CSCI 5523: Modern Offense and Defense in Cybersecurity
Instructor: Yueqi Chen
Email: yueqi.chen@colorado.edu
Office hours: Request by email or walk in if you see me in the office (ECCR 1B18)
Meeting time: MW 4:40 PM - 5:55 PM
Meeting location: ECEE 283
Recommended Prerequisites:
CSCI 2400, or instructor approval if you are familiar with
- Architecture, x86 assembly language, GDB
- Operating Systems, dynamic linkers, virtual memory, file systems
- Programming Languages, C, Python
Challenge Server
cusecurity.cs.colorado.edu:8000 (accessible only using campus net)
Discord Server
Course Outline
- Computer system revisit (week 1)
- Stack security (weeks 2-6)
- Heap security (weeks 6-10)
- OS kernel security (weeks 11-13)
- Comprehensive Capture-the-Flag (CTF) competition (weeks 14-16)
Learning Objective
- Revisit the hierarchy of computer systems
- Learn how and why certain software defenses are designed and how they can be bypassed
- Familiarize yourself with exploit development techniques, in order to better understand the boundaries of protection mechanisms and argue about their effectiveness
- Obtain hands-on skillsets in performing red-team and blue-team operations
Schedule (Tentative)
Grading
- Resolve 8/10 challenges in the “stack” module (weeks 1-6) → D. Otherwise, drop or F
- Resolve 13/16 challenges in the “stack” and “heap” modules (weeks 1-10) → C
- Resolve 15/19 challenges in the “stack”, “heap”, and “kernel” modules (weeks 1-13) → B
- Solve at least one CTF challenge → A
- team-up is allowed but up to two members per team
Submission Policy
All challenge solutions must be submitted and auto-graded by the challenge server before December 20th. Otherwise, no credit.
Collaboration: Asking questions and helping others is encouraged. However, please do NOT share solutions with each other (except project partners). You should never see or have possession of anyone else’s solutions—including from past semesters. Feel free to use GPT to do you a favor. I have done testing. GPT is helpful to some extent but it cannot reason out the ultimate working solution for you.
Academic integrity
Please refer to https://www.colorado.edu/policies/academic-integrity-policy
Ethics
In this class, you will learn a lot about attacks out of necessity. To be able to defend against the attacker, you must learn the techniques that attackers use. It is usually okay to break into your own systems. This is a great way to evaluate your own systems. It is usually okay to break into someone else’s systems with their explicit permission. However, it is grossly unethical and exceedingly criminal to break into someone else’s system without their permission.
Accommodations
The University of Colorado Boulder is committed to the full inclusion of all students. Please inform me early in the term if you have a disability or other conditions, that might require accommodations or modification of any of the course procedures. You may speak with me after class or schedule an office hour.
Mental Health
Being a student can be very stressful. If you feel you are under too much pressure or there are psychological issues that are keeping you from performing well at Boulder, I encourage you to contact COUNSELING AND PSYCHOLOGICAL SERVICES. They can provide both confidential counseling and notes supporting extensions on assignments for health reasons.
Diversity and Inclusion
Our intent is that this course provides a welcoming environment for all students who satisfy the prerequisites. We have undergone training in diversity and inclusion, and all members of the CS community, including faculty and staff, are expected to treat one another in a professional manner. If you feel you have not been treated in a professional manner by any of the course staff, please contact any of Yueqi Chen (the Instructor), Ken Anderson (Dept. Chair), Qin Lv (Co-Associate Chair for Graduate Education), Majid Zamani (Co-Associate Chair for Graduate Education). We will take all complaints about unprofessional behavior seriously. Lastly, your suggestions are encouraged and appreciated. Please let me know of ways to improve the effectiveness of the course for you personally, or for other students or student groups. To access student support services and resources, and to learn more about diversity and inclusion in the Department of Computer Science, please visit https://www.colorado.edu/cs/diversity-equity-inclusion-and-accessibility.