CSE509 Spring 2006. System Security

Lecturer:	Rob Johnson
Location:	Library N4000
Time:	TuTh 11:20am-12:40pm
Office Hours:	Th 1-3pm, 2313D Computer Science Building
Home page:	http://www.cs.sunysb.edu/~rob/teaching/cse509-sp06

News

The first study group meeting will take place Friday, April 7th, at 3pm in my office. Come with questions. I will distribute an extra-credit mini-homework (2 questions) each week to help you pull up your grade.
If you would like some additional reading, you can look into these books (in order from most recommended to least recommended):
- Computer Security: Art and Science, Matt Bishop
- Computer Security Basics, Debby Russell, Sr. G.T Gangemi
- Security in Computing, Charles P. Pfleeger
3/31/2006: Midterm grades are now available.
3/21/2006: HW1 solutions are now available.
3/16/2006: If you're looking for a project partner, try the class Blackboard message board. You can also send me email or come talk to me after class and I'll try to match up potential partners.
3/16/2006: I will have additional office hours Tuesday, 3/21, 1-3pm.
3/16/2006: A preliminary midterm review is now available.
3/9/2006: The project has been posted.
2/28/2006: In HW1, Problem 3, assume that e = 3.
2/21/2006: Homework 1 is ready. Due March 2nd in class.
2/2/2006: The blackboard class message board is setup for discussions on all topics related to computer security. Head to Blackboard to participate.
2/1/2006: Please write 1-2 paragraph reviews for each paper.
2/1/2006: Please email reviews to rob+509r AT cs DOT sunysb DOT edu and susanta@gmail.com.
1/26/2006: Extra credit option: see section on class notes.
1/26/2006: The class will NOT move. Given the close vote, I feel my primary responsibility is to the students already in the class. I will tell the class schedulers to avoid scheduling Computer Security and Network Programming together in the future. Thanks to everyone for cooperating on this task.

Overview

This class will cover the major concepts in computer security. We will focus primarily on securing a single host, although network security issues will be covered whenever they are relevant. The course material will be loosely organized around the central idea that new security mechanisms are developed to support finer-grained sharing.

Topics

Security basics: security goals, threat models, trust, policies, mechanism, security through obscurity
Isolation: virtual machines, memory protection, user-ids, file permissions, kernel services
Access control: authentication vs. authorization, access control matrices, access control lists, capabilities, Unix setuid programs
Shared code: shared libraries, local RPC, mobile code, sandboxing
Principles of secure system design: least privilege, failsafe defaults, economony of mechanism, least shared mechanism, complete mediation, accountability, psychological acceptability
Software security: trusted computing base, security kernels, reference monitors, software vulnerabilities, static analysis, dynamic monitoring
Cryptography: symmetric encryption, message authentication codes, asymmetric encryption, signatures
Network security: TCP/IP attacks, infrastructure attacks, Denial of Service attacks, firewalls, proxies, VPNs
Privacy and anonymity: onion routing, anonymous remailers, application-level anonymizers (e.g. web anonymizers), traffic analysis
Physical security: storage security, memory corruption attacks, side-channel attacks
Cutting edge problems: trusted computing, remote attestation, CAPTCHAs, spam
Policy issues: human factors, incentives

Requirements and Grading

Subject to tweaks throughout the semester.

Paper reviews (10%). We will discuss 1-2 readings each week. You must read the papers before coming to class and write a short (1-2 paragraph) review of each paper. Your review must give at least two criticisms of each paper. You are responsible for checking the class website to find the readings for the next class. Please email reviews to rob+509r AT cs DOT sunysb DOT edu and susanta@gmail.com.
Homeworks (15%). I will assign 4-6 homeworks throughout the semester. They will not take long - two to four hours each.
Class project (25%). You will work in groups of 2-3 on a class project in computer security.
Class participation (5%). I strongly encourage discussion and debate in class. Please don't hesitate to ask questions if you don't understand or disagree with anything covered in this course.
Midterm exam (20%).
Final exam (25%). The final is cumulative, so it will have questions covering topics from the entire semester.

Class Notes

If you would like to earn extra credit, say, to make up for missing paper reviews, you may volunteer to write up notes for a lecture. I will count one day's notes as equivalent to one paper review. Only two people can submit notes for any given day, so check with me in advance. Notes should be submitted in text, html, postscript, or PDF format. I will post the notes on the course web page.

