CSE 409 Fall 2011. System Security

Lecturer:	Rob Johnson
Time:	MoFr 12:50-2:10pm
Office Hours:	Rob: Mo 2:30-3:30, Tu 4:00-5:00, 2313D Computer Science Building
Home page:	http://www.cs.sunysb.edu/~rob/teaching/cse409-fa11

News

Here are some old mid-terms and final exams for your reference on the style of my tests. Keep in mind that these are for 509 or 409/509 combined classes, so do not be intimidated!
Homework 3 is now available.
Homework 2 is now available. Download and decompress the .tgz file for info. You may work in groups of 3 on this homework assignment. You will demo your results after class on Oct. 17th.
Homework 1 is now available.
This page is still under construction -- contents may change.
Class will meet in the assigned room: CS 2114.

Overview

This class will cover the major concepts in computer security. We will focus primarily on securing a single host, although network security issues will be covered whenever they are relevant. The course material will be loosely organized around the central idea that new security mechanisms are developed to support finer-grained sharing.

Topics

Security basics: security goals, threat models, trust, policies, mechanism, security through obscurity
Principles of secure system design: least privilege, failsafe defaults, economony of mechanism, least shared mechanism, complete mediation, accountability, psychological acceptability
Hardware foundations: virtual memory, CPU privileged mode
OS foundations and security models:Unix, Windows, Android, the Web security model
Designing secure software:least privilege, privilege separation, capabilities
Secure coding: memory safety, integer overflows, format string bugs, sql injection bugs, race conditions, etc.
Security evaluation:fuzzing, static analysis
System-level defenses: virtualization, sandboxes, jails, intrusion detection systems, etc.
Access control: authentication vs. authorization, access control matrices, access control lists, capabilities, Unix setuid programs
Physical security: storage security, memory-corruption attacks, side-channel attacks
Cutting edge problems: trusted computing, mobile security
Policy issues: human factors, incentives

Requirements and Grading

Subject to tweaks throughout the semester.

Paper reviews (TBD). We will read some research papers near the end of the class. You must read the papers before coming to class and write a short (1-2 paragraph) review (not a summary!) of each paper. Your review must give at least two criticisms of each paper. You are responsible for checking the class website to find the readings for the next class. Please email reviews as plaintext (not an attachment!) to rob@cs.stonybrook.edu.
Homeworks (25%). I will assign 4-6 homeworks throughout the semester.
Class project (25%). You will work in groups of 2-3 on a class project in computer security.
Class participation (5%). I strongly encourage discussion and debate in class. Please don't hesitate to ask questions if you don't understand or disagree with anything covered in this course.
Midterm exam (20%).
Final exam (25%). The final is cumulative, so it will have questions covering topics from the entire semester.

Class Notes

If you would like to earn extra credit, you may volunteer to write up notes for a lecture. I will count one day's notes as approximately 0.3 points added to your final grade. Notes should be submitted in PDF format. I will post the best notes on the course web page, and they will receive 0.5 points of extra credit.

References

There is no course textbook. You may review notes taken by students in previous years by visiting the course webpages linked from my home page. The following books may also serve as useful references:

Computer Security: Art and Science, Matt Bishop.
Security Engineering, Ross Anderson.

Lecture Schedule

Note: the reading list may change throughout the semester.
You do not need to turn in a paper review for readings marked "OPTIONAL".
Warning: The notes below may contain errors. Use with caution.

