Security is pervasive: it impacts everything around us. Security is 
also never ending: as researchers in other fields build new systems, 
security concerns come along with it. At the center of security is the 
security of systems, i.e., security you can touch. This course explores 
seminal and recent papers on attacking and defending systems. Papers 
covered focus on application security, IOT security, and hardware security. 

The goal of this semester's offering (Sp22) is to survey research addressing the 
automated assessment of software and hardware functionality in the vein of identifying 
and eliminating bugs. Both software and hardware continue to rapidly increase in complexity. 
This complexity comes with bugs and some bugs represent a security vulnerability. Preventing 
the deployment of security vulnerabilities requires tools for efficiently detecting bugs. 
The most effective tool for finding bugs used in both industry and academia today is the 
coverage-guided mutational fuzz tester. 

This course will provide a foundation for future work in both software and hardware 
fuzz testing, with an emphasis on security. The main deliverable for the course will be 
a group project where students will build their own bug hunting platform (targeting either 
software or hardware). The project will allow students to add their own advancements to 
one of the many open-source fuzz testing platforms---or even create their own platform from 
scratch. In addition to the group project, students will be responsible for presenting several 
research papers to the class as well as contextualizing them in the form of an annotated bibliography. 

Prerequisites: CS 5204 OR CS 5214