Instructor: Habiba Farrukh
Credits: 4
Lectures: MW 3:30 - 4:50 PM, DBH 1300
Class space: Canvas
Office hours:
By appointment

Course Description

Computing platforms are constantly evolving to meet the diverse needs of users and enable automation in several aspects of daily life. While these emerging platforms enable several useful applications, they are also an attractive target for adversaries. In this course, we will focus on essential and contemporary research in the security and privacy of these platforms. The course will investigate the core challenges in the security and privacy of computer systems that consistently resurface in various guises across multiple platforms. Topics will include the security and privacy of mobile systems, the Internet of Things, augmented and virtual reality (AR/VR), and autonomous and machine learning systems. Students will work on research projects and gain hands-on experience evaluating and designing secure systems.

Although there are no hard requirements, the course is most suitable for students with a programming background (e.g., an undergraduate computer programming course).

Grading

There will be no exams. Instead, the grade will be based on the following:

Reading Summaries (10%) – For each class, students are expected to read the assigned paper and write a one-page summary of the paper. The summaries will be due at 11:59 pm PDT before each class via Canvas Assignments. Please find out more details here.

Homeworks (10%) – There will be a few written homeworks.

Active class participation (10%) - All students are expected to fully participate in all class activities to gain the most benefits from the class. Students should come to class prepared to discuss any assigned readings and provide their perspectives on these readings. Students are also expected to participate in group discussions and other in-class activities. The effectiveness of the course depends on the quality of student participation, willingness to internalize the skills and concepts covered in the course, and efforts to apply them to real-world settings.

Paper presentation and discussion lead (20%) – Depending on the number of students enrolled, each student is expected to sign up to lead the discussion for the assigned readings in one or two sessions. The discussion lead in a session will not be expected to submit the reading summaries for that session. Please find out more details about the discussion lead's tasks here.

Research Project (50%) – Throughout the course, students will work individually or in small groups (up to 3 students) to conduct a research project. The project will be evaluated according to the group size. Students will have the option to choose from a list of potential project topics or propose their own research idea after discussion with the instructor. At the end of the course, students will write a research report on the project (publishable in a security and privacy workshop/conference) and present their progress to the class. Students are encouraged to submit their research as a full paper or a poster to a security and privacy (e.g., IEEE S&P, USENIX) venue. Submitting a full paper to these venues requires additional work beyond the quarter. The instructor will mentor students interested in continuing their research projects and submitting them to the appropriate venues. Please find out more details about project guidelines and deliverables here.

Schedule

The tentative list of topics and schedule is given below. The topics and the weeks in which they are presented might change in the future. Please check back here frequently.

Most papers should be publicly accessible online. If any links are broken below, please notify the instructor. If accessing any papers requires a paid subscription, you can access them for free on-campus by connecting to campus WiFi. For off-campus access, please try UCI VPN.

Week Date Topics & Readings Deadlines
Week 1 04/01/2024 Course Introduction
04/03/2024 Intro to Security and Privacy of Emerging Platforms
Week 2 04/08/2024 50 Ways to Leak Your Data: An Exploration of Apps' Circumvention of the Android Permissions System
04/10/2024 StealthyIMU: Stealing Permission-protected Private Information From Smartphone Voice Assistant Using Zero-Permission Sensors
Week 3 04/15/2024 The Danger of Minimum Exposures: Understanding Cross-App Information Leaks on iOS through Multi-Side-Channel Learning Homework 1 Due
04/17/2024 AuthentiSense: A Scalable Behavioral Biometrics Authentication Scheme using Few-Shot Learning for Mobile Platforms
Week 4 04/22/2024 Who's In Control? On Security Risks of Disjointed IoT Device Management Channels
04/24/2024 Project Proposal Presentations
Week 5 04/29/2024 Are Consumers Willing to Pay for Security and Privacy of IoT Devices? Project Proposals Due
05/01/2024 When the User Is Inside the User Interface: An Empirical Study of UI Security Properties in Augmented Reality
Week 6 05/06/2024 It’s all in your head(set): Side-channel attacks on AR/VR systems
05/08/2024 No class
Week 7 05/13/2024 SoundLock: A Novel User Authentication Scheme for VR Devices Using Auditory-Pupillary Response
05/15/2024 Unique Identification of 50,000+ Virtual Reality Users from Head & Hand Motion Data
Week 8 05/20/2024 SneakyPrompt: Jailbreaking Text-to-image Generative Models
05/22/2024 Evading Watermark based Detection of AI-Generated Content
Week 9 05/27/2024 Memorial Day - No Class
05/29/2024 Students' Choice
Week 10 06/03/2024 Project Presentations
06/05/2024
Week 11 Project Final Reports Due

Academic Integrity

Learning, research, and scholarship depend upon an environment of academic integrity and honesty. This environment can be maintained only when all participants recognize the importance of upholding the highest ethical standards. All student work, including quizzes, exams, reports, and papers, must be the work of the individual receiving credit. Academic dishonesty includes, for example, cheating on examinations or any assignment, plagiarism of any kind (including improper citation of sources), having someone else take an examination or complete an assignment for you (or doing this for someone else), or any activity in which you represent someone else’s work as your own. Violations of academic integrity will be referred to the Office of Academic Integrity and Student Conduct. The impact on your grade will be determined by the individual instructor’s policies. Please familiarize yourself with UCI’s Academic Integrity Policy and speak to the instructor if you have any questions about what is and is not allowed in this course.


Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this class, we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter and spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and expulsion from the university.

When in doubt, please contact the instructor for advice. Do not undertake any action that could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.