Course Syllabuses

Description

Advanced network security and malware analysis is an advanced course for individuals interested in the theory and practice of network security.
This course will study approaches, mechanisms, and tools used to make networks and software systems more secure against malware, based on a survey of recent and seminal research papers. We will motivate the study by discussing common software security dangers (e.g., buffer overflow attacks, control-hijacking), common network security dangers (malware, botnets, APTs), and malware analysis tools (e.g. Binary Analysis Platform). The majority of the course will be divided into three main
modules: architectural approaches to building secure software (e.g., confinement, virtual machines, trusted computing); software analysis (e.g., static analysis and testing, model checking, dynamic analysis, code cloning) for finding software flaws as well as analyzing malicious code; and network detection techniques for network-based malware.

Learning Goals

    •    Understand the state of the art in control-hijacking and associated defenses in software systems.
    •    Understand the specific security architectures for system isolation and analysis.
    •    Understand the strengths and limitations of various methods of software analysis, and their application of vulnerability discovery and verification of security properties, as also applied to malware analysis.
    •    Understand the state of the art in malicious network activity detection techniques.
 
Reference books and web resources
    •    Jelena Mirkovic, Sven Dietrich, David Dittrich, and Peter Reiher.
Internet Denial of Service: Attack and Defense Mechanisms, Prentice Hall PTR, 2004.
 
    •    Applied Crypto https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cacr.math.uwaterloo.ca_hac_&d=DwIDaQ&c=8v77JlHZOYsReeOxyYXDU39VUUzHxyfBUh7fw_ZfBDA&r=pEeurUrc3w8BRO_t6mqyjx6mXBDOzq6W3sLVjl_NlGg&m=tJ3pJwB_U5Pv7tcn3HFmT85-isgkSKShbEGl6SvLBS4&s=PyrmZ_e5pP5EHYC59xzBL7uppfrZloScpK8JjX104MM&e=
    •    Additional online up-to-date materials will be provided as time
progresses, mostly from research conferences in systems-oriented security.
 

Tentative topics (Part 1: 2.5-3 weeks; Part 2: 4 weeks; Part 3: 4.5-5 weeks)

    •    Part 1
    ◦    Ethics in Cybersecurity
    ▪    Menlo Report: guidelines for ethical cybersecurity research
 
    ◦    Software basics
    ▪    Review of the basics of code generation and trust.
    ◦    Attacks
    ▪    Buffer overflows (stack, heap, etc.)
    ◦    Defenses
    ▪    Separation, memory protection
    ▪    Virtual machines, sandboxing
    ▪    Isolation and confinement.
    ◦    Control-flow integrity
    ◦    Enforcing security properties at run-time
    ◦
    •    Part 2
    ◦    Cryptography overview
    ◦    Trusted Computing
    ▪    Software security architectures
    ▪    Static analysis of C programs
    ▪    Dynamic analysis
    ▪    Software model checking
    ▪    Building verifiable systems
    ◦
    ◦
    ▪
    •    Part 3
    ◦    Malicious code analysis (Binary Analysis)
    ▪    Sandboxed analysis
    ▪    VM introspection
    ▪    Malicious code classification
    ◦    Botnet analysis & detection
    ▪    Activity-based (DDoS, click fraud)
    ▪    Command-and-Control (C&C) based
    ▪    Side-channel detection
    ▪    Correlation analysis
    ▪    Topologies
    ◦    Advanced Persistent Threats
    ▪    Exfiltration
    ▪    C&C
    ◦    Moving Target Defense

 

Assessment

Students will be evaluated based on small projects, two papers, and class participation. The projects will provide students with practical experience with the tools and mechanisms studied in class. Students will work on the projects in groups of two or three, and the projects will be evenly spaced over the course of the semester.

Grading 

There will be weekly in-class discussion
 
    •    25%x3 projects
 
    •    5% class participation
 
    •    20% for writing 2 research papers

Policy

All assignments must be your own work and submitted on time. Late submission without prior permission will not be graded.

