CS509, System Security, Fall 2016

Lecturer: Nick Nikiforakis
Teaching Assistant: Suwen Zhu (office hours: Friday 11AM to 1PM)
Time:MW 4:00pm - 5:20pm
Office Hours: MW 5:30pm - 6:30pm and by appointment
Contact: nick[email squiggly thingy] cs.stonybrook.edu
Important: When sending me an email about the course, make sure your title starts with "[CSE 509]" (without the quotes). Mislabeled or unlabeled emails will, most likely, not be read.


Class Description

In this class, we will together explore the concepts behind system security. We will look at the core principles behind secure (and insecure) systems and how to both discover vulnerabilities as well as how to correct them.

The course will consist of lectures, paper readings of classic papers as well as bleeding-edge research ones, and a course project.

Some of the topics that we will cover are the following:


Following a long-standing tradition in security courses, there is no official textbook for this course. I am drawing inspiration mostly from the following books:

Requirements and Grading

Subject to minor tweaks throughout the semester.

Schedule and Reading Assignments

Date Topic Reading Assignment(s)
8/29/2016Introduction, Motivation and DefinitionsReflections on Trusting Trust
9/05/2016Labor Day (No Class)
9/07/2016 Authentication (continued)
9/12/2016Access Control
9/14/2016Access Control (continued)
9/19/2016Access Control (continued)
9/21/2016Covert Channels
9/26/2016Software SecurityYou will need to have read this for the midterm: Countering Code-Injection Attacks with Instruction-Set Randomization
9/28/2016Software Security (continued)
10/03/2016Software Security (continued)
10/05/2016Software Security (continued)
10/12/2016No class. Instructor away on travel.
10/17/2016Secure Design Principles
10/19/2016Malicious Software
10/24/2016Malicious Software (continued)
10/31/2016Workings of the web, and web security goals
11/02/2016Workings of the web (continued)
11/07/2016Web Security: Attacks against the client-side
11/09/2016Web Security: Attacks against the client-side (continued)
11/14/2016Web Security: Attacks against the server-side
11/16/2016Web Security: Attacks against the user
11/21/2016An introduction to online tracking


Note: If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, please contact the staff in the Disabled Student Services office (DSS), Room 133, Humanities, 632-6748v/TDD. DSS will review your concerns and determine with you what accommodations are necessary and appropriate. All information and documentation of disability are confidential.

Note: Each student must pursue his or her academic goals honestly and be personally accountable for all submitted work. Representing another person's work as your own is always wrong. Any suspected instance of academic dishonesty will be reported to the Academic Judiciary. For more comprehensive information on academic integrity, including categories of academic dishonesty, please refer to the academic judiciary website at http://www.stonybrook.edu/uaa/academicjudiciary/.