CS 577 Cybersecurity Lab

Fall 2014

InstructorGeorgios Portokalidis
Teaching assistantDimitrios Damopoulos
Mailing listcs577@lists.stevens....
MeetingsThursdays 06:15pm-08:45pm (room BC640)
Office hoursMondays 5:00-6:00pm (L213)

Overview | Prerequisites | Tools | Grading | Schedule

Overview

Attacks on computer systems have become part of everyday life. It is the goal of this class to teach a thorough understanding of the possible security failures, as well as the protection mechanism. The class will cover network and host security concepts and mechanisms; basic cryptographic algorithms and protocols; authentication and authorization protocols; access control models; common network (wired and wireless) attacks; typical protection approaches, including firewalls and intrusion detection systems; and operating systems and application vulnerabilities, exploits, and countermeasures; distributed denial of service attacks and botnets. The class will not only cover the subjects in theory but instead also provide the students with an extensive hands-on experience. The class will involve a fair amount of programming. Those who take the class are expected to be able to program in C/C++, have some basic knowledge of assembly language, and be familiar with network basics and programming, as well as Unix-like operating systems.

Prerequisites

The course requires good programming skills (C, C++), including some knowledge of x86 assembly. Also, a basic background in operating systems (mainly UNIX) and networking.

Course prereqs:

  • CS 506 Introduction to IT Security
  • CS 576 (co-requisite)
  • CS 590 Algorithms (for grads) or CS 385 Algorithms (undergrads) or CS 182 Introduction to Computer Science Honors II (undergrads)

If you feel that you possess the skills to follow this course but have not taken the prerequisite courses, contact me to establish whether I can waive the requirements for the course.

Tools

Tools that will be used in the lab:

  • DETER virtual testing environment
  • Metasploit penetration testing framework. Download the framework not the GUI version.

Projects

There will be group projects for this class that will result in tools and software for measuring, securing, or attacking systems. The software deliverables must compile and rin on DETER or the Unix lab. For other configurations the permission of the instructor needs to be explicitly provided.

The project consists of:

  • A midterm deliverable consisting of 3-5 page paper summarizing your project's progress and a presentation to the class.
  • A final deliverable consisting of 8-15 page paper summarizing your project's results and a presentation to the class.

Plan your time carefully! Failing the project most probably will fail you the class.

Grading

Your final grade will be determined by your performance in the following:

Midterm Project/Presentation 20%
Class participation 10%
Final Project/Presentation 30%
Labs 40%

Labs and projects may be done in groups of 2-3 students.

You can discuss the problems with your classmates, but you must not share details of the solutions. Plagiarism and cheating will automatically give you an F on the lab/project/etc.

Honor system

Stevens honor system: "The Honor System at Stevens [..] insures that work submitted by students can be trusted as their own and was performed in an atmosphere of honesty and fair play."

Week-by-week schedule

Subjects covered in lectures are tentative and may change (last update 8/25/14). Refer to moodle for up-to-date information.

Week Subjects Readings Files

1.8/28/14

Course logistics. Setup.

Chapters 1, 19, 14, 15, 17.

 

2.9/4/14

Basic crypto. Message authentication. Hashing. Random number generation.

Submit ideas for project.

Chapters 2, 20, 21.

Optional:
Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG

Lab-01

3.9/11/14

Authentication. Access control, authorization. PKI. Biometrics.

Chapters 3, 4, 23.

Optional:
SAuth: Protecting User Accounts from Password Database Leaks

 

4.9/18/14

Buffer overflows. Format string attacks. Code injection. Return-to-libc attacks.

Submit project proposals.

Chapters 10, 11.
Smashing the stack for fun and profit
w00w00 on heap overflows
Advances in format string exploitation
Advanced return-into-lib(c) exploits

 

5.9/25/14

Heap-spraying. Return-oriented programming.

Heap Spraying: Attackers' Latest Weapon Of Choice
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls
Optional:
On the effectiveness of address-space randomization
ASLR Smack & Laugh Reference

 

6.10/2/14

Software defenses. Fix what was broken in weeks 4 and 5.

PaX ASLR
StackGuard
Cling: A Memory Allocator to Mitigate Dangling Pointers
 

7.10/9/14

SQL injection. Cross-site scripting (XSS). Cross-site request forgery (CSRF).

Chapter 5.

 

8.10/16/14

Midterm project presentation/project report due.

   

9.10/23/13

Mobile security.

Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies
Securing Embedded User Interfaces: Android and Beyond
Jekyll on iOS: When Benign Apps Become Evil
Mobile Malware Detection Based on Energy Fingerprints — A Dead End?

 

10.10/30/14

Malware. Sandboxing. Denial-of-service (DoS) attacks.

Chapters 6, 7.

Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
Practical and Effective Sandboxing for Non-root Users
SOS: An Architecture For Mitigating DDoS Attacks
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks

 

11.11/6/14

Firewalls. Network intrusion detection. Honeypots.

Chapters 8, 9.

Snort - Lightweight Intrusion Detection for Networks
A Virtual Honeypot Framework
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Data Mining Approaches for Intrusion Detection

 

12.11/13/14

Information flow. Taint analysis.

Chapter 13.

Raksha: A Flexible Information Flow Architecture for Software Security
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Argos: an Emulator for Fingerprinting Zero-Day Attacks
Taint-Exchange: a Generic System for Cross-process and Cross-host Taint Tracking

 

13.11/20/14

Null-pointer dereferences. Code integrity.

kGuard: Lightweight Kernel Protection against Return-to-user Attacks
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes

 

11/27/14

No class. Thanks giving break.

   

14.12/4/14

Final project presentations.

   

15.12/11/14 (tentative)

Final project reports due.