Rationale

The Computer Science Ph.D. Program aims to prepare its students to become outstanding scholars and leaders in both industry and academic institutions in the broad field of Computer Science and Technology. To achieve this goal, one of the most important skills that students must develop during their PhD study is the ability of doing and communicating innovative research. That is, to be able to learn from existing literature, identify unsolved problems, propose inventive and effective approaches to solve the problems, communicate and present their work before others, and publish their research in well-established professional journals and conferences.

Description

The main purpose of this course is to allow a reasonable number of credit hours for a student to work on his/her Thesis research. This course will be conducted flexibly, with the ultimate goal of having each of the registered students working on his/her thesis related research project for a minimum of 80 hours a semester and present their research to the class. The evaluation metrics include extensive literature survey, production of conference and journal papers, publishable research work, and project results being ready for submission.

Learning Goals/Outcomes

The students will gain ability to conduct research, become familiar with their field, learn to present a coherent explanatory talk, and produce publishable research results.

Assessment

The instructor will make sure that the students will gain proper experience in doing research in their own field. Important assessment metrics include extensive literature survey, coherent understandable presentation to the class, production of a paper for a conference or journal, or having a project result ready for submission.

Rationale

Computer vision and image processing are important and fast evolving areas of computer science, and have been applied in many disciplines. This course will introduce students to the fascinating fields. Student will gain familiarity with both established and emergent methods, algorithms and architectures. This course will enable students to apply computer vision and image processing techniques to solve various real-world problems, and develop skills for research in the fields.

Description

This course introduces fundamental concepts and techniques for image processing and computer vision. Topics to be covered include image formation, image filtering, edge detection and segmentation, morphological processing, registration, object recognition, object detection and tracking, 3D vision, etc.

Topic List

The topics may include but are not limited to:

• Image formation and perception, image representation

• Image filtering: space- and frequency- domain filtering, linear and non-linear filters

• Morphological image processing

• Image geometric transformations, image registration

• Edge detection, image segmentation, active contours, level set methods

• Object recognition, template matching, classification

• Object detection and tracking: background modeling, kernel-based tracking, particle filters

• Camera models, stereo vision

Learning Goals

The learning goals include:

• Understand the major concepts and techniques in computer vision and image processing

• Demonstrate computer vision and image processing knowledge by designing and implementing algorithms to solve practical problems

• Understand current research in the fields

• Prepare for research in computer vision and image processing

Assessment

• Homework and programming assignments: 30%

• Midterm exam: 30%

• Final project: 40%

The programming projects require students to implement algorithms to solve real computer vision problems to demonstrate their understanding on concepts of computer vision and image processing. A final project on a research topic requires a proposal, a final project report, and a presentation to prepare students for research experience.

Course description

This course will provide an overview of the state-of-the-art Natural Language Processing (NLP) techniques, with a focus on methods used in the field of automated text correction.  The problem of grammar and spelling correction has always attracted NLP researchers but has become especially popular in the last few years, as the amount of “noisy” data has increased dramatically. We will study modern computational approaches used in the processing of different types of non-standard data, including texts written by non-native writers, medical and clinical documents, and social media data. 

Objectives

 This is a research-oriented course, intended to provide the students with knowledge of the state-of-the-art computational techniques used in the field of automated text correction, and to develop basic skills required for reading and understanding research papers in NLP. In the course of the project, the students will learn about modern methods in Machine Learning and Natural Language Processing and will work on a research project of their own.

Course structure

The course will consist of lectures, readings, and presentations. 

Readings

Readings will be assigned from published notes and research papers that will be made available online.

Background and prerequisites

  The course is intended for graduate students who are interested in Machine Learning, Natural Language Processing, and related areas. Prior background in Machine Learning and Natural Language Processing is recommended, but not required. 

Assessment

  The assessment will be based on class participation, research papers discussion  and presentation, and the  final project, which students present in class.

Course Rationale

Cryptographic techniques are an essential ingredient in the security mechanisms that protect the privacy of e-commerce transactions and the secrecy of cloud storage. This course introduces the fundamental notions underlying the design and evaluation of cryptographic primitives that are the core of the security protocols that enable our modern way of life.

