CS 8803: Destructive Research
|Instructor||Prof. Patrick Traynor (my_last_name 'at' cc.gatech.edu)|
|Location||ES&T room L1105|
|Meeting Times||T-R 3:05pm-4:25pm|
|Prerequisites:||CS 6262 (or equivalent or instructor permission)|
|Office Hours||By Appointment|
Designing and implementing secure systems and networks requires an intimate knowledge of past failures. In particular, understanding how weaknesses allow adversaries to disable systems is critical in developing new and more robust architectures. This course will focus on "Destructive Research", a subfield of security designed to improve systems by forcing them to fail. The course will explore historic weaknesses in a variety of domains including analog, cellular and VoIP telephony, wireless networks, medical devices, voting machines, computer hardware and the physical world. Students successfully completing this course will be able to formulate and evaluate security models and will investigate techniques from cryptography, protocol design and formal methods to attempt to address their faults.
The class will be taught as both lecture and seminar and will demand significant participation and a major effort in evaluating and exploiting systems. Additionally, the course will require the formulation, execution and documentation of novel research in network security, which will result in a conference style paper. A detailed list of lectures, readings, assignments, due dates (subject to change as the semester evolves) is available on the course schedule.
Students will be evaluated based on the following breakdown:
Each student will be required to present a 40 minute lecture style presentation at least two of the course papers at least twice during the semester. Students will be required to provide the professor slides for the presentation so that they can be posted to the course webpage. Note that all slide material must generated by the students themselves. Any use of external material will be considered an act of plagiarism, and will be treated as such. Failure to adhere to these guidelines will result in sanctions as deemed appropriate by the Office of Student Integrity, which include failure of the course.
The course project requires that students execute research in network security. The result of the project will be a conference style paper. Project topics will be discussed in class after the introductory material is completed. Be realistic about what can be accomplished in a single semester. However, the work should reflect real thought and effort - projects executed in the closing days of the semester are unlikely to be well received. The grade will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort.
Project teams may include groups of up to two students, although significantly more effort will be required. I will advise each team/individual independently as needed. The project grade will be a combination of grades received for a number of milestones and the final project writeup. Details of the milestones and content will be given in class with the other project details (see schedule).
This course is largely a seminar, meaning that lectures will be driven by the content of papers and student discussions. To do well in this class, students must take active and regular roles in discussion and demonstrate comprehension of the papers and research themes. This will be closely monitored by Professor Traynor.
Assignments and project milestones are assessed a 15% per-day late penalty, with a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.
Academic Integrity Policy
Students are required to follow the university guidelines on academic conduct at all times. Students failing to meet these standards will be reported to the Office of Student Integrity, which can result in the student receiving an 'F' for the semester. Note that students are explicitly forbidden from copying anything off of the Internet (e.g., source code, text, slides) for the purposes of completing any assignment or the course project.
Statement of Ethics
This course covers topics concerning the security of many systems that are widely deployed and potentially critical. As part of this course, we will investigate methods, tools and techniques whose use may negatively impact the rights, property and lives of others. As security professionals, we rely upon the ethical use of the above technologies to perform research. However, it is easy to use such tools in an unethical manner. Unethical use includes the circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services.
This is NOT a class on hacking. Any activity outside of the spirit of these guidelines will be reported to the proper authorities both within and outside of Georgia Tech and may result in dismissal from the class and the University. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through the proper channels; however, students with any doubt should consult Professor Traynor for advice. DO NOT conduct any action which could be perceived as technology misuse anywhere or under any circumstances unless you have received explicit permission from Professor Traynor.