CSE 409/509 Fall 2010. System Security

Lecturer:	Rob Johnson
TA:	Rishab Nithyanand [rnithyanand AT cs DOT stonybrook DOT edu]
Time:	MoFr 12:50-2:10pm
Office Hours:	Rob: Mo 2:30-3:30, Tu 4:00-5:00, 2313D Computer Science Building Rishab: We 2:00-4:00, 1207 Computer Science Building, Desk 12
Home page:	http://www.cs.sunysb.edu/~rob/teaching/cse509-fa10

News

The final exam is in the same location as the class. Light Engineering 102.
Notes for all lectures are now uploaded. Good luck on your finals!
Project options are now posted.
10/27. Solutions to the Midterm Problems are now available.
10/12. You can look at old midterms and finals to get an idea of what my tests look like: Midterm, Spring 2009, Final, Spring 2009, Midterm, Spring 2007, Final, Spring 2009.
9/2. Our new mail system does not support my rob+509r@cs.sunysb.edu address, so just mail reviews to rob@cs.sunysb.edu, but please include "509r" in the subject line. Thanks, and sorry for the technical difficulties.
8/31, 2:53pm. The class has moved to a larger room: Light Engineering Lab 102. I have also asked to have the enrollment cap for 509 raised to 92 students. Everyone should be able to sign up now.

Overview

This class will cover the major concepts in computer security. We will focus primarily on securing a single host, although network security issues will be covered whenever they are relevant. The course material will be loosely organized around the central idea that new security mechanisms are developed to support finer-grained sharing.

Topics

Security basics: security goals, threat models, trust, policies, mechanism, security through obscurity
Isolation: virtual machines, memory protection, user-ids, file permissions, kernel services
Access control: authentication vs. authorization, access control matrices, access control lists, capabilities, Unix setuid programs
Shared code: shared libraries, local RPC, mobile code, sandboxing
Principles of secure system design: least privilege, failsafe defaults, economony of mechanism, least shared mechanism, complete mediation, accountability, psychological acceptability
Software security: trusted computing base, security kernels, reference monitors, software vulnerabilities, static analysis, dynamic monitoring
Cryptography: symmetric encryption, message authentication codes, asymmetric encryption, signatures
Network security: TCP/IP attacks, infrastructure attacks, Denial of Service attacks, firewalls, proxies, VPNs
Privacy and anonymity: onion routing, anonymous remailers, application-level anonymizers (e.g. web anonymizers), traffic analysis
Physical security: storage security, memory-corruption attacks, side-channel attacks
Cutting edge problems: trusted computing, remote attestation, CAPTCHAs, spam
Policy issues: human factors, incentives

Requirements and Grading

Subject to tweaks throughout the semester.

Paper reviews (10%). We will discuss 1-2 readings each week. You must read the papers before coming to class and write a short (1-2 paragraph) review (not a summary!) of each paper. Your review must give at least two criticisms of each paper. You are responsible for checking the class website to find the readings for the next class. Please email reviews as plaintext (not an attachment!) to rob+509r AT cs DOT sunysb DOT edu. (Note: Only send reviews to this address! All other correspondence should leave out the "+509r"!)
Homeworks (15%). I will assign 4-6 homeworks throughout the semester.
Class project (25%). You will work in groups of 2-3 on a class project in computer security.
Class participation (5%). I strongly encourage discussion and debate in class. Please don't hesitate to ask questions if you don't understand or disagree with anything covered in this course.
Midterm exam (20%).
Final exam (25%). The final is cumulative, so it will have questions covering topics from the entire semester.

409 vs. 509. Students in 409 and 509 will follow the same course outline, but will be given different homeworks, exams, and projects.

Note: All review readings in bold have been graded. If you have not received a grade, but did turn in a review - send an email to "rnithyanand" at "cs" dot "stonybrook" dot "edu"

Class Notes

If you would like to earn extra credit, say, to make up for missing paper reviews, you may volunteer to write up notes for a lecture. I will count one day's notes as equivalent to one paper review. Notes should be submitted in PDF format. I will post the notes on the course web page.

References

There is no course textbook. You may review notes taken by students in previous years by visiting the course webpages linked from my home page. The following books may also serve as useful references:

Computer Security: Art and Science, Matt Bishop.
Security Engineering, Ross Anderson.

Reading Assignments

Note: the reading list may change throughout the semester.
Warning: The notes below may contain errors. Use with caution.

