New this year: The course will emphasize embedded security research for protecting emerging computing systems with application to medical devices, autonomous vehicles, and IoT.
Wait list: Sorry, the course is full.
This intensive research course covers foundational work and current topics in computer systems security. We will analyze research papers, write technical essays, and carry out benchtop experiments. Students will be prepared for graduate research in computer security. Students will learn methodologies for reproducible research, and experience the art of technical writing to communicate complex thoughts in simple prose. Students will gain hands-on experience designing and evaluating secure computer systems.
**Prereqs and Wait List
This is a course designed primarily for PhD students. To be considered for the wait list, please send to the eecs588.w18 email list information about your student status (undergraduate, SGUS, masters, PhD) and degree program. Email the staff a paragraph on how graduate-level research in embedded security would fit in your career plans. You are welcome to mention any previous computer engineering and/or security experience (courses, grades, etc.). Upper-level undergraduates with experience in computer engineering or computer system security (e.g., EECS473, EECS388) may contact staff for consideration of an override. The official prereqs are certain EECS courses that the instructor has never attended or taken. Having experience in computer engineering or electronics will give you an advantage on the lab homework, but we will teach students how to use basic benchtop electronics equipment. Students should have a mastery of English exposition.
Preliminary Topic List
The tentative list of topics below should give you an idea of what to expect.
Part 1: Building BlocksThreat modeling, principles of information security and privacy, risk, research ethics
Foundations: Science of Security
Lab: Intro to oscilloscopes, Fourier transforms, function generators, software radios
Part 2: Embedded SecuritySide channels, spectral analysis, timing attacks, power analysis, data remanence
Applications: Smartcards, RFID, IoT
Lab: Side channel analysis of cryptographic hardware
Part 3: Sensor SecurityPhysics of security, transducers, MEMS, audible and ultrasonic acoustics, RF, optics
Applications: Medical devices, autonomous vehicles
Lab: Fault injection attacks and intentional interference against analog sensors
Part 4: Computer Systems SecurityWeb security, network security, anonymity, cryptography and security protocols, PL
Applications: Internet security, software security
Lab: Group projects
Part 5: Special TopicsHuman factors, Internet crime, spam, phishing, economics, public policy
Applications: Society and the Real World
Lab: Group projects
GradingThere will be no exams. Instead, your grade will be based on the following:
Class Participation and Paper Presentation (15%) — Every week, we will suggest supplementary papers associated with the core reading. Each student will make one five-minute presentation on a recent paper. Pedantic use of slides are frowned upon unless there are key measurements difficult to convey in chalk.
Paper Reviews and Essays (20%) — Nearly every lecture will involve a writing assignment alternating between one-page essays and paper reviews. See Lecture 1 for details on the process and grading.
Hands-on Labs (20%) — Working mostly in small teams, students will carry out several homework assignments pertaining to reproducing embedded security experiments from our paper reading. Homeworks range from learning how to use an oscilloscope to simple power analysis to extract cryptographic keys from a microcontroller. The first lab will be individual.
Research Project (45%) — You will conduct an extended research project during the semester, with the goal of writing a publishable workshop paper. This work should be done in a small group of 2-3 students. Typical project topics involve reproducing previously published research to find interesting new directions or analyzing the security of a system or developing a new security mechanism.
Ethics, Law, and University Policies
To defend a system, you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in EECS 588 is that you must respect the privacy and property rights of others at all times, or else you will fail the course.
Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. The EFF provides helpful advice on vulnerability reporting and other legal matters. If in doubt, we can refer you to an attorney.
Please review ITS’s policies on responsible use of technology resources and CAEN’s policy documents for guidelines concerning proper use of information technology at U-M, as well as the Engineering Honor Code. As members of the university, you are required to abide by these policies.
The official journal of Technical Committee 11 (computer security) of the International Federation for Information Processing.
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
Subscribe today and see the benefits immediately!
• Our cutting edge research will help you secure and maintain the integrity of your systems
• We accept only the highest quality of papers ensuring that you receive the relevant and practical advice you need
• Our editorial board's collective expertise will save you from paying thousands of pounds to IT consultants
• We don't just highlight the threats, we give you the solutions
Benefits to authors
We also provide many author benefits, such as free PDFs, a liberal copyright policy, special discounts on Elsevier publications and much more. Please click here for more information on our author services.
Please see our Guide for Authors for information on article submission. If you require any further information or help, please visit our Support CenterHide full Aims & Scope