|
| 1 | +<meta charset="utf-8"><!-- -*- markdown -*- --> |
| 2 | + **CSE 291-?: Building Secure Systems with Rust** |
| 3 | + [*Deian Stefan*](https://cseweb.ucsd.edu/~dstefan/) and [*Evan Johnson*](https://enjhnsn2.github.io/) |
| 4 | + |
| 5 | +About |
| 6 | +============================================================== |
| 7 | + |
| 8 | +This course will explore how using a language like Rust with a powerful type |
| 9 | +system and strong safety guarantees affects the design of secure systems. Do the |
| 10 | +safety guarantees provided by Rust (e.g., memory safety) make it easier |
| 11 | +to provide stronger guarantees using techniques like verification? What classes |
| 12 | +of vulnerabilities can we completely eliminate by cleverly taking advantage of Rust's |
| 13 | +type system? Where and how do Rust's safety guarantees break down when applied |
| 14 | +to low-level systems code? To (start to) answer these questions, students will read, |
| 15 | +present, and discuss recent research papers in the field and conduct a relevant |
| 16 | +quarter-long research project in small groups. |
| 17 | + |
| 18 | +Lectures: |
| 19 | +: Day TBD, Time TBD, Location TBD |
| 20 | + |
| 21 | +Staff: |
| 22 | +: **Instructors**: Deian Stefan and Evan Johnson |
| 23 | + |
| 24 | +Office hours: |
| 25 | +: **Deian**: TBD |
| 26 | +: **Evan**: TBD |
| 27 | + |
| 28 | +Class discussion: |
| 29 | +: We'll use the CSE slack channel `cse291?-fall24` |
| 30 | + |
| 31 | +Calendar and Readings |
| 32 | +============================================================== |
| 33 | + |
| 34 | + |
| 35 | +<!-- Tue Apr 2 2024: Introduction |
| 36 | +
|
| 37 | +Thu Apr 4 2024: Rust |
| 38 | +- *Reading*: |
| 39 | +- *Optional reading*: |
| 40 | +
|
| 41 | +Tue Apr 9 2024: |
| 42 | +Tue Apr 9 2024: |
| 43 | +
|
| 44 | +Tue Apr 9 2024: |
| 45 | +Tue Apr 9 2024: |
| 46 | +
|
| 47 | +Tue Apr 9 2024: |
| 48 | +Tue Apr 9 2024: |
| 49 | +
|
| 50 | +Tue Apr 9 2024: |
| 51 | +Tue Apr 9 2024: |
| 52 | +
|
| 53 | +Tue Apr 9 2024: |
| 54 | +Tue Apr 9 2024: |
| 55 | +
|
| 56 | +Tue Apr 9 2024: |
| 57 | +Tue Apr 9 2024: |
| 58 | +
|
| 59 | +Tue Apr 9 2024: |
| 60 | +Tue Apr 9 2024: |
| 61 | +
|
| 62 | +Tue Apr 9 2024: |
| 63 | +Tue Apr 9 2024: |
| 64 | +
|
| 65 | +Tue Apr 9 2024: |
| 66 | +Tue Apr 9 2024: --> |
| 67 | + |
| 68 | + |
| 69 | +<!-- |
| 70 | +Thu Apr 4 2024: Bitcoin |
| 71 | + - *Reading*: |
| 72 | + - [Bitcoin: A Peer-to-Peer Electronic Cash System](https://bitcoin.org/bitcoin.pdf), by Satoshi Nakamoto |
| 73 | + - Block Chain, Transactions, P2P Network sections from [Bitcoin Developer Guide](https://developer.bitcoin.org/reference/) |
| 74 | +
|
| 75 | + - *Optional reading*: |
| 76 | + - [A Deep Dive into Bitcoin Mining Pools](https://arxiv.org/pdf/1905.05999.pdf) by Matteo Romiti et al. |
| 77 | +
|
| 78 | +Tue Apr 9 2024: Security of Bitcoin |
| 79 | + - *Reading*: |
| 80 | + - [Majority is not Enough: Bitcoin Mining is Vulnerable](https://arxiv.org/abs/1311.0243) by Ittay Eyal and Emin Gun Sirer |
| 81 | + - [On the Instability of Bitcoin Without the Block Reward](https://www.cs.princeton.edu/~arvindn/publications/mining_CCS.pdf) by Miles Carlsten et al. |
| 82 | +
|
| 83 | +Thu Apr 11 2024: Bitcoin hacks |
| 84 | + - [*Slides*](./slides/bitcoin-hacks.pdf) |