Note: If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, please contact the staff in the Disabled Student Services office (DSS), Room 133, Humanities, 632-6748v/TDD. DSS will review your concerns and determine with you what accommodations are necessary and appropriate. All information and documentation of disability are confidential.

Reading Assignments

Note: the reading list may change throughout the semester.

Date	Topic/Reading assignment
1/24	Security basics: goals, threat models Notes, Beili Wang.
1/26	Trust, open design, principles of secure system design Reflections on trusting trust, Thompson Rudimentary treatise on the construction of locks, Tomlinson Notes, Beili Wang.
1/31	Confinement, virtual machines No reading Notes, Gabriel Sanchez. Notes, Samir Shah.
2/2	Access Control Protection, Butler Lampson. Notes, Fatima Zarinni.
2/7	Access Control: HRU, Bell-LaPadula The Confused Deputy, Hardy. Notes, Paul Roddin
2/9	Access Control: Biba, Capabilities, Revocation No reading Notes, Ravi Muthunoori Notes, Vaibhav Chopda
2/14	Authentication No reading Notes, Wenbin Zhang Notes, Ravi Muthunoori
2/16	Cryptography: Symmetric key crypto No reading Notes, Fatima Zarinni
2/21	Cryptography: Hashes, MACs, number theory No reading Notes, Faisal Islam
2/23	Public key crypto: RSA Combining cryptography with biometrics effectively, Hao, Anderson, Daugman Notes, Siddharth Bhatt.
2/28	Diffie-Hellman, signatures No reading Notes, Ravi Muthunoori
3/2	Authentication, continued: token cards, biometrics No reading Notes, Sadler Divers
3/7	Authentication, continued: token cards, biometrics Software security: format string bugs No reading Notes, Sumeet Bajaj
3/9	Static analysis: type qualifier inference Detecting Format String Vulnerabilities With Type Qualifiers, Shankar, Talwar, Foster, Wagner.
3/14	Static analysis: MECA Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions, Engler, Chelf, Chou, Hallem. Notes, Shibiao Lin Notes, Samir Shah
3/16	Static analysis: CCured CCured: Type-Safe Retrofitting of Legacy Code, George Necula, Scott McPeak, Westley Weimer Notes, Wenbin Zhang Notes, Fatima Zarinni
3/21	Secure software design Privtrans: Automatically Partitioning Programs for Privilege Separation, Brumley, Song Notes, Harry Papaxenopoulos Notes, Vaibhav Chopda
3/23	Privilege Separation, continued Notes, Paul Talamo Notes, Manish Nair
3/28	Midterm
3/30	Buffer overflows: the systems solution On the Effectiveness of Address-Space Randomization, Shacham, Page, Pfaff, Goh, Modadugu, Boneh OPTIONAL: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Cowan, Pu, Maier, Walpole, Bakke, Beattie, Grier, Wagle, Zhang OPTIONAL: PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities, Cowan, Beattie, Johansen, Wagle Notes, Shibiao Lin Notes, Pramod Adiddam
4/4	Untrusted code Inline reference monitors: Efficient Software-Based Fault Isolation, Wahbe, Lucco, Anderson, Graham System call interposition: Ostia: A Delegating Architecture for Secure System Call Interposition, Garfinkel, Pfaff, Rosenblum Notes, Beili Wang Notes,Fatima Zarinni
4/6	No reading Notes, Vaibhav Chopda Notes, Siddharth Bhatt
4/11	Spring Break
4/13	Spring Break
4/18	Intrusion detection Intrusion Detection via Static Analysis, Wagner, Dean.
4/20	DOS Using Client Puzzles to Protect TLS, Dean, Stubblefield Notes, Manish Nair
4/25	DOS: No reading Notes, Beili Wang
4/27	Trusted computing Terra: A Virtual Machine-Based Platform for Trusted Computing, Garfinkel, Pfaff, Chow, Rosenblum, Boneh Notes, Sadler Divers Notes, Pramod Adiddam
5/2	Side channel attacks TIMING: Remote Timing Attacks are Practical, Brumley, Boneh OPTIONAL: TEMPEST: Optical Time-Domain Eavesdropping Risks of CRT Displays, Kuhn OPTIONAL: SOUND: Keyboard Acuoustic Emanations, Asonov, Agrawal Notes, Manish Nair
5/4	Fun stuff Humans: Telling Humans and Computers Apart Automatically, von Ahn, Blum, and Langford Money: Why Information Security is Hard - An Economic Perspective, Anderson Notes, Gabe Sanchez
5/11	Final Exam 11am-1:30pm