COMP 790-132: Software Security

COMP 790-132, Spring 2014
TTh 12:30-1:45
Cynthia Sturton
Office hours:
Th 4-5

A secure system is one that will enforce a given policy, even in the face of malicious activity. In this class we will learn about various security policies and how they apply across a variety of application domains. We will read about mechanisms designed to enforce a given policy, and attacks meant to thwart a desired security policy.

The class is meant for students who are interested in software and systems security. The class will be research focused: classes will be centered around discussion of published research in the security community, and students will work on an original research project and write a conference-style paper describing their work.


Students will work in groups of 2 on an original research project. At the end of the semester, each group will submit a conference-style paper and give a short (10--15 min) presentation in class describing their work. Project proposals will be due Thursday, January 30th. We will discuss possible project ideas in class, although you are strongly encouraged to develop your own idea.

Paper Readings

A schedule with the list of readings.

We will read 1--2 papers per class. You are required to complete the reading before class. For each paper, you will write a synopsis and review, and email it to me by 5pm the day before the class. The synopsis should be short: one to three sentences describing the problem being addressed and the basic approach and two to three sentences that describe the key insight or innovation of the paper. The review will be slightly longer and should describe the pros and cons of the paper, as you see it. Although your written response will be short, the reading will not be quick. You will need to read each paper thoroughly and in-depth in order to write an insightful review and actively participate in the class discussion. An example of a review written by a student in a previous class can be found here.

Security Review

Key Dates

Project proposals due: 1/30/14
First security review due: 2/6/14
Second security review due: 3/6/14
Project status report due: 3/6/14
Final in-class presentations: 4/24/14
Final project report due: 4/25/14


Final project: 45%
Class discussion & written reviews: 40%
Security reviews: 15%