Course Description

This introductory, graduate-level course covers the theoretical foundations of modern cryptography. Emphasis will be placed on precise denitions, rigorous proof techniques, and analysis of the relations among the various cryptographic primitives (such as one-way functions, pseudo-random generators, pseudo-random permutations, and trapdoor permutations).

List of topics includes: computational security, cryptographic hash functions, private-key encryption, message authentication codes, public-key encryption, digital signatures, commitment schemes.

Pre-Requisites
 

No prior knowledge of cryptography is required. However, general ease with algorithms and elementary probability theory, and maturity with mathematical proofs will be assumed.

Learning Objectives

Discuss how cryptography helps to achieve common security goals (data secrecy, message integrity, non-repudiation) and tasks (authentication).

Explain the notions of symmetric encryption, hash functions, and message authentication, and sketch their formal security denitions.

Describe the specics of some of the prominent techniques for encryption, hashing, and message authentication (e.g., DES, AES, SHA-1, HMAC).

Explain the notions of public-key encryption and digital signatures, and sketch their formal security denitions.

Describe and implement the specics of some of the prominent techniques for public-key cryptosystems and digital signature schemes (e.g., Rabin, RSA, ElGamal, DSA, Schnorr, OAEP, PSS/PSS-R).

Illustrate the dierence between symmetric and public-key cryptography.

Evaluate cryptographic primitives and their implementations for correctness, eciency, and security.

Course Textbook

Introduction to Modern Cryptography by Jonathan Katz and Yehuda Lindell. Chapman & Hall/CRC Press, 2007.

Course Topics

1.Introduction

 Classical vs. modern cryptography. Information-theoretic security: Shannon's

 denition of perfect secrecy. Vernam's one-time pad. Limitation of the information theoretic approach.

2.Computational Hardness and One-Wayness

-One-way functions. One-way permutations. Trapdoor permutations. Concrete examples: integer multiplication and modular exponentiation.

-Hardcore predicates. Goldreich-Levin construction.

-Pseudo-random generators. Blum-Micali construction. Ecient instantiation:

-Blum-Blum-Shub construction.

-Pseudo-random functions. Goldreich-Goldwasser-Micali construction.

-Pseudo-random permutations. Luby-Racko construction.

-ε-universal, universal one-way, and collision resistant hash functions. Merkle-Damgaard construction.

-The hash-the-MAC paradigm.

3. Computationally Secure Symmetric Cryptography

 -Denition of secure symmetric encryption: IND, CPA, CCA.

 -Block-ciphers and mode of operations.

 -Message authentication codes.

 -Hash-then-authenticate paradigm.

4. Managing Shared Keys

 -The key distribution problem

 -Die-Hellman Key Exchange

5.Computationally Secure Asymmetric Cryptography

 -Denition of secure asymmetric encryption: IND, CPA, CCA.

 -Ecient constructions (ElGamal, RSA and Rabin's schemes) and padding schemes

(OAEP+).

 -Blum-Goldwasser construction. Goldwasser-Micali construction.

6.Digital Signatures

 -Denition of secure digital signatures.

 -Lamport's one-time signature scheme.

 -The hash-then-sign paradigm.

 -Rabin and RSA signature schemes. Padding Schemes (PSS, PSSR).

 -Schnorr signature scheme.

 -Signature schemes for multiple messages: chain-based and tree-based constructions.

7. A taste of more advanced topics (identication schemes, commitment schemes, secret sharing).

Assessment

Grade will be based on:

• Class participation: 10%
• Assignments: 40%
• Term project (presentation and report): 50%

Instructor: Assistant Professor Raffi Khatchadourian

Course Description

This course is intended to be a survey on the fundamental concepts and principles that underlie current and emerging methods, tools, and techniques for the design and implementation of modern programming languages. This includes the understanding and appreciation of topics in designing and implementing modern programming languages such as attribute grammars, operational, axiomatic, and denotational semantics, (static and dynamic) type systems, and functional programming and its relationship with mainstream Object-Oriented languages, frameworks, and libraries (APIs).

