CS499/579 :: Empirical Computer Security
Fall 2023

Empirical security research seeks to understand how computer security concerns actually manifest in practice. For instance, in 2017 NIST (National Institute of Standards and Technology) reversed their password recommendations after empirical research showed that their requirements actually led to more easily guessable passwords! This course explores recent research developments in applied security research across a wide range of computer security areas: computer networks, the web, social engineering, misinformation, malware, botnets, usable security, and emerging applications such as IoT, smart cars, etc. This is a project-based course that will concurrently introduce students to the basics of empirical security research. The instructor will work with students to identify a research problem (e.g., uncovering new threats, developing security defenses), design experiments, collect/analyze data, and communicate findings. Ultimately, this course aims to prepare students for successful security research careers, either in graduate school or industry.

