ECE 382N: Security at the Hardware-Software Interface (UT Austin)

Fall 2025

Important Announcement: We changed our classroom to WAG 214

When and Where: Mon & Weds, 3pm–4:30pm, PMA 7.114 WAG 214
Format: Lectures, paper reading & discussions, research-oriented term projects
Instructor: Neil Zhao <neil.zhao@utexas.edu>, please just call him Neil
Instructor Office Hour: Tue 4pm–5pm, Thu 11am–12pm, or by appointments, EER 5.890
TA: Ethan Jiang <zx.jiang@utexas.edu>
TA Office Hour: Tue, 3pm–4pm, EER 5.652 (for logistical questions)

Note: For course related emails, please include prefix "[ECE 382N]" in the subject, thank you!

[Schedule, reading list, and slides], [Term project], [Ed discussion], [Acknowledgements]

Course Overview

Welcome to “ECE 382N: Security at the Hardware-Software Interface,” where we learn how to build secure computer systems and interesting ways to break them. This is a research-oriented seminar course with a major term project. We will be going over the following topics:

  • Side-channel attacks and defenses
  • Transient-execution attacks and defenses
  • Trusted-execution environments
  • Sandboxing and isolation
  • Memory safety techniques
  • System-level attacks in AI systems
  • Other interesting emerging threats to computer systems

Prerequisites

  • ECE 312: Software Design and Implementation I (or C programming skills)
  • ECE 460N: Computer Architecture
  • ECE 461S: Operating Systems
  • Some background in security is recommended

Course Requirements

This course combines structured lectures with student-led paper presentations and discussions. The expectations for all students in this course are as follows:

Read:
  • Lectures: Before each lecture, you will complete a pre-lecture reading and a mini quiz. After the lecture, you will read an additional in-depth paper and submit a conference-style review. These reviews are designed to prepare you for the academic process of peer review. The mini quiz is due two hours before each lecture. The paper review is due by Sunday of that week.
  • Paper discussions: Before each paper discussion session, you will read one of the assigned papers and submit a conference-style paper review one day before the discussion.

You can find the course schedule and reading list here.

Policy: You can skip one pre-lecture reading and mini quiz, as well as two paper reviews without grade penalty.

Participate: You will attend every class and actively participate in class discussions. Questions are always welcomed during and after the lecture. Pop quizzes may be given during lectures and will count towards your participation grade.

Policy: You can skip two lectures/discussions without grade penalty.

Present: You will present research papers and lead the discussion during the paper discussion sessions. We will discuss the presentation guidelines in class, as they depend on the course enrollment.

Research: You will conduct a term research project in system security. Both attack and defense projects are welcomed. More details about the term project can be found here.

Grading

As a research-oriented course, there will be no exams. Your final grade is based on the following components:

  • 10%: Class participation (includes in-class discussion and pop quizzes)
  • 5%: Pre-lecture reading and mini quizzes
  • 10%: Post-lecture reading and pre-discussion paper reviews
  • 15%: Leading paper discussion
  • 60%: Term project =
    • (3%: Project proposal) +
    • (7%: Midpoint report) +
    • (15%: Final presentation) +
    • (35%: Final report)

Other Course Policies

The university provides a Canvas page with policies and resources relevant to all courses. You can refer to it as you navigate your time at UT. This course also has the following additional policies.

Use of AI Tools

Generative AI tools such as ChatGPT and Claude have become widespread. Hype aside, these tools are indeed transforming the way we retrieve and process information. It is therefore crucial to learn how to effectively use these tools in our research—while maintaining academic integrity and avoiding intellectual dishonesty. The general policy for this course regarding the use of AI tools is that it is acceptable to retrieve and process retrieved information, but not to create original content. Here are some examples (though not an exhaustive list):

Allowed

  • Find and summarize related work
  • Clarify a confusing concept (but please be aware of hallucination/fabrication)
  • Proof read your draft for grammar errors

Prohibited

  • Upload the course reading and questions to AI tools to complete mini quizzes or write paper reviews
  • Ask AI tools to write the project proposal, checkpoint reports, and the final report

Confirmed violations can result in receiving an “F” for this course.

Hacking Ethics & Legal Considerations

In this course, you will learn about vulnerabilities in computer systems. However, you must not attack other people’s computers, access systems without authorization, or misuse personal information—doing so can lead to serious legal consequences. Be extra mindful of ethical and legal issues if you are working on any attack-focused term project. When in doubt, please reach out to the course instructor.

A Notice of Academic Accommodations from Disability and Access (D&A)

If you are a student with a disability, or think you may have a disability, and need accommodations please contact Disability and Access (D&A). You may refer to D&A’s website for contact and more information: http://disability.utexas.edu/. If you are already registered with D&A, please deliver your accommodation letter to me as early as possible in the semester so we can discuss your approved accommodations.