Attacks on computer systems have become part of everyday life. It is
the goal of this class to teach a thorough understanding of the
possible security failures, as well as the protection mechanism. The
class will cover network and host security concepts and mechanisms;
basic cryptographic algorithms and protocols; authentication and
authorization protocols; access control models; common network (wired
and wireless) attacks; typical protection approaches, including
firewalls and intrusion detection systems; and operating systems and
application vulnerabilities, exploits, and countermeasures;
distributed denial of service attacks and botnets. The class will not
only cover the subjects in theory but instead also provide the
students with an extensive hands-on experience. The class will
involve a fair amount of programming. Those who take the class are
expected to be able to program in C/C++, have some basic knowledge of
assembly language, and be familiar with network basics and
programming, as well as Unix-like operating systems.
The course requires good programming skills (C, C++), including
some knowledge of x86 assembly. Also, a basic background in
operating systems (mainly UNIX) and networking.
If you feel that you possess the skills to follow this course but
have not taken the prerequisite courses, contact me to establish
whether I can waive the requirements for the course.
Your final grade will be determined by your performance in the
following:
| Midterm Exam | | 20% |
| Class participation | | 10% |
| Unannounced quizzes | | 20% |
| Final Exam | | 30% |
| Assignments | | 20% |
Assignments must be done individually.
You can discuss the
problems with your classmates, but you must not
share details of the solutions.
Subjects covered in lectures are tentative and may change (last
update 8/25/14). Refer to moodle for up-to-date information.
| Week |
Subjects |
Readings |
Assignments |
1.8/26/14 |
Course logistics. Overview. Legal and ethical aspects. The human factor.
|
Chapters 1, 19, 17.
|
Your answers to the specified problem numbers from the end of
each chapter. |
|
2.9/2/14
|
Basic crypto. Message authentication. Hashing. Random number
generation.
|
Chapters 2, 20, 21, 22.3-22.4.
Optional:
Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG
|
1.4-1.6, 19.5, 19.7 |
|
3.9/9/14
|
Authentication. Access control, authorization. PKI.
Certificate authorities. Biometrics.
|
Chapters 3, 4, 23.
Optional:
SAuth: Protecting User Accounts from Password Database Leaks
|
2.1, 2.3, 2.4, 2.6. 2.7, 20.6, 20.7. |
4.9/16/14 |
Buffer overflows. Format
string attacks. Code injection. Return-to-libc attacks.
|
Chapters 10, 11.
Smashing the stack for fun and profit
w00w00 on heap overflows
Advances in format string exploitation
Advanced return-into-lib(c) exploits
StackGuard
|
3.3, 3.6, 3.8, 3.11, 4.6, 4.7, 23.3, 23.4 |
5.9/23/14 |
Address-space layout randomization (ASLR). Heap-spraying.
Return-oriented programming. Use-after-free.
|
PaX ASLR
Heap Spraying: Attackers' Latest Weapon Of Choice
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls
Cling: A Memory Allocator to Mitigate Dangling Pointers
Optional:
On the effectiveness of address-space randomization
ASLR Smack & Laugh Reference
|
10.1, 10.2, 10.3, 10.4, 10.10, 10.11, 11.3 |
|
6.9/30/14
|
Control-flow integrity.
|
Control-flow Integrity
Transparent ROP Exploit Mitigation using Indirect Branch Tracing
Practical Control Flow Integrity & Randomization for Binary Executables
Out Of Control: Overcoming Control-Flow Integrity
Optional:
Size Does Matter - Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard
Modular Control-Flow Integrity
|
Free ride? |
7.10/7/14 |
Web and database security. SQL injection. Cross-site
scripting (XSS). Cross-site request forgery (CSRF).
|
Chapter 5.
|
Free ride? |
|
10/14/14
|
No class. Monday class schedule.
|
|
5.2, 5.3, 5.5, 5.8, 5.12, 5.15 |
|
8.10/21/14
|
Midterm exam.
Mobile security.
|
Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies
Securing Embedded User Interfaces: Android and Beyond
Jekyll on iOS: When Benign Apps Become Evil
Mobile Malware Detection Based on Energy Fingerprints — A Dead End?
|
|
9.10/28/14 |
Malware. Drive-by downloads. Sandboxing. Denial-of-service
(DoS) attacks.
|
Chapters 6, 7.
Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
Practical and Effective Sandboxing for Non-root Users
SOS: An Architecture For Mitigating DDoS Attacks
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks
|
Free ride? |
10.11/4/14 |
Firewalls. Network intrusion detection. Honeypots.
|
Chapters 8, 9.
Snort - Lightweight Intrusion Detection for Networks
A Virtual Honeypot Framework
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Data Mining Approaches for Intrusion Detection
|
Free ride? |
|
11.11/11/14
|
Multilevel security. Information flow. Taint analysis.
|
Chapter 13.
Raksha: A Flexible Information Flow Architecture for Software Security
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Argos: an Emulator for Fingerprinting Zero-Day Attacks
Taint-Exchange: a Generic System for Cross-process and Cross-host Taint Tracking
|
8.2, 8.3, 8.6, 9.1, 9.5, 9.6 |
12.11/18/14 |
OS security. Null-pointer dereferences. Code integrity.
|
Chapter 12.
kGuard: Lightweight Kernel Protection against Return-to-user Attacks
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes
|
13.1, 13.6, 13.9, 13.10 |
13.11/25/14 |
Physical and infrastructure security. Hardware security.
|
Chapter 16.
Security Analysis of Integrated Circuit Camouflaging
Low-Fat Pointers: Compact Encoding and Efficient Gate-Level Implementation of Fat Pointers for Spatial Safety and Capability-based Security
FANCI: identification of stealthy malicious logic using boolean functional analysis
|
12.1, 12.2, 12.4, 12.6, 12.10 |
|
14.12/2/14
|
Other subjects, case studies.
|
TBD |
16.1-16.4 |
|
15. 12/9/14
|
Final exam.
|
|
|