Date	Topic/Reading assignment
8/29	No class: Hurricane
9/2	Security basics: goals, threat models, transitive trust OPTIONAL READING: Reflections on trusting trust, Thompson SELECTED NOTES: Alin Tomescu, Brijesh Joshi
9/5	No class: Labor Day
9/9	Hardware foundations: privileged mode, virtual memory SELECTED NOTES: Luke Mladek, Brijesh Joshi, Alin Tomescu
9/12	OS security models: Unix, Windows SELECTED NOTES: Alin Tomescu, Brijesh Joshi, Luke Mladek
9/16	Bell-Lapadula, Biba, RBAC, Chinese Wall SELECTED NOTES: Alin Tomescu, Brijesh Joshi, Luke Mladek
9/19	The Android security model, capabilities SELECTED NOTES: Brijesh Joshi, Luke Mladek, Alin Tomescu
9/23	Software security: buffer overflows and other memory safety bugs SELECTED NOTES: Alin Tomescu, Luke Mladek
9/26	Software security: integer overflows, format string bugs SELECTED NOTES: Alin Tomescu, Luke Mladek, Eric Kaggen
9/28	Note: CORRECTION DAY: Classes follow a Friday schedule Demos of buffer overflow exploits SELECTED NOTES: Alin Tomescu, Eric Kaggen
9/30	No class: Rosh Hashanah
10/3	Demos continued SELECTED NOTES: Alin Tomescu, Eric Kaggen
10/7	Software security: race conditions, privilege management (e.g. setuid and friends) SELECTED NOTES: Alin Tomescu, Luke Mladek
10/10	Web security model, SQL injection attacks, XSS attacks SELECTED NOTES: Alin Tomescu, Luke Mladek, Eric Kaggen
10/14	XSS attacks, content sniffing attacks SELECTED NOTES: Alin Tomescu, Eric Kaggen, Luke Mladek
10/17	CSRF attacks, path traversal attacks, force browsing, mashup issues, chroot jails SELECTED NOTES: Alin Tomescu, Luke Mladek, Eric Kaggen
10/21	Mashups continued, HTML5 postMessage() SELECTED NOTES: Alin Tomescu, Luke Mladek, Eric Kaggen
10/24	Principles of secure system design SELECTED NOTES: Alin Tomescu, Luke Mladek
10/28	Principles of secure system design, continued, Sandboxing and IDS SELECTED NOTES: Alin Tomescu, Eric Kaggen
10/31	Google Native Client SELECTED NOTES: Alin Tomescu, Eric Kaggen
11/4	Model Checking, Fuzzing, Fault Injectiont SELECTED NOTES: Alin Tomescu, Eric Kaggen
11/7	Type qualifiers for security, CCured Guest Lecture: Jun Yuan SELECTED NOTES: Alin Tomescu, Eric Kaggen
11/11	Compiler techniques for memory safety Guest Lecture: Aseem Rastogi SELECTED NOTES: Alin Tomescu, Matthew Cordaro, Eric Kaggen
11/14	Overview of design trade-offs in compiler defenses, Jones & Kelly, Run-time taint tracking SELECTED NOTES: Alin Tomescu
11/18	Run-time taint tracking continued SELECTED NOTES:
11/21	Authentication SELECTED NOTES: Alin Tomescu, Eric Kaggen, Matthew Cordaro
11/25	No class: Thanksgiving break
11/28	Trustworthy computing SELECTED NOTES: Alin Tomescu, Luke Mladek
12/2	Trustworthy computing, continued (sealed storage), usable security SELECTED NOTES: Alin Tomescu, Luke Mladek
12/5	Usable security, continued: Phorcefiel, device pairing SELECTED NOTES: Alin Tomescu, Luke Mladek
12/9	Incentives and security SELECTED NOTES: Alin Tomescu, Luke Mladek
12/15	Final Exam: 2:15-4:45

Note: If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, please contact the staff in the Disabled Student Services office (DSS), Room 133, Humanities, 632-6748v/TDD. DSS will review your concerns and determine with you what accommodations are necessary and appropriate. All information and documentation of disability are confidential.

Note: Each student must pursue his or her academic goals honestly and be personally accountable for all submitted work. Representing another person's work as your own is always wrong. Any suspected instance of academic dishonesty will be reported to the Academic Judiciary. For more comprehensive information on academic integrity, including categories of academic dishonesty, please refer to the academic judiciary website at http://www.stonybrook.edu/uaa/academicjudiciary/.