Skip to content

Foundations of Computer Security

[COURSECODE] Autumn 2025

Overview

Overview text

Content

Course Information

  • Staff
    • Instructor: Anwar Hithnawi
    • TAs: TODO
  • E-mail: ahithnawi@cs.toronto.edu
  • Time & Location:
    • Lecture: Time: Mon 9:00-11:00 am. Room BA1180
    • Discussion: Time: Wed 10:00-11. Room: BA1130
  • Office Hours: By appointment. Use this link to book an appointment. TODO: Check link

Important Links

All course materials, including the schedule, lecture slides, and readings, will be available on the course website.

Prerequisites

TODO check this text

A general background in computer systems and cryptography is required. There is no required textbook for this course. For a refresher on security concepts, you can consult the Berkeley Introduction to Security Textbook and for cryptography, see A Graduate Course in Applied Cryptography.

Course Evaluation

  • Homework (10%)
    • Four homework assignments, weighted equally
    • Completed individually
    • No credit for late submissions unless an extension is granted
    • Graded via MarkUs
  • Projects (20%)
    • Two projects:
      • Project 1 (10%)
      • Project 2 (10%)
    • Can be completed individually or in groups of 2
    • No credit for late submissions unless an extension is granted
    • Graded via MarkUs
  • Midterm Exam (30%)
  • Final Exam (40%)

Late Policy

TODO Check

  • Paper reviews: No reviews are accepted once the class has started. You may skip reviews for two papers without penalty.

  • Project proposal and final report: If your project proposal or final report is submitted late, 20% will be deducted from the grade for each day it is overdue.

Policy on the Use of Artificial Intelligence

Large-language model-based tools (e.g., ChatGPT) can be very helpful, and you are encouraged to leverage them. However, please do not use them in any way that trivializes the assignments or bypasses the course's learning objectives. If you have doubts about permissible usage, please check with the instructor first.

Course Deadlines

Homework / Project / ExamAnnouncedDue
Homework 1Sep 8Sep 22
Project 1Sep 15Sep 29
Homework 2Sep 29Oct 6
Midterm-Oct 20
Homework 3Oct 27Nov 10
Homework 4Nov 10Nov 24
Project 2Nov 3Nov 24

Project 1: Secure Messaging System

Project 2: Vulnerability Detection Tool

Schedule and Readings

The schedule may be adjusted as the semester progresses; any changes will be announced in class and on Quercus. TODO check

(2h lecture per week; Mon 9-11 am; Room: BA 1180, 1h Discussion Wed 10-11 Room: BA 1130. Fall term – no class during UofT Reading Week in mid‑October)

#WeekCore Lecture TopicsTutorials (Wed 10-11 that week)Readings
1Sep 8Security principles & threat modeling - CIA goals, design principles, attacker thinking.Tutorial: Math foundations for cryptography
HW #1 out
2Sep 15Symmetric crypto foundations - PRGs, block ciphers, modes.Project 1 announced.
Project 1 design check and help session
3Sep 22Integrity & authentication - Hashes, MACs, AE.Tutorial: Intro to computer networks(1)
HW #1 due; solution discussion
4Sep 29Public-key crypto & PKI - DH, RSA, signatures, certs.Tutorial: Intro to computer networks (2)
HW #2 out; Project 1 due
5Oct 6Secure transport & messaging - TLS, Signal, HTTPS pitfalls.Tutorial: Intro to operating systems
HW #2 due
6Oct 13HolidayEthics Module
7Oct 20Memory-safety & control-flow attacks - Buffer/heap overflows, ROPMidterm
8Oct 27Reading WeekReading Week
HW #3 out
9Nov 3Defences & isolation - ASLR, DEP, CFI; sandboxing, containersProject 2 lab announced
10Nov 10Operating-system security - AuthN/Z, reference monitor, privilege separation.
Network security I - Threats, spoofing, TCP hijack, DNS, firewalls/IDS.		HW #3 due; HW #4 out
11Nov 17Web security I - Browser model, SOP, XSS, CSRF.Project 2 lab help session-
12Nov 24Web security II & privacy - SQLi, session bugs, Tor, malware survey.Project 2 due; HW #4 due
13Dec 1Advanced topics & wrap-up - ZK proofs, MPC, differential privacy