CSE509 Spring 2007. System Security

Lecturer:	Rob Johnson
TA:	George Iordache
Location:	Social and Behavioral Sciences S218
Time:	TuTh 9:50-11:10am
Office Hours:	Rob: Tu 11:20am-12:20pm, 2313D Computer Science Building George: Th 3:50-6pm, 2110 Computer Science Building
Home page:	http://www.cs.sunysb.edu/~rob/teaching/cse509-sp07

News

5/11: George will hold a review session from 10:30-12 in Room 2110. You must bring questions.
4/24 HW2, due 5/1, is now available.
3/13 Extra Office Hours: 3/14, 12:30-1:30, 2313D
3/13 Review session: 5:30-6:30, 2210 CS Building.
3/6 A preliminary projects page is now available.
2/27 Office hours canceled due to instructor illness.
HW1 , due 2/22, is now available.

Overview

This class will cover the major concepts in computer security. We will focus primarily on securing a single host, although network security issues will be covered whenever they are relevant. The course material will be loosely organized around the central idea that new security mechanisms are developed to support finer-grained sharing.

Topics

Security basics: security goals, threat models, trust, policies, mechanism, security through obscurity
Isolation: virtual machines, memory protection, user-ids, file permissions, kernel services
Access control: authentication vs. authorization, access control matrices, access control lists, capabilities, Unix setuid programs
Shared code: shared libraries, local RPC, mobile code, sandboxing
Principles of secure system design: least privilege, failsafe defaults, economony of mechanism, least shared mechanism, complete mediation, accountability, psychological acceptability
Software security: trusted computing base, security kernels, reference monitors, software vulnerabilities, static analysis, dynamic monitoring
Cryptography: symmetric encryption, message authentication codes, asymmetric encryption, signatures
Network security: TCP/IP attacks, infrastructure attacks, Denial of Service attacks, firewalls, proxies, VPNs
Privacy and anonymity: onion routing, anonymous remailers, application-level anonymizers (e.g. web anonymizers), traffic analysis
Physical security: storage security, memory-corruption attacks, side-channel attacks
Cutting edge problems: trusted computing, remote attestation, CAPTCHAs, spam
Policy issues: human factors, incentives

Requirements and Grading

Subject to tweaks throughout the semester.

Paper reviews (10%). We will discuss 1-2 readings each week. You must read the papers before coming to class and write a short (1-2 paragraph) review of each paper. Your review must give at least two criticisms of each paper. You are responsible for checking the class website to find the readings for the next class. Please email reviews to rob+509r AT cs DOT sunysb DOT edu.
Homeworks (15%). I will assign 2-3 homeworks throughout the semester. They will not take long - two to four hours each.
Class project (25%). You will work in groups of 2-3 on a class project in computer security.
Class participation (5%). I strongly encourage discussion and debate in class. Please don't hesitate to ask questions if you don't understand or disagree with anything covered in this course.
Midterm exam (20%).
Final exam (25%). The final is cumulative, so it will have questions covering topics from the entire semester.

Class Notes

If you would like to earn extra credit, say, to make up for missing paper reviews, you may volunteer to write up notes for a lecture. I will count one day's notes as equivalent to one paper review. Only two people can submit notes for any given day, so check with me in advance. Notes should be submitted in text, html, postscript, or PDF format. I will post the notes on the course web page.

Note: If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, please contact the staff in the Disabled Student Services office (DSS), Room 133, Humanities, 632-6748v/TDD. DSS will review your concerns and determine with you what accommodations are necessary and appropriate. All information and documentation of disability are confidential.

Reading Assignments

Note: the reading list may change throughout the semester.
Warning: The notes below may contain errors. Use with caution.

