CAP 6640 - Computer Understanding of Natural Language

Description: This is an advanced course of natural language processing, and covers recent advances on the subject, including the following: introduction to word vectors, word vectors and word senses, backpropagation, neural networks, linguistic structures and dependency parsing, recurrent neural networks for language models, vanishing gradient and fancy RNNs, machine translation, seq2seq, and attention mechanisms, CNNs for NLP, subword models, contextual representation and pretraininng, neural natural language generation, coreference resolution, multi-task learning, safety, bias, fairness, and ethics.

Offered: Spring 2020, Spring 2019

CAP 5150 - Foundations of Computer Security and Privacy

This is a graduate level course that teaches students foundations of applied cryptography and computer security. The course focuses on the rigor required for reasoning about properties of modern cryptographic protocols and primitives, and combines a lecture-based and a project-based approaches on modern cryptography and computer security. Topics we cover in the first part of the course include computational cryptography and security, pseudorandomness, CPA-security, CCA-security, message authentication codes and hash functions, pseudorandom permutations, cryptoanalysis, public key cryptography (including number theory, hardness assumptions, and applications), public key encryption (including security definitions, hybrid encryption, trapdoor permutations, RSA, El Gamal, Goldwasser-Micali, Rabin, Pailier, and ABE), and digital signatures (including security definitions, RSA, Lamport's, DSS, and PKI standards. The second part of the course is mainly focused on applied computer security, including transport security (HTTPS, SSL, TLS, RPKI, BGPSEC, DNSSEC), network attacks and defenses (DDoS, botnets, and defenses), application security (bugs, shellcodes, viruses, spyware), web security (cookies, tracking, XSS, SQL injection, and defenses), advanced threats (including cyber warfare and APTs), and privacy enhancing technologies (TOR, OTR, GPG, anticensorship, social networks and privacy, and other advanced topics).

Offered: Spring 2020

CAP 6133 - Advanced topics in computer security and forensics

This is a graduate level course on advanced topics in computer security and privacy. In this course we track advances by discussing some of the finest findings published in top related research venues in the field in the recent years. The course aims to introduce graduate students to advances of the general security and privacy as a domain of scientific research and how it applies to computer systems. The course covers various advances in computer and network security including threats, attacks, and defenses. Topical scope of this part of the course includes malware, botnets, smartphone security, transport security, bitcoin, security economics, social networks security, and web security. Students especially learn about attribution and automation using machine learning in many of those areas. The latter part of the course will cover online privacy, including theoretical and applied aspects of privacy in various settings. Topics include differential privacy, privacy in social networks, censorship, Tor, and smartphones. A substantial part of the course is a semester-long project on one of the topics taught in the course. Projects in previous offerings included work on domain name typosquatting, privacy issues with DNSSEC, entity resolution for better malware labels, and DDoS mitigation, among others. A substantial part of the course is a group semester-long project on several of the topics taught in the second part of the course, thus combining teaching with research. The current offering of the course (in Spring 2016) has projects on privacy policy evaluation for DNS providers, private exchange in the Internet naming ecosystem, security middlebox design for malicious web contents detection, ethnical and technical issues with online reputation services, postquantum cryptographic primitives evaluation on embedded devices, and data-driven to DDoS defense, among others

Offered: Spring 2018

CIS 4615 - Secure Software Development and Assurance

The course, at a high-level, will cover the following topics: software security, terms, and definitions, including threat modeling, secure software development lifecycle and touchpoints, risk management frameworks, and their incorporation into the secure software development lifecycle, common criteria and why they are needed, common bad software development practices and how to avoid them, and instances of bad practices that would result in actual threats due to buffer overflow, dangling pointers, memory leakage, etc. The course will also cover secure software developments by incorporating the touchpoints with secure libraries. As applications areas, the course will also cover software security for the web, networks, and cryptographic tools, associated attack vectors, and the corresponding secure software development practices associated with them. The course will further cover some basics (for those who didn’t take an operating class) where needed; e.g., memory management hierarchies relevant to understanding buffer overflow and other memory-related attacks. If time permits, the course will include two labs, one on using software analysis tools (radare2) and another on OWASP Top 10 Vulnerabilities.

Offered: Fall 2017, Fall 2018

CIS 4361 - Secure Operating Systems and Administration

This is an undergraduate course of operating system security, mainly focusing on the Linux Operating System, and will cover the following: running linux in virtual environment, securing user accounts, securing servers using firewalls (including a dive into iptables and nftables), encrypting and ssh hardening (including key management), and access control. We will cover those aspects of operating system securtiy in both Ubuntu and CentOS. Some knowledge of operating systems is required for this course.

Offered: Spring 2019