| 85 | + - *Reading*: |
| 86 | + - [On the Malleability of Bitcoin Transactions](https://fc15.ifca.ai/preproceedings/bitcoin/paper_9.pdf) by Marcin Andrychowicz et al. |
| 87 | + - [Mt. Gox: What We Still Don’t Know 10 Years After the Collapse](https://www.coindesk.com/consensus-magazine/2024/02/28/mt-gox-what-we-still-dont-know-10-years-after-the-collapse/) by Mark Hunter |
| 88 | + - *Optional reading*: |
| 89 | + - [The Bitcoin Brain Drain: Examining the Use and Abuse of Bitcoin Brain Wallets](https://jbonneau.com/doc/VBCKM16-FC-bitcoin_brain_wallets.pdf) by Marie Vasek et al. |
| 90 | +
|
| 91 | +Tue Apr 16 2024: Guest talk |
| 92 | + - *Speaker*: [David Anderson](https://www.cs.cmu.edu/~dga/), Carnegie Mellon University. |
| 93 | +
|
| 94 | +Thu Apr 18 2024: Ethereum (proof of stake) |
| 95 | + - [*Slides*](./slides/ethereum.pdf) |
| 96 | + - *Reading*: |
| 97 | + - [Ethereum docs](https://ethereum.org/en/developers/docs/) |
| 98 | + - *Optional*: |
| 99 | + - [Ethereum: A secure decentralised generalised transaction ledger -- EIP-150 revision](https://gavwood.com/paper.pdf) by Gavin Wood |
| 100 | +
|
| 101 | +Tue Apr 23 2024: Ethereum (smart contracts) |
| 102 | + - [*Slides*](./slides/ethereum.pdf) |
| 103 | + - *Reading*: |
| 104 | + - [Solidity](https://docs.soliditylang.org/en/latest/) |
| 105 | + - [ERC-4337](https://eips.ethereum.org/EIPS/eip-4337) |
| 106 | +
|
| 107 | +Thu Apr 25 2024: Bitcoin tracing |
| 108 | + - [*Slides*](./slides/tracing.pdf) |
| 109 | + - *Reading*: |
| 110 | + - [A Fistful of Bitcoins: Characterizing Payments Among Men with No Names](https://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf) by Sarah Meiklejohn et al. |
| 111 | + - *Optional reading*: |
| 112 | + - [How to Peel a Million: Validating and Expanding Bitcoin Clusters](https://smeiklej.com/files/usenix22.pdf) by George Kappos et al. |
| 113 | +
|
| 114 | +Tue Apr 30 2024: Mixers |
| 115 | + - [*Slides*](./slides/anti-tracing.pdf) |
| 116 | + - *Reading*: |
| 117 | + - [Mixcoin: Anonymity for Bitcoin with accountable mixes](https://jbonneau.com/doc/BNMCKF14-FC-mixcoin_proceedings.pdf) by Joseph Bonneau et al. |
| 118 | + - [Bitcoin Fog](https://www.wired.com/story/bitcoin-fog-dark-web-cryptocurrency-arrest/) |
| 119 | + - *Optional*: |
| 120 | + - [How Tornado Cash Works](https://www.rareskills.io/post/how-does-tornado-cash-work) |
| 121 | +
|
| 122 | +Thu May 2 2024: Guest talk |
| 123 | + - *Speaker*: [Eun Young Choi](https://www.linkedin.com/in/eun-young-choi-9900474/), US Department of Justice. |
| 124 | +
|
| 125 | +Tue May 7 2024: MEV and frontrunning |
| 126 | + - [*Slides*](./slides/mev.pdf) |
| 127 | + - *Reading*: |
| 128 | + - [Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges](https://arxiv.org/pdf/1904.05234.pdf) by Philip Daian et al. |
| 129 | + - [Quantifying Blockchain Extractable Value: How dark is the forest?](https://arxiv.org/pdf/2101.05511.pdf) by Kaihua Qin et al. |
| 130 | + - *Optional*: |
| 131 | + - [Time to Brige: Measuring Block Construction Markets](https://arxiv.org/pdf/2305.16468.pdf) by Anton Wahrstätter et al. |
| 132 | +
|
| 133 | +Thu May 9 2024: DeFi: Stablecoins, lending protocols, swaps and DEXes |