Date	Topic/Reading assignment
1/23	Security basics: goals, threat models Notes, Kimberly Albrecht. Notes, Kiron Vijayasankar. Notes, Mohammed Abaubacker Ali.
1/25	Trust, open design, principles of secure system design Reflections on trusting trust, Thompson Rudimentary treatise on the construction of locks, Tomlinson Notes, Shruthi Velichala Notes, Kimberly Albrecht
1/30	Confinement, virtual machines No reading Notes, Kimberly Albrecht
2/1	Access Control: ACMs, HRU Theorem, Bell-Lapadula Protection, Butler Lampson. Notes, Pranav Moolwaney Notes, Kimberly Albrecht
2/6	Access Control: Biba, Capabilities, Revocation The Confused Deputy, Hardy. Notes, Kimberly Albrecht
2/8	Access Control: Revocation Authentication No reading Notes, Dhiraj Chawla Notes, Puneet Gupta
2/13	Software security: introduction No reading
2/15	Static analysis: type qualifier inference Detecting Format String Vulnerabilities With Type Qualifiers, Shankar, Talwar, Foster, Wagner. Notes, Jung-hoon Lee Notes, George John
2/20	Static analysis: MECA Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions, Engler, Chelf, Chou, Hallem. Notes, Dhiraj Chawla Notes, Kimberly Albrecht
2/22	Static analysis: CCured CCured: Type-Safe Retrofitting of Legacy Code, George Necula, Scott McPeak, Westley Weimer Notes, Ashok Dwarakinath. Notes, Jared Verdi. Notes, Dhiraj Chawla
2/27	Guest Lecture: Radu Sion Topic: TBA
3/1	Secure software design Privtrans: Automatically Partitioning Programs for Privilege Separation, Brumley, Song. Notes, Sivasuman Mulumudi Notes, Jason Cheung Notes, Kiron Vijayasankar
3/6	Buffer overflows: the systems solution On the Effectiveness of Address-Space Randomization, Shacham, Page, Pfaff, Goh, Modadugu, Boneh OPTIONAL: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Cowan, Pu, Maier, Walpole, Bakke, Beattie, Grier, Wagle, Zhang OPTIONAL: PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities, Cowan, Beattie, Johansen, Wagle Notes, Jung-hoon Lee Notes, Shruthi Velichala Notes, Jason Cheung
3/8	System call interposition Ostia: A Delegating Architecture for Secure System Call Interposition, Garfinkel, Pfaff, Rosenblum Notes, Jung-hoon Lee Notes, Jason Cheung Notes, Kimberly Albrecht
3/13	Intrusion detection Intrusion Detection via Static Analysis, Wagner, Dean. Notes, Jung-hoon Lee
3/15	Midterm
3/20	Sandboxing, Ostia (continued) Notes, Jung-hoon Lee Notes, Gopalakrishnan Iyer Notes, Kimberly Albrecht
3/22	Inline reference monitors Efficient Software-Based Fault Isolation, Wahbe, Lucco, Anderson, Graham Notes, Jared Verdi. Notes, Dhiraj Chawla. Notes, Jung-Hoon Lee. Notes, Ning Liu. Notes, Pranav Moolwaney.
3/27	Proof-carrying code Proof-Carryig Code, Necula Notes,Jung-Hoon Lee.
3/29	Trusted computing Terra: A Virtual Machine-Based Platform for Trusted Computing, Garfinkel, Pfaff, Chow, Rosenblum, Boneh. Notes, Jung-Hoon Lee. Notes, Kimberly Albrecht.
4/3	Spring Break
4/5	Spring Break
4/10	DOS Using Client Puzzles to Protect TLS, Dean, Stubblefield. Notes, Chia-Hao Wu. Notes, Jason Cheung. Notes, Gabriel Sanchez.
4/12	Catch-up day -- No reading Notes, Chia-Hao Wu Notes, Jung-Hoon Lee
4/17	Side channel attacks TIMING: Remote Timing Attacks are Practical, Brumley, Boneh OPTIONAL: TEMPEST: Optical Time-Domain Eavesdropping Risks of CRT Displays, Kuhn OPTIONAL: SOUND: Keyboard Acuoustic Emanations, Asonov, Agrawal. Notes, Chia-Hao Wu Notes, Jung-hoon Lee Notes, Ning Liu Notes, Puneet Gupta
4/19	Human factors in security The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies, Schechter, Dhamija, Ozment, Fischer. Notes, Chia-Hao Wu Notes, Jason Cheung Notes, Jung-Hoon Lee
4/24	CASE STUDY: Analysis of an Electronic Voting System, Kohno, Stubblefield, Rubin, Wallach. Notes, Jason Cheung
4/26	CASE STUDY: A Security Analysis of a Cryptographically-Enabled RFID Device, Bono, Green, Stubblefield, Juels, Rubin, Szydlo. Notes, Jason Cheung Notes, Jung-Hoon Lee Notes, Shruthi Velichala
5/1	CASE STUDY: Lessons from the Sony CD DRM Episode, Halderman, Felten.
5/3	Fun stuff Humans: Telling Humans and Computers Apart Automatically, von Ahn, Blum, and Langford Money: Why Information Security is Hard - An Economic Perspective, Anderson. Notes, Jason Cheung
5/15	Final Exam 8am-10:30am