Topics

• Attribute grammars
• Operational semantics for Lisp
• Operational semantics for an imperative language
• Axiomatic semantics
• Type systems
• Concurrency and data structures for concurrent and distributed computing
• MapReduce and Streaming APIs for mainstream Object-Oriented languages

Textbooks and Materials

While there are no required texts, there are readings from the books listed below. The books will be placed on reserve at the library or are available online:

Learning Goals

• Be able to write attribute grammars and derivations of simple programs.
• Be able to understand and define basic operational semantics.
• Be able to understand and define basic axiomatic semantics.
• Be able to formulate and prove type safety theorems.
• Be able to formulate and reason about key object oriented programming features.
• Be able to formulate and reason about key concurrency programming features.

Assessment

Rationale:
With the rise of mobile computing, cybersecurity, and big data, the need for software engineering tools to assist developers in cultivating and managing the complexity of large software systems has never been more evident, giving way to such tools as GitHub, Pivotal, and SonarQube. Software analysis and transformation has a variety of uses, including performance optimiza- tion (in compilers), decompiling, obfuscating, verifying program correctness, domain-specific programming languages, and software understanding, evo- lution, debugging, and testing in software engineering tools. The material will be useful for students working in compilers, developer tools, systems, software engineering, and programming languages. 

Course description: This course introduces the foundations of algorithms that analyze and ma- nipulate software. Refactoring, the process of reorganizing software for an improved design while preserving its original functionality, concepts and tech- niques will also be introduced, along with several type inferencing techniques. The course will involve hands-on experience in creating algorithms and tools. 

List of topics: The topics may include but are not limited to:

• intermediate program representations, including Abstract Syntax Trees (ASTs)

• Tree traversal and manipulation algorithms

• Control- and data-flow analyses

• Type inference

• Object-orientation

• Pointer/alias analysis

• Side-effect analysis

• Refactoring 
• ​ Object-oriented software design patterns 

Suggested Prerequisites

• Excellent programming skills in an object-oriented programming lan- guage such as C++ or Java.

• CSc 71010 (Programming Languages) or equivalent or an introductory course on compilers would be useful.

• Otherwise, students may review the first two chapters of Compilers: Principles, Techniques and Tools by Aho, Sethi and Ullman

  However, previous experience in software analysis will not be assumed. 

Learning objectives: The objectives of the course are:

• Understand abstract software representations on a meta-level

• Comprehend and develop various algorithms for traversing and manip- ulating abstract software representations.

• Relate software analysis and transformation algorithms to their appli- cation in real-world problems.

• Good working knowledge of object-oriented type systems and inference.

• Understand the challenges and solutions associated with analysis of software written in programming languages that allow aliasing and side- effects.

• Knowledge of various software refactorings, how to formulate refactor- ing preconditions, and issued related to programs semantics-preservation in an object-oriented setting.

• Good working knowledge of various enterprise-level software design pat- terns and their relationship to refactorings. 

Assessment: 

Several homework assignments involving technical problems related to the class lectures and reading material.Completion of the homework will benefit the students, particularly in their technical skills and problem solving. These will account for 25In additional to homework, a sequence of projects will also be assigned. Student project topics may be selected depending on the students research interests and goals. These will account for 55% of the overall grade. A special topics lecture that discusses current research in the area will also be assigned, accounting for 10% of the grade, while class participating will account for the remaining 10%. 

Preamble

Optimization is the "science of the best". Today, there is a sound body of models and methods to nd the best decision or choices. These methods are widely used in airlines, hospitals, banks, computer engineering, manufacturing and scheduling, among other sectors. We will specialize our study to stochastic optimization, which incorporates randomness (uncertainty). Among the problems that we will discuss are the following.

Aerospace engineers need to control fuel and routes of vehicles to make a rendez-vous in space, under various risks. The value of an American option in nance can be obtained in terms of an optimal exercise time. An urban transportation subway needs to revise and automatically adapt frequencies to operate optimally under changing demands. Telecommunication and manufacturing networks need algorithms for optimal routing and scheduling, under demand uncertainty. These seemingly dierent problems can be solved using computer methods for optimization under randomness.

