University of Chicago SUPERgroup

Topics in Computer Security: Data-Driven Security and Privacy (CMSC 33251-1)

Winter 2018
Tuesdays & Thursdays, 12:30p-1:50p, Cobb Hall 116

Course Staff

Blase Urblase@uchicago.eduRyerson 157By appointment
Mainack Mondalmainack@uchicago.eduYoung 4th FloorBy appointment

Course Description

This seminar covers current topics related to data's role within security and privacy. These topics may include: tracking technologies and data marketplaces; how machine learning is used to make decisions related to security and privacy; anomaly detection; empirical experiments' impact on security and privacy; and the potential for helping users better understand how data is impacting their security and privacy.

Logistics

• Syllabus (schedule and assignments)https://super.cs.uchicago.edu/topics18
• Piazza (announcements and discussion)https://piazza.com/uchicago/winter2018/cmsc332511/home

Readings and Textbooks

There is no textbook for the course. Instead, all course readings will be (open access) articles linked from the schedule below. If you lack background on core topics in computer security, Security Engineering by Ross Anderson and the Handbook of Applied Cryptography by Alfred Menezes, Paul van Oorschot and Scott Vanstone are both excellent references.

Course Requirements and Grading

• 10%Class participation
• 15%Leading two class discussions
• 15%Paper reviews
• 60%Research project

This class will have no exams. Final project presentations will be held on the last two days of class.

You are welcome to attend the seminar even if you are not taking the class for a letter grade. If you take the class for a letter grade, it counts as a systems elective for PhD students and as a CMSC elective (as well as towards honors credit) for undergraduates.

Class participation (10%)

This is a discussion-based graduate seminar course. You are expected to attend all class meetings and to participate actively in the discussion. Please mention to Blase or Mainack if you expect not to be able to attend a meeting of the class due to a conference or other major personal or professional obligation.

Leading two class discussions (15%)

You will be the discussion leader for class discussions of two different papers (on two different days). As the discussion leader, you must prepare roughly 15 minutes worth of slides that cover the main technical contributions of the paper, in addition to at least 10 discussion questions. Please include the paper authors, title, and publication venue, as well as your own name, on the title slide. Please include your discussion questions on the final slide or two in a proposed order. Prior to the beginning of class, please upload your slides as a PDF to the Piazza thread for that reading assignment.

Reading Reviews (15%)

We will read 25 research papers over the course of this seminar. You must complete the assigned reading prior to class so that you can participate fully in class discussions. To facilitate productive class discussions, you must submit a "review" of each of the two assigned papers to Piazza by 7am the day of each class. Each review should be its own Piazza private message that is tagged with the "Reviews" tag. Before each class, all of the reviews will be made visible to other students in the course. Late paper reviews will receive no credit.

Reviews should consist of three brief paragraphs of prose (not bullet points) in your own words using approximately the structure listed below:

Paragraph 1 (Summary):

  • What problem did this work attempt to solve?
  • Is this an important problem? Why / why not?
  • What are the main ideas and technical contributions of the work?
  • How does this approach compare to prior work?
  • How is the proposed solution evaluated?

Paragraph 2 (+/-):

  • What are the work's key strengths?
  • What are the work's key weaknesses?

Paragraph 3 (Reaction):

  • What parts of the work did you find most striking and thought-provoking?
  • What future work might you consider in this line of research?

Research Project (60%)

Students will work on a major projects in groups of size 1--3. We will suggest some projects, but you may also propose your own. As part of the project students will:

  • Tuesday, January 16th: Submit a rough draft of your project proposal (1 to 2 pages). The proposal should state your research questions; hypotheses (if any); general approach; and evaluation metrics.
  • Project groups will meet with Blase and Mainack from January 17th -- January 19th to refine their idea.
  • Tuesday, January 23rd: Submit a finalized version of your draft project proposal that also includes a timeline with checkpoints and deliverables at those checkpoints.
  • Tuesday, February 6th: Submit a written progress report. Your written progress report should describe your progress to date relative to your proposed timeline, note any problems you have run into, describe your updated plan for the rest of the quarter, and include any preliminary results or technical accomplishments. This written report should also include a draft related work section for your final paper.
  • Tuesday, February 20th: Submit a second written progress report following the same format as the first.
  • Tuesday, March 6th: Give a 15-minute final project presentation in class.
  • Friday, March 16th (11:59pm): Write a paper including an abstract, introduction (including research questions), related work, methodology, results, discussion, references, etc.