| 134 | + - [*Slides*](https://ucsdcloud-my.sharepoint.com/:p:/r/personal/dstefan_ucsd_edu/Documents/defi.pptx?d=w25a50253202c4e829ae5ba2338a985e6&csf=1&web=1&e=zTaz7p) |
| 135 | + - *Reading*: |
| 136 | + - [Uniswap](https://uniswapv3book.com/) |
| 137 | + - *Optional*: |
| 138 | + - [Compound: The Money Market Protocol](https://compound.finance/documents/Compound.Whitepaper.pdf) |
| 139 | + - [Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit](https://arxiv.org/abs/2003.03810) by Kaihua Qin et al. |
| 140 | + - *Optional*: |
| 141 | + - [Reducing the Volatility of Cryptocurrencies -- A Survey of Stablecoins](https://arxiv.org/ftp/arxiv/papers/2103/2103.01340.pdf) by Ayten Kahya et al. |
| 142 | +
|
| 143 | +Tue May 14 2024: Guest talk |
| 144 | + - *Speaker*: [Iam Miers](https://www.cs.umd.edu/~imiers/), University of Maryland. |
| 145 | +
|
| 146 | +Thu May 16 2024: Class cancelled (work on your projects) |
| 147 | +
|
| 148 | +Thu May 21 2024: Guest talk |
| 149 | + - *Speaker*: [Nicolas Christin](https://www.andrew.cmu.edu/user/nicolasc/), Carnegie Mellon University. |
| 150 | +
|
| 151 | +Tue May 23 2024: DeFi Hacks |
| 152 | + - *Reading*: |
| 153 | + - [Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit](https://arxiv.org/abs/2003.03810) by K. Qin et al. |
| 154 | + - [SoK: Decentralized Finance (DeFi) Attacks](https://arxiv.org/pdf/2208.13035.pdf) by Liyi Zhou et al. |
| 155 | +
|
| 156 | +Tue May 28 2024: Cross-chain bridges |
| 157 | + - [*Slides*](./slides/briges.pdf) |
| 158 | + - *Reading*: |
| 159 | + - [zkBridge: Trustless Cross-chain Bridges Made Practical](https://dl.acm.org/doi/abs/10.1145/3548606.3560652) by Tiancheng Xie et al. |
| 160 | +
|
| 161 | +Thu May 30 2024: Bridge hacks |
| 162 | + - *Reading*: |
| 163 | + - [SoK: Security of Cross-chain Bridges: Attack Surfaces, Defenses, and Open Problems](https://arxiv.org/abs/2312.12573) by Zhang et al. |
| 164 | +
|
| 165 | +Tue Jun 4 2024: Avalanche |
| 166 | + - *Reading*: |
| 167 | + - [Scalable and Probabilistic Leaderless BFT Consensus through Metastability](https://arxiv.org/pdf/1906.08936) |
| 168 | + - [Vryx: Fortifying Decoupled State Machine Replication](https://hackmd.io/@patrickogrady/rys8mdl5p#Vryx-Fortifying-Decoupled-State-Machine-Replication) by P. O'Grady |
| 169 | + - [Frosty: Bringing strong liveness guarantees to the Snow family of consensus protocols.](https://arxiv.org/pdf/2404.14250) by A. Buchwald et al. |
| 170 | +
|
| 171 | +Thu Jun 6 2024: Regulation and crypto |
| 172 | + - *Reading*: |
| 173 | + - [Cryptocurrency: Selected Policy Issues](https://crsreports.congress.gov/product/pdf/R/R47425) by Paul Tierno |
| 174 | + - [Blockchain in Finance: Legislative and Regulatory Actions Are Needed to Ensure Comprehensive Oversight of Crypto Assets](https://www.gao.gov/products/gao-23-105346) by US General Accountability Office (just read summary) |
| 175 | + --> |
| 176 | + |
| 177 | + |
| 178 | +<style class="fallback">body{visibility:hidden;white-space:pre;font-family:monospace}</style><script src="markdeep.min.js"></script> |
| 179 | +<script> |
| 180 | + window.alreadyProcessedMarkdeep || (document.body.style.visibility="visible"); |
| 181 | + markdeepOptions= {tocStyle: 'short', sortScheduleLists: false }; |
| 182 | +</script> |
| 183 | + |
0 commit comments