Modern computer systems provide rich functionality, but at a cost: these systems are incredibly complex, inevitably buggy, and often ill-specified. Such fragile, baroque systems are alluring targets for attackers, who wish to subvert those systems for financial gain, ideological reasons, or malicious entertainment. As a result, our operating systems, user-level applications, and distributed systems are constantly under attack.
CS 263 is a class about practical, systems-level security. CS 263 examines the common exploits that attackers use, and state-of-the-art defenses against those attacks. The course discusses topics like buffer overflows, web security, information flow control, and anonymous communication mechanisms like Tor. Two predefined projects give students hands-on, implementation-level experience with offensive and defensive techniques; the final, larger project is open-ended and driven by student interests. By the end of the course, students should have a deep technical understanding of the interactions between hardware, software, and the adversarial universe in which we live.