Algorithms can be compared in terms of speed of execution and accuracy in the approximation. Central to our course is the analysis of convergence (in a probabilistic sense) of these computer methods. We will study a mathematical approach for algorithmic eciency using risk-theoretical concepts that allows to rank methods via the ubiquitous trade-o between precision and speed. We will illustrate dicult concepts with actual problems for students to code and see the methods at work.

Rationale

Markov chain models abound in Computer Science applications, from speech recognition and machine learning to bioinformatics. However most undergraduate programs in CS do not have courses on the subject. This course lls that need.

Learning Goals

1. Acquire fundamental knowledge in the area of stochastic processes and optimization.

2. Formulate mathematical models for stochastic optimization.

3. Formulate the required characteristics for the computer code.

4. Understand the convergence properties of various methods.

5. Understand how dierent methods apply to dierent models in machine learning, intelligent agents and self-optimized complex systems.

6. Acquire the capability to carry out consulting projects in the public and private sector.

In addition, students who succeed the course will be better placed to conduct fundamental research in stochastic optimization and provide advise concerning current optimization practices and methodologies for continuous optimization and \big data" search methods such as evolutionary algorithms.

Assessment

Learning goals 2,3, and 6 will be assessed through the team projects via a class presentation (15%) and a nal report (20%). Learning goals 1, 4 and 5 will be assessed through the homework assignments (30%) and the nal exam (35%). Threshold: in order to pass the subject, a minimum of 55 in the exam is required.

Course Description

We will study continuous optimization, dealing with continuous decision variables (how much to invest, how much hydroelectric energy to produce, etc), for which we will provide a summary of known convergence results. In a nal stage, we will discuss some methods for discrete optimization (how many buses should a transportation company buy, DNA sequencing, etc) and include reading current research papers.

The subject of stochastic optimization integrates sophisticated knowledge in probability theory, functional analysis, dynamical systems and computer simulation. Our pedagogical formula focuses on individual needs and goals, and we will emphasize understanding through hands-on experience with examples and computer exercises. We will provide a full set of lecture notes with the mathematical detail.

Syllabus

• Overview of deterministic non-linear constrained optimization
• The iterative method as an Ordinary Dierential Equation
• Stochastic approximation methodology
• Asymptotic eciency of numerical algorithms
• Statistical estimation of gradients, sensitivity analysis
• Stochastic approximation at work (examples of applications and case studies)
• Discrete optimisation: MCMC, simulated annealing, randomised methods, evolutionary algorithms.

Prerequisites

A good background in probability and statisics. Some experience with computer simulation. This course will be suitable for students specializing in Computer Science, Mathematics and Statistics, Electrical and Computer Engineering, Bioinformatics and Geography.

Lectures

The course consists of an equivalent of 15 two-hour lectures with assigned reading. There will be student presentations of research projects. A full set of Lecture Notes will be provided with exercise suggestions.

Recent research papers will be recommended according to the interests of the students.

Historical Remarks

This course has evolved over the years to its present form. Parts of the material were developed earlier on from 1996 to 2004, as part of a course in Stochastic Modelling and Simulation that I taught at the Computer Science Department at the University of Montreal, with students in various joint programs in Computer Science, Management, Industrial Engineering, Finance, and Mathematics. I taught a preliminary version of this subject to graduate and postdoctoral students in Electrical Engineering at the University of Melbourne in 1999, and then as an Honours course for students in Mathematics and Statistics from 2004 to 2008. The current version was delivered as a Doctoral course for Engineering students in the University of Vienna in 2009. Students have expressed in their evaluations that they have enjoyed and appreciated the learning process just as much as the acquired knowledge, particularly through the research projects.

Currently, the lecture notes are being co-authored with Prof Bernd Heidergott (of the Vrije Universiteit) as a full book, incorporating our recent research on the subject of gradient estimation. The topic of stochastic modeling and simulation is my main research area. I have worked on it for many years and some of my publications are the result of renement of student projects, which they have co-authored. I love the subject and I try to communicate my enthusiasm to younger generations.