Overview
Attacks on computer systems have become part of everyday life. It is
the goal of this class to teach a thorough understanding of the
possible security failures, as well as the protection mechanism. The
class will cover network and host security concepts and mechanisms;
basic cryptographic algorithms and protocols; authentication and
authorization protocols; access control models; common network (wired
and wireless) attacks; typical protection approaches, including
firewalls and intrusion detection systems; and operating systems and
application vulnerabilities, exploits, and countermeasures;
distributed denial of service attacks and botnets. The class will not
only cover the subjects in theory but instead also provide the
students with an extensive hands-on experience. The class will
involve a fair amount of programming. Those who take the class are
expected to be able to program in C/C++, have some basic knowledge of
assembly language, and be familiar with network basics and
programming, as well as Unix-like operating systems.
Prerequisites
The course requires good programming skills (C, C++), including
some knowledge of x86 assembly. Also, a basic background in
operating systems (mainly UNIX) and networking.
Course prereqs:
- CS 506 Introduction to IT Security
- CS 576 (co-requisite)
- CS 590 Algorithms (for grads) or CS 385 Algorithms
(undergrads) or CS 182 Introduction to Computer Science Honors II
(undergrads)
If you feel that you possess the skills to follow this course but
have not taken the prerequisite courses, contact me to establish
whether I can waive the requirements for the course.
Tools that will be used in the lab:
- DETER virtual testing environment
- Metasploit penetration testing framework. Download the framework not the GUI version.
Projects
There will be group projects for this class that will result in
tools and software for measuring, securing, or attacking systems.
The software deliverables must compile and rin on DETER or the Unix
lab. For other configurations the permission of the instructor needs
to be explicitly provided.
The project consists of:
- A midterm deliverable consisting of 3-5 page paper summarizing
your project's progress and a presentation to the class.
- A final deliverable consisting of 8-15 page paper summarizing
your project's results and a presentation to the class.
Plan your time carefully! Failing the project most probably will
fail you the class.
Grading
Your final grade will be determined by your performance in the
following:
| Midterm Project/Presentation | | 20% |
| Class participation | | 10% |
| Final Project/Presentation | | 30% |
| Labs | | 40% |
Labs and projects may be done in groups of 2-3 students.
You can discuss the
problems with your classmates, but you must not
share details of the solutions. Plagiarism and cheating will
automatically give you an F on the lab/project/etc.
Honor system
Stevens honor system:
"The Honor System at Stevens [..] insures that work submitted
by students can be trusted as their own and was performed in an
atmosphere of honesty and fair play."
Week-by-week schedule
Subjects covered in lectures are tentative and may change (last
update 8/25/14). Refer to moodle for up-to-date information.
| Week |
Subjects |
Readings |
Files |
1.8/28/14 |
Course logistics. Setup.
|
Chapters 1, 19, 14, 15, 17.
|
|
|
2.9/4/14
|
Basic crypto. Message authentication. Hashing. Random number
generation.
Submit ideas for project.
|
Chapters 2, 20, 21.
Optional:
Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG
|
Lab-01 |
|
3.9/11/14
|
Authentication. Access control, authorization. PKI.
Biometrics.
|
Chapters 3, 4, 23.
Optional:
SAuth: Protecting User Accounts from Password Database Leaks
|
Lab-02 |
4.9/18/14 |
Buffer overflows. Format
string attacks. Code injection. Return-to-libc attacks.
Submit project proposals.
|
Chapters 10, 11.
Smashing the stack for fun and profit
w00w00 on heap overflows
Advances in format string exploitation
Advanced return-into-lib(c) exploits
|
Lab-03 |
5.9/25/14 |
Heap-spraying. Return-oriented programming.
|
Heap Spraying: Attackers' Latest Weapon Of Choice
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls
Optional:
On the effectiveness of address-space randomization
ASLR Smack & Laugh Reference
|
Lab-04 |
|
6.10/2/14
|
Software defenses. Fix what was broken in weeks 4 and 5.
|
PaX ASLR
StackGuard
Cling: A Memory Allocator to Mitigate Dangling Pointers
|
|
7.10/9/14 |
SQL injection. Cross-site scripting (XSS). Cross-site
request forgery (CSRF).
|
Chapter 5.
|
Lab-05 |
|
8.10/16/14
|
Midterm project presentation/project report due.
|
|
|
|
9.10/23/13
|
Mobile security.
|
Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies
Securing Embedded User Interfaces: Android and Beyond
Jekyll on iOS: When Benign Apps Become Evil
Mobile Malware Detection Based on Energy Fingerprints — A Dead End?
|
Lab-06 |
10.10/30/14 |
Malware. Sandboxing. Denial-of-service
(DoS) attacks.
|
Chapters 6, 7.
Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
Practical and Effective Sandboxing for Non-root Users
SOS: An Architecture For Mitigating DDoS Attacks
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks
|
Lab-07 |
11.11/6/14 |
Firewalls. Network intrusion detection. Honeypots.
|
Chapters 8, 9.
Snort - Lightweight Intrusion Detection for Networks
A Virtual Honeypot Framework
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Data Mining Approaches for Intrusion Detection
|
Lab-08 |
|
12.11/13/14
|
Information flow. Taint analysis.
|
Chapter 13.
Raksha: A Flexible Information Flow Architecture for Software Security
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Argos: an Emulator for Fingerprinting Zero-Day Attacks
Taint-Exchange: a Generic System for Cross-process and Cross-host Taint Tracking
|
|
13.11/20/14 |
Null-pointer dereferences. Code integrity.
|
kGuard: Lightweight Kernel Protection against Return-to-user Attacks
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes
|
Sandboxing - libseccomp lab will be given in class |
|
11/27/14
|
No class. Thanks giving break.
|
|
|
14.12/4/14 |
Final project presentations.
|
|
|
|
15.12/11/14 (tentative)
|
Final project reports due.
|
|
|