Students are encouraged to submit their project as a full paper to a conference with an appropriate deadline. A paper submission will likely require additional work after the end of the quarter.

Your final paper should be written in a style suitable for publication at a conference or workshop. The conference papers in the readings provide good examples of what a conference paper looks like and the style in which they are written. Papers should follow the sigconf template available as part of the ACM LaTeX template. However, your report for the class need not adhere to any particular conference's page limits and should obviously not be a blind submission.

Copyright Policy

All teaching materials in this class are copyrighted. Reproduction, redistribution and other rights solely belong to the instructor. In particular, it is not permissible to upload any or part of these materials to public or private websites without the instructor's explicit consent. Violating this copyright policy will be considered an academic integrity violation, with the consequences discussed above. Reading materials are also copyrighted by their respective publishers and cannot be reposted or distributed without prior authorization from the publisher.

Academic Integrity Policies

The University of Chicago has formal policies related to academic honesty and plagiarism. We abide by these standards in this course. Depending on the severity of the offense, you risk being dismissed altogether from the course. All cases will be referred to the Dean of Students office, which may impose further penalties, including suspension and expulsion. If you have any question about whether some activity would constitute cheating, please feel free to ask.

In addition, we expect all students to treat everyone else in the course with respect, following the norms of proper behavior by members of the University of Chicago community.

Wellness

If a personal emergency comes up that might impact your work in the class, please let Blase know so that the course staff can make appropriate arrangements.

University environments can sometimes be very overwhelming, and all of us benefit from support during times of struggle. You are not alone. There are many helpful resources available on campus and an important part of the college experience is learning how to ask for help. Asking for support sooner rather than later is often helpful. If you or anyone you know experiences any academic stress, difficult life events, or feelings like anxiety or depression, we strongly encourage you to seek support. The University of Chicago's counseling services are here to support you. Consider also reaching out to a friend, faculty or family member you trust for help getting connected to the support that can help.

If you or someone you know is feeling suicidal or in danger of self-harm, call someone immediately, day or night:
• Student Counseling Urgent Care: (773)702-9800 or in person.
• National Suicide Prevention Lifeline: 1-800-273-8255

Schedule

01. Thursday, January 4

Introduction and Planning

Due: Nothing

Required readings:

  • None

02. Tuesday, January 9

Machine Learning for Good

Due: Reading reviews

Required readings:

03. Thursday, January 11

Machine Learning for Good

Due: Reading reviews

Required readings:

04. Tuesday, January 16

Machine Learning for Evil

Due: Reading reviews and draft project proposal

Required readings:

05. Thursday, January 18

Machine Learning for Evil

Due: Reading reviews

Required readings:

06. Tuesday, January 23

Fairness, Accountability, and Transparency in Data-Driven Systems

Due: Reading reviews and finalized project proposal

Required readings:

07. Thursday, January 25

Fairness, Accountability, and Transparency in Data-Driven Systems

Due: Reading reviews

Required readings:

08. Tuesday, January 30

Tracking and Inferencing

Due: Reading reviews

Required readings:

09. Thursday, February 1

Tracking and Inferencing

Due: Reading reviews

Required readings:

10. Tuesday, February 6

Data-Driven Methods on the Web

Due: Reading reviews and first project status report

Required readings:

11. Thursday, February 8

Data-Driven Methods on the Web

Due: Reading reviews

Required readings:

12. Tuesday, February 13

Identifying and Visualizing Anomalous Behavior

Due: Reading reviews

Required readings:

13. Thursday, February 15

Identifying and Visualizing Anomalous Behavior

Due: Reading reviews

Required readings:

14. Tuesday, February 20

The Data Science of Malware

Due: Reading reviews and second project status report

Required readings:

15. Thursday, February 22

The Data Science of Malware

Due: Reading reviews

Required readings:

16. Tuesday, February 27

Cybercriminals Are Data Scientists, Too

Due: Reading reviews

Required readings:

17. Thursday, March 1

Cybercriminals Are Data Scientists, Too

Due: Reading reviews

Required readings:

18. Tuesday, March 6

Final project presentations

Due: Final project presentations (before class on March 6), as well as final project report (Friday, March 16 at 11:59pm)

Required readings:

  • None