Date	Topic/Reading assignment
8/30	Security basics: goals, threat models SELECTED NOTES: Anirudh Aithal, Ankur Jain, Christopher Deneen, Julian Gonzalez, Ravneet Singh , Junghun Lee
9/3	Trust, open design, principles of secure system design Reflections on trusting trust, Thompson Rudimentary treatise on the construction of locks, Tomlinson SELECTED NOTES: Bo He, Brendan Smith, Julian Gonzalez, Koundinya Muppalla, Ritin Suthagaran, Ujjwal Wadhawan, Vania Castelino
9/6	No class: Labor Day
9/10	No class: Rosh Hashanah
9/13	Isolation: basic HW/OS background, processes, virtual machines, message passing RECOMMENDED (NO REVIEW): Protection , Butler Lampson. SELECTED NOTES: Abraham Adam, Ritin Suthagaran, Ujjwal Wadhawan
9/17	Note: Class will end early so students can catch the shuttle from the SAC circle to CEWIT to attend Ed Felten's Distinguished Lecture Series talk, "Electronic Voting: Danger and Opportunity". Software security: Buffer overflows and Format String Bugs Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns, Pincus, Baker. OPTIONAL (NO REVIEW): Exploiting Format String Vulnerabilities, scut / team teso. SELECTED NOTES: Abraham Adam, Arun Shyam, Han Mengqi, Ujjwal Wadhawan
9/20	Software security: integer overflows, command injection, SQL injection attacks, XSS attacks, CSRF attacks, race conditions, etc. Just skim this survey (and write a review): CWE/SANS TOP 25 Most Dangerous Software Errors SELECTED NOTES: Abraham Adam, Han Mengqi, Prasad Narasimhan
9/24	Software security: static defenses Detecting Format String Vulnerabilities With Type Qualifiers , Shankar, Talwar, Foster, Wagner. Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions, Engler, Chelf, Chou, Hallem. SELECTED NOTES: Abraham Adam, Ankush Gulati, Ravneet Singh, Rami Al-Rfou, Naresh Singh
9/27	No reading -- catch up day SELECTED NOTES: Aniket Divecha, Ankush Gulati, Arun Shyam, Hyunji Kim, Julie Ling
10/1	Software security: static/dynamic defenses Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors, Akritidis, Costa, Castro, Hand. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks, Xu, Bhatkar, Sekar. SELECTED NOTES: Abraham Adam, Navatha Tatineni, Ravneet Singh
10/4	Software security: dynamic defenses On the Effectiveness of Address-Space Randomization, Shacham, Page, Pfaff, Goh, Modadugu, Boneh OPTIONAL (NO REVIEW): StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Cowan, Pu, Maier, Walpole, Bakke, Beattie, Grier, Wagle, Zhang. SELECTED NOTES: Akshay Muramatti, Christopher Deneen, Navatha Tatineni
10/8	Software security: host-based intrustion detection systems Efficient Context-Sensitive Intrusion Detection Giffin, Jha, Miller. SELECTED NOTES: Abraham Adam, Christopher Deneen
10/11	No reading -- catch up day SELECTED NOTES: Abraham Adam, Akshay Muramatti, Ritin Suthagaran
10/15	No reading -- catch up day SELECTED NOTES: Ankush Gulati, Christopher Deneen, Vijet Mahabaleshwar
10/18	Untrusted software: sandboxing Ostia: A Delegating Architecture for Secure System Call Interposition, Garfinkel, Pfaff, Rosenblum. SELECTED NOTES: Ambuj Thacker, Subramanian Arumugam
10/22	No reading -- catch up day SELECTED NOTES: Abraham Adam, Amitha Cheluvagopal, Junghun Lee, Navatha Tatineni
10/25	Midterm Solutions to the Midterm Problems The mid-term will cover material from all classes until (and including) the Oct 18th lecture.
10/29	Untrusted software: Inline reference monitors NativeClient: A Sandbox for Portable, Untrusted x86 Native Code, Bennet Yee, David Sehr, Gregory Dardyk, J. Bradley Chen, Robert Muth, Tavis Ormandy, Shiki Okasaka, Neha Narula, and Nicholas Fullagar. SELECTED NOTES: Ambuj Thacker, Amitha Cheluvagopal, Hyunji Kim, Navatha Tatineni, Nikhil Patwardhan
11/1	No reading -- catch up day SELECTED NOTES: Jing Jin, Julian Gonzalez, Michael Corley, Shu Liu
11/5	Untrusted software: proof-carrying code Proof-Carrying Code, Necula. SELECTED NOTES: Anusha Pachunuri, Jing Jin, Junghun Lee, Varun Loiwal
11/8	Class canceled
11/12	No reading -- catch up day SELECTED NOTES: Ambuj Thacker, Carlos Orrego, Shu Liu, Thomas Bohonan
11/15	No reading -- catch up day SELECTED NOTES: Abraham Adam, Nicolo Davis, Vijit Kharbanda
11/19	Untrusted platforms Terra: A Virtual Machine-Based Platform for Trusted Computing, Garfinkel, Pfaff, Chow, Rosenblum, Boneh. SELECTED NOTES: Ambuj Thacker, Junghun Lee, Subramanian Arumugam, Vijit Kharbanda
11/22	Untrusted platforms Boostrapping Trust in Commodity Computers , Parno, McCune, Perrig. SELECTED NOTES: Abraham Adam, Jing Jin, Ganesh Rajagopalan
11/24	Access Control: Capabilities Access Control (v0.1) , Laurie. SELECTED NOTES: Abraham Adam, Aseem Rastogi, Hyunji Kim, Jing Jin
11/29	Human factors in security The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies, Schechter, Dhamija, Ozment, Fischer. SELECTED NOTES: Jing Jin, Nicolo John Davis
12/3	CASE STUDY: Analysis of an Electronic Voting System, Kohno, Stubblefield, Rubin, Wallach. SELECTED NOTES: Abraham Adam, Anirudh Aithal, Apoorva Deshpande, Mrunmayi Dhume, Prasad Narasimhan
12/6	CASE STUDY: Lessons from the Sony CD DRM Episode, Halderman, Felten. SELECTED NOTES: Jing Jin, Junghun Lee, Shu Liu, V. David Sardarian, Vijit Kharbanda
12/10	TBD
12/15	Final Exam 2:15pm-4:45pm

Note: If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, please contact the staff in the Disabled Student Services office (DSS), Room 133, Humanities, 632-6748v/TDD. DSS will review your concerns and determine with you what accommodations are necessary and appropriate. All information and documentation of disability are confidential.

Note: Each student must pursue his or her academic goals honestly and be personally accountable for all submitted work. Representing another person's work as your own is always wrong. Any suspected instance of academic dishonesty will be reported to the Academic Judiciary. For more comprehensive information on academic integrity, including categories of academic dishonesty, please refer to the academic judiciary website at http://www.stonybrook.edu/uaa/academicjudiciary/.