provide a paper summary template, which you should fill out.

Assignment Type: Individual assignment. You can use EdStem to discuss papers.

Marks: The assignment is worth 10% of your grade.

Programming assignment:

We will ask you to put a black hat on to work on a hands-on coursework assignment. This aims to help you practice with reverse engineering Android apps and developing malware for Android. Reverse engineering is a useful technique for application analysis; understanding how malware work helps you better design defense systems (REMEMBER: a defense system is as strong as its adversary model). The coursework has a tutorial section to help you understand the Android app development tools, and a discovery-based section where you will use your creativity to demonstrate how a strong adversary can compromise Android users' privacy.

Assignment Type: Programming assignment with a report component. Undertaken in groups of up to 3 people.

Marks: The assignment is worth 10% of your grade.

Best hacker awards

Winners Spring '24
Winners of 2024 will be displayed here.
Winners Spring '23
Winners of 2023 will be displayed here.
Winners Fall '21

First Place: Salim Al-Wahaibi, Maxim Fishman, Marcos-Antonios Charalambous
The hackers managed to gain privileged knowledge about what was going on in the phone by walking the `proc` filesystem, and even managed to take pictures without the phone user noticing. I guess stickers in phone cameras will have to become a thing now as well!
Second Place: Pranav Mangal, Hasan Mohsin, Bogdan Surdu
The hackers accessed the user's SMS, and managed to dump their contents in plain text. Very fancy end-to-end encryption, but then all messages get leaked from the very same phone!
Third place: Luke Texon, Andrew Beggs, Viraj Shah
In addition to a variety of other personal data, the hackers leaked the user's very own phone number. This is a very impressive technique to pick up phone numbers rather than asking for them!

Exam:

You will be provided with sample questions to help you prepare for the exam. The final exam will be held on the week of 18th of March to 22nd of March .

Your mark

  • 20% Coursework (including paper summaries)
  • 80% Final exam

Contact Us