Operating System Security Spring 2021

This course provides an in-depth examination of issues in operating system security, and assumes prior knowledge of fundamental security concepts. We will be studying research in securing computer and operating systems, with a focus on the design of authorization systems and a thorough examination of concepts, past and present, that continue to be influential in secure systems design. Topics will include protection systems, foundational security principles, classic approaches to system security, system vulnerabilities, mandatory access controls in research and commercial operating systems, capability systems, virtual machines, and security kernels. Selected seminal and current papers in the field will also aid in providing context and further understanding of the area.

Professors Adam Bates
Office hours: By Appointment
TA Wajih Ul Hassan
Office hours: By appointment
Lectures Tue./Thu.: 3:30pm – 4:45pm Online Zoom Classroom
Format This class will be 100% online and synchronous. There will be an asynchronous option for students that are unable to attend class at the scheduled time (e.g., local time zone is European / Asian, low-speed Internet access).
Required Text Book This semester, we will be reading about seminal contributions in the OS security space through Trent Jaeger's Operating System Security text book. Roughly 50% of the assigned readings will come from this book, so it is a required text. The textbook is on hold at the university of bookstore and is also available at an affordable price on Amazon.
Communications We will make use of the following communication methods during this course:

  • Lectures, Discussions, Office Hours: Zoom
  • Lecture Slides: This website
  • Class Discussion/Organization: Piazza
  • Lecture Recordings, Quizzes, and Grades: Compass2g
Resources Security and Privacy Research at Illinois
Security Course Roadmap


We'll calculate your course grade based on these components:
Class Participation 10% Students are expected to attend every class and actively participate in class discussions.
Weekly Assessments 20% Weekly assignments (e.g., quizzes, paper summaries) to check that you followed the week's lectures. Details to follow.
Paper Presentations 30% Students will present research papers and lead the ensuing class discussion. The number of presentations required will be determined by the number of student enrolled in the course.
Course Project 40% Students will conduct a major research project in the area of operating system security, with the chief deliverable being a conference-style paper at the end of the semester. Project topics will be discussed in class after the introductory material is completed. As part of the term project, there will be another milestones throughout the semester (e.g., project proposals) that will be graded as homework assignment and discussed with the intructors outside of class. Projects teams may include groups of up to 2 students; however, groups of greater size will be expected to make greater progress. The instructors will advise each team/individual independently as needed. The project grade will be a combination of grades received for a number of milestone artifacts and the final conference-quality report.

Statement on Mental Health

Diminished mental health, including significant stress, mood changes, excessive worry, substance/alcohol abuse, or problems with eating and/or sleeping can interfere with optimal academic performance, social development, and emotional wellbeing. The University of Illinois offers a variety of confidential services including individual and group counseling, crisis intervention, psychiatric services, and specialized screenings at no additional cost. If you or someone you know experiences any of the above mental health concerns, it is strongly encouraged to contact or visit any of the University’s resources provided below. Getting help is a smart and courageous thing to do -- for yourself and for those who care about you.

Counseling Center: 217-333-3704, 610 East John Street Champaign, IL 61820

McKinley Health Center:217-333-2700, 1109 South Lincoln Avenue, Urbana, Illinois 61801

Ethics, Law, and University Policies Warning

This course will include topics related computer security and privacy. As part of this investigation we may cover technologies whose abuse could infringe on the rights of others. As computer scientists, we rely on the ethical use of these technologies. Unethical use includes circumvention of an existing security or privacy mechanisms for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possibly more severe academic and legal sanctions.

Acting lawfully and ethically is your responsibility. Carefully read the Computer Fraud and Abuse Act (CFAA), a federal statute that broadly criminalizes computer intrusion. This is one of several laws that govern “hacking.” Understand what the law prohibits — you don’t want to end up like this guy. If in doubt, we can refer you to an attorney.

Please review the Campus Administrative Manual (especially Policy on Appropriate Use of Computers and Network Systems at the University of Illinois at Urbana-Champaign) for guidelines concerning proper use of information technology at Illinois, as well as the Student Code (especially 1-302 Rules of Conduct, 1‑402 Academic Integrity Infractions). As members of the university, you are required to abide by these policies.

Academic Integrity

The University of Illinois at Urbana-Champaign Student Code should also be considered as a part of this syllabus. Students should pay particular attention to Article 1, Part 4: Academic Integrity. Read the Code at the following URL: http://studentcode.illinois.edu/.

Academic dishonesty may result in a failing grade. Every student is expected to review and abide by the Academic Integrity Policy: http://studentcode.illinois.edu/. Ignorance is not an excuse for any academic dishonesty. It is your responsibility to read this policy to avoid any misunderstanding. Do not hesitate to ask the instructor(s) if you are ever in doubt about what constitutes plagiarism, cheating, or any other breach of academic integrity.

Sale or Distribution of Lecture Notes or Course Materials

As documented by 1-302 Rules of Conduct of the student code, "No student shall sell, deliver or distribute copyrighted lecture notes or other course materials without the express permission of the copyright holder. An example of an infraction would include posting on a website or selling instructor copyrighted slides, lecture notes or other expressions fixed in a medium."

Disability-Related Accomodations

To obtain disability-related academic adjustments and/or auxiliary aids, students with disabilities must contact the course instructor and the Disability Resources and Educational Services (DRES) as soon as possible. To contact DRES, you may visit 1207 S. Oak St., Champaign, call 333-4603, e-mail disability@illinois.edu or go to https://www.disability.illinois.edu. If you are concerned you have a disability-related condition that is impacting your academic progress, there are academic screening appointments available that can help diagnosis a previously undiagnosed disability. You may access these by visiting the DRES website and selecting “Request an Academic Screening” at the bottom of the page.

Sexual Misconduct Reporting Obligation

The University of Illinois is committed to combating sexual misconduct. Faculty and staff members are required to report any instances of sexual misconduct to the University’s Title IX Office. In turn, an individual with the Title IX Office will provide information about rights and options, including accommodations, support services, the campus disciplinary process, and law enforcement options.

A list of the designated University employees who, as counselors, confidential advisors, and medical professionals, do not have this reporting responsibility and can maintain confidentiality, can be found here: wecare.illinois.edu/resources/students/#confidential.

Other information about resources and reporting is available here: wecare.illinois.edu.

Religious Observances

Illinois law requires the University to reasonably accommodate its students' religious beliefs, observances, and practices in regard to admissions, class attendance, and the scheduling of examinations and work requirements. You should examine this syllabus at the beginning of the semester for potential conflicts between course deadlines and any of your religious observances. If a conflict exists, you should notify your instructor of the conflict and follow the procedure at https://odos.illinois.edu/community-of-care/resources/students/religious-observances/ to request appropriate accommodations. This should be done in the first two weeks of classes.

Emergency Response Recommendations

Emergency response recommendations can be found at the following website: http://police.illinois.edu/emergency-preparedness/. I encourage you to review this website and the campus building floor plans website within the first 10 days of class. http://police.illinois.edu/emergency-preparedness/building-emergency-action-plans/

Family Educational Rights and Privacy Act (FERPA)

Any student who has suppressed their directory information pursuant to Family Educational Rights and Privacy Act (FERPA) should self-identify to the instructor to ensure protection of the privacy of their attendance in this course. See http://registrar.illinois.edu/ferpa for more information on FERPA.