CSE508: Network Security

Network Security
Instructor Amir Rahmati
Office Hours Tue/Thu 5:30 – 6:45
Office Hour Location NCS 359
Class Location Engineering 143
Class Time Tue/Thu 4:00 – 5:20
Prerequisites Mature understanding of networked systems.
TA Aynoor Saleem
TA Office Hours Tue/Thu 10:00-11:30
TA Office Hour Location Old CS 2203

Grading

Paper Responses 20%
Design challenge 30%
Research Project 50%

Class Calendar

Readings

There are two mandatory readings for each class. It is your responsibility to read the papers and write a ~400 word critical response to each.

  • In the first paragraph:
  • State the problem that the paper tries to solve.
  • Summarize the main contributions.
  • In one or more additional paragraphs:
    • Evaluate the paper’s strengths and weaknesses.
    • Discuss something you would have done differently if you had written the paper.
    • Suggest one or more interesting open problems on related topics.

Your most important task is to demonstrate that you’ve read the paper and thought carefully about the topic.

Paper responses are due before the start of class via the online submission system. Use your Stony Brook email to sign up. For each submission, use the paper name as the title and write your review in the abstract box.

You will be asked to peer-review some of the submissions from your peers. Feel free to provide them feedback to help in their future submissions.

Design Challenge

Have you ever been frustrated with a particular system and wished it would do something differently? Well now it’s the time to make it so! In the design challenge, we want you to tackle a problem that you have observed in the security domain, and come up with efficient and creative ways of addressing it.

Resources

We will setup a git repository for every individual to upload their code and documents. If you need any additional resources, talk to me or one of the TAs and we do our best to accommodate you.

The Problem

The problem you pick can be something very practical or completely out of the box in the area of security/privacy!

Examples of acceptable ideas:

  • The browser warning for X would have been much better if it was designed this other way.
  • I wish my password manager did Y.
  • If only there was a browser add-on that did Z.
  • I wish the open source project A did B.
  • [Insert your crazy idea here]

If you are unsure if something qualifies as a good design challenge, contact me or one of the TAs.

Initial Report

Create a brief report (2-3 pages) describing the problem and the fix.

Try answering these questions:

  • What is the issue? How is it done today? Why is it wrong?
  • How will you make it better? What is the benefit of your idea?
  • What are the limitations/shortcomings of your idea?
  • How will you prototype your solution?

Final Report & Prototype

Create a prototype that can highlight your solution.

Examples of acceptable prototype:

  • Creating a mockup design.
  • Creating a toy implementation.
  • Do a small user study.
  • Forking and adding a specific functionality to an open-source project.

Update your report to include your results, any missing information, or new thoughts.

If you are unsure if something qualifies as a good prototype, contact me or one of the TAs.

Bonus Points if your change is actually implemented IRL!

Research Project

Your course project should address an important, interesting open problem related to network security. It’s up to you to find a good topic, but I’m happy to discuss your project ideas individually and help you refine them.

I recommend working in groups of 3 or 4. The larger the group, the more I’ll expect you to accomplish.

Resources

We will setup a git repository for each group to upload their code and documents. If you need any additional resources, talk to me or one of the TAs and we do our best to accommodate you.

You can form your group in Github by going to this link.

Project Proposal

Your proposal should consist of a 3-4 page description of your project that includes the following:

  • Group: Group member names and uniqnames.
  • Title: What would you call the eventual paper or product?
  • Problem: A description of the problem you will address and why it is important.
  • Context: A brief survey of related work and past approaches to the problem.
  • Approach: How you will address the problem and how your approach differs from past work.
  • Evaluation: How you will test how well your approach works (e.g., experimental measurements).
  • Scope: What you plan to accomplish and deliver by the checkpoints and by the end of the semester.

Upload all your files in your group’s git repo and also submit the final PDF version of the proposal here.

Literature Review

Complete and submit a literature review for your project. Literature reviews should consist of a 2-4 page analysis of works related to your project’s area. Your review should not simply be a laundry list of related projects. It should synthesize the works into areas and themes, discuss how it relates to the research question you are exploring, discuss the knowns and unknowns in the space, and highlight any disagreements and controversies.

For a more detailed explanation on how to do a literature review, read this.

Upload all your files in your group’s git repo and also submit the final PDF version of the Literature Review here.

Progress Updates

Write a concise status report (no more than three pages) answering the following questions:

  • Progress: What have you accomplished so far? What do you have left to do?
  • Schedule: Are you on track to complete what you proposed?
  • Obstacles: Have you encountered any surprises or unexpected problems?
  • Workarounds: If you’re having problems, how do you intend to solve them or work around them?
  • Preliminary results: Can you draw any preliminary conclusions from your results so far? Include data.

You’re also welcome to come see me if you need advice.

Poster Session

The last day of class is set aside for the 1st Annual CSE 508 Security Symposium. Each group will prepare a poster for the event and present their results in the format of a conference poster session. Have an elevator pitch ready to describe your project and findings in a few minutes.

Final Report

Your group’s final project report should be written in the style of a workshop or conference submission, like most of the papers we read this semester. Please include at least the following:

  • An abstract that summarizes your work.
  • An introduction that motivates the problem you are trying to solve.
  • A related work section that differentiates your contributions.
  • Section(s) describing your architecture or methodology.
  • Results and/or evaluation section(s), with data or figures to support your claims as appropriate.
  • A brief future work section explaining what is left to do.
  • Appropriate citations and references from the literature.
  • A brief paragraph containing a break-down of contributions of each project member.

See also: Advice on writing technical articles.

The length of your report should not exceed 8 typeset pages, excluding bibliography and well-marked appendices. There is no limit on the length of appendices, but graders are not required to read them. The text must be formatted in two columns, using 10 point Times Roman type on 12 point leading, in a text block of 6.5” by 9”. We strongly encourage you to use LaTeX and the USENIX template files, and Overleaf might be a helpful collaboration platform.

Ethics, Law, and University Policies

To defend a system, you need to be able to think like an attacker, and that includes understanding techniques that can be used to compromise security. However, using those techniques in the real world may violate the law or the university’s rules, and it may be unethical. Under some circumstances, even probing for weaknesses may result in severe penalties, up to and including expulsion, civil fines, and jail time. Our policy in the class is that you must respect the privacy and property rights of others at all times, or else you will fail the course.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. The EFF provides helpful advice on vulnerability reporting and other legal matters. If in doubt, we can refer you to an attorney.

Please review the Divison of Information Technology policies on responsible use of technology resources, as well as the code of student responsibility. As members of the university, you are required to abide by these policies.

Amir Rahmati
Amir Rahmati
Assistant Professor

Amir Rahmati is an Assistant Professor in the Department of Computer Science at Stony Brook University. He is the director of Ethos Security and Privacy lab and a member of Stony Brook National Security Institute.