CSE 409/509 Spring 2009. System Security

Lecturer:	Rob Johnson
TA:	Isaac Chanin
Location:	Javits 101
Time:	MoFr 12:50-2:10pm
Office Hours:	Rob: We 10am-12:00pm, 2313D Computer Science Building Isaac: Mo 3:20-5:20
Home page:	http://www.cs.sunysb.edu/~rob/teaching/cse509-sp09

News

The projects are now available.
Due to reorganization of the course, the old mid-terms are not very applicable to this year's course. However, you may find this old mid-term useful. (Only the first two questions have been covered this year.)

Overview

This class will cover the major concepts in computer security. We will focus primarily on securing a single host, although network security issues will be covered whenever they are relevant. The course material will be loosely organized around the central idea that new security mechanisms are developed to support finer-grained sharing.

Topics

Security basics: security goals, threat models, trust, policies, mechanism, security through obscurity
Isolation: virtual machines, memory protection, user-ids, file permissions, kernel services
Access control: authentication vs. authorization, access control matrices, access control lists, capabilities, Unix setuid programs
Shared code: shared libraries, local RPC, mobile code, sandboxing
Principles of secure system design: least privilege, failsafe defaults, economony of mechanism, least shared mechanism, complete mediation, accountability, psychological acceptability
Software security: trusted computing base, security kernels, reference monitors, software vulnerabilities, static analysis, dynamic monitoring
Cryptography: symmetric encryption, message authentication codes, asymmetric encryption, signatures
Network security: TCP/IP attacks, infrastructure attacks, Denial of Service attacks, firewalls, proxies, VPNs
Privacy and anonymity: onion routing, anonymous remailers, application-level anonymizers (e.g. web anonymizers), traffic analysis
Physical security: storage security, memory-corruption attacks, side-channel attacks
Cutting edge problems: trusted computing, remote attestation, CAPTCHAs, spam
Policy issues: human factors, incentives

Requirements and Grading

Subject to tweaks throughout the semester.

Paper reviews (10%). We will discuss 1-2 readings each week. You must read the papers before coming to class and write a short (1-2 paragraph) review (not a summary!) of each paper. Your review must give at least two criticisms of each paper. You are responsible for checking the class website to find the readings for the next class. Please email reviews as plaintext (not an attachment!) to rob+509r AT cs DOT sunysb DOT edu. (Note: Only send reviews to this address! All other correspondence should leave out the "+509r"!)
Homeworks (15%). I will assign 2-3 homeworks throughout the semester. They will not take long - two to four hours each.
Class project (25%). You will work in groups of 2-3 on a class project in computer security.
Class participation (5%). I strongly encourage discussion and debate in class. Please don't hesitate to ask questions if you don't understand or disagree with anything covered in this course.
Midterm exam (20%).
Final exam (25%). The final is cumulative, so it will have questions covering topics from the entire semester.

409 vs. 509. Students in 409 and 509 will follow the same course outline, but will be given different homeworks, exams, and projects.

Class Notes

If you would like to earn extra credit, say, to make up for missing paper reviews, you may volunteer to write up notes for a lecture. I will count one day's notes as equivalent to one paper review. Only two people can submit notes for any given day, so check with me in advance. Notes should be submitted in text, html, postscript, or PDF format. I will post the notes on the course web page.

Note: If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, please contact the staff in the Disabled Student Services office (DSS), Room 133, Humanities, 632-6748v/TDD. DSS will review your concerns and determine with you what accommodations are necessary and appropriate. All information and documentation of disability are confidential.

Reading Assignments

Note: the reading list may change throughout the