Course overview
This class focuses on two main themes:
Virtualization and Security, as well as the intersection of the
two. We will discuss classic papers in the areas as well as
cutting-edge research. We will explore new ideas through projects
and improve skills in presentations, critical thinking, systems and
security programming, and creativity.
The class format will consist of lectures, student presentations, guest
lectures, and class project presentations.
The prerequisite for this class is undergraduate operating systems, and
some background in systems security is preferred, but not required.
Some of the topics we will explore are: virtualization fundamentals,
using virtual machines for services, using virtual machines for
security, honeypots and intrusion analysis, malware and attacks,
hardware security and trusted computing, OS and application security,
and electronic voting.
Readings, postings, and class
participation
A major part of this course will be reading,
analyzing, and discussing papers. We will cover one or two papers
per lecture typically. Required readings for each class are
posted on the class web site. For each required paper, your
assignment is to read the paper carefully before the lecture and to
post on the course newsgroup an insight or question about this
paper. A good model is the comments and question that take place
after someone presents a paper at a research conference. The
postings can take many forms, for example, you could post any of the
following:
• What you appreciated about the paper
• Where you felt the paper fell short
• Future work that the paper inspired
you to think of
• Questions about the meaning of a
section of the
paper
• Comparisons between the paper and
another paper or
approach for the same problem
• Relationship between the problem being
attacked in
this paper and another problem
• How the paper relates to another paper
or approach
• Speculation about how the
author’s idea would apply
in a new situation
• Something you wished the author had
addressed
• Assumptions in the paper that you
disagree with and
how you think different assumptions would affect the outcome
• Answering another student’s
question or following
up on another student’s comments
Your posting need not be long; the ideal is a few thought-provoking
sentences. You should submit your posting to the newsgroup no
later than 6pm on the day before we discuss the paper. You need
not post anything for the papers being discussed during the first week
(January 16 and 18), so your first posting will be about the paper
“Embra: Fast and Flexible Machine simulation� and
should be posted no
later than 6pm on January 22.
Participating in the class discussions on each paper is an important
part of the class. Lively participation by the entire class will
help us all understand the material better and have more fun in the
process.
You are required to submit thoughtful comments before each class.
For classes where we discuss two papers, you must submit comments about
at least one of the two papers to get credit. You are allowed two
classes where you do not submit comments to the newsgroup before
omissions start to affect your grade.
Paper presentations
During the semester you will present one paper to
the class. Each LECTURE will have two presenters, sign up using
the newsgroup. You can divide up the presentation
responsibilities however you see fit and you will be graded
individually. You must present the paper(s) in a quals style
where you assume everyone has read the paper, so you focus on the most
imporatant aspect of the work. You will also be repsonsible for
clearning up any confusing aspects of the paper and for leading a
discussion. For discussion topics, use the suggested newsgroup
questions as a starting point for thinking about the type of things
that would be useful for discussion. Plan on presenting for about
30 minutes and having about 30 minutes worth of discussion and
questions.
You must show me your slides the day before your
presentation so we can discuss your ideas. You should also use
the newsgroup to help guide your discussion.
The first paper available to students is "Unmodified
Device Driver Reuse and Improved System Dependability via Virtual
Machines" on January 30th.
Exercises
There will be one exercises in this class (out on
January 23), which are intended to give you hands-on experience with
virtual machines and security. You will use a virtual machine to test
out exploits on legacy software,
you can find
more details here.
R
esearch project
You will design and carry out a semester-long
research project (done in teams). I hope that these projects will
lead to published papers. The timeline for the projects is as
follows:
• January 30: inform me of your
group’s
membership. Groups should generally consist of two people.
Your project partner will have a substantial effect on your experience
in this course, so choose carefully.
• February 1: inform me of your project
choice.
This will be an email with a brief description of what you plan on
doing for the semester.
• February 8: project proposals are
due. Your
proposal should state the problem your project will address, the
motivation for why this is an interesting problem, the goal of your
project, the relationship between your project and other work, the plan
and methodology for your project, and the resources needed to carry out
your project. Include a set of incremental milestones that you
will achieve in carrying out the project and a schedule for meeting
these milestones.
• March 1: Project status meeting #1
• April 5: Project status meeting #2
• April 19, 24, 26, and May 1: Project
presentations
Project
ideas are posted on the course website.
Many of the ideas are fairly vague; an important part of a research
project is defining the problem. You are welcome to propose a
project that is not on the list and I encourage you to tie your
research into the course project. Feel free to talk with me, or
others, as you formulate your ideas.
Final exam
There will be no final exam for this class.
Grading (tentative)
Newsgroup postings and class participation: 20%
Exercises: 10%
Paper presentations/discussion leading: 20%
Project: 50% (proposal 5%, midterm report 5%, presentation 10%, final
report and results 30%)