CS 656 - Advanced Topics in Security

Special Focus on Security in Cloud Computing


Investigating emerging areas in computer security.


CS 656B is a research oriented class that focuses on new and emerging areas in computer security. In Spring 2013 we will investigate different aspects of security in cloud computing.

Cloud computing is a fairly new and emerging paradigm that is characterized by four major attributes:

Among these multi-tenancy, in particular, introduces several novel security challenges.  These challenges arise from the co-residency of machines (virtual machines, database engines etc.) and other resources (such as hardware or storage) owned by different customers that places these resources in the same privileged position in the cloud with respect to one another. This makes security vulnerabilities at the cloud infrastructure level particularly critical to the cloud environment. A guest operating system can exploit vulnerabilities in the hypervisor and run processes on other guests or the host. Security breaches such as unauthorized connections, unauthorized leakage of information, unmonitored login attempts, malware propagation etc., can arise in one client and potentially propagate to another easily. One such exploit was demonstrated in a recent work1 where the internal cloud infrastructure was mapped to identify where a target virtual machine (VM) is likely to reside and then that information was used to mount cross-VM side-channel attacks to extract sensitive information from the target VM.  It is therefore vitally important that proper security controls be employed for the protection of tenant resources from un-authorized disclosure and modification, segregation of tenants from one another, and isolation of compute, storage and network resources of the cloud provider from tenants.

We will investigate various aspects of security in Cloud Computing.

1T. Ristenpart, E. Tromer, H. Shacham, and S. Savage. Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Compute Clouds. In Proceedings of the 16th ACM Conference on Computer and Communications Security, Chicago, IL, November 2009.


  1. Previous enrollment in CS 556 - Computer Security or equivalent, or permission of instructor.

Course Objectives

By the end of the course, students should be able to:


The course is geared toward graduate students in computer science, math, and information technology students who already have exposure to system design principles.


There is no required text for this course. You are expected to read and understand the papers given in the Reading Assignments. Most papers are self contained; however, often you will often have to do additional reading to understand the material.

CS 656 Web Page:

When & Where

The class meets once a week for 2.5 hours to give ample time for discussion.

    Meeting Time and Location: Tuesdays 2:00 pm - 4:30pm, COMSC 425.

This is a seminar type class.

Course Organization

The course has the following components:

  1. Class presentation: Every week, we will select two papers to read. All students are required to read the papers. One student will be responsible for presenting the paper and leading the discussion in class. The student should prepare for approximately an hour presentation of the paper (between 30 - 40 slides - more if needed) and related material (which can be from other papers that the student identify).
  2. Class participation: Students who are not presenting in a particular class are expected to come prepared to actively participate in the class discussion. By the beginning of the class, the student is expected to write a (minimum) 1 page review/critique of the paper and give it to the instructor. The review should contain at least 5 questions about the paper (and / or related relevant papers) that would form the basis of the student's participation in the class. Each student should do this review independently. It is possible (and okay) that two students will have the same or similar questions to ask.
  3. Mini-research exam: Each student has to write a mini-research exam report based on 3 papers on the same topic including the one presented by the student. The mini-research exam report should be about 5 pages long.
  4. Term paper: Each student also has to write and present a term paper.


Following is tentative schedule for this class. Note that as the term progresses we are most likely to digress quite a bit.

  1. January 22 - First day of classes. Presentation by instructor. Discussion about term paper.
  2. January 29 - Paper presentation. Term paper topic selection
  3. February 5 - Paper presentation
  4. February 12 - Paper presentation
  5. February 19 - No class (Instructor traveling)
  6. February 26 - Paper presentation
  7. March 5 - Paper presentation
  8. March 12 - Paper presentation
  9. March 19 - No class (Spring Break)
  10. March 26 - Paper presentation
  11. April 2 - Paper presentation
  12. April 9 - Research exam presentation
  13. April 16 Research exam presentation
  14. April 23 - Paper presentation
  15. April 30 - Term paper presentation
  16. May 7 - Term paper presentation

Grading Policy

The final grade for this course will be computed as follows:

Class Presentation
Class Participation
Mini Research Exam
Term Paper
Term Paper Presentation

The final letter grades for the course are based on your final class average. Grades are typically assigned according to the table below. However, since this is a research oriented class, a good term paper (of publishable quality, based on the subjective judgment of the instructor) can get you an A in the class.

96 and up
82 to 88
60 to 70
92 to 96
80 to 82
below 60
90 to 92
78 to 80

88 to 90
70 to 78

Other Policies

Policies on cheating, plagiarism, incomplete grades, attendance, discrimination, sexual harassment, and student grievances are described in the Student Information Guide ( http://www.CS.ColoState.EDU/advising/student-info.html). All other matters follow the policies set in the current Colorado State University General Catalog. Students are responsible for all the information in these documents.

Copyright © 2013: Colorado State University for CS656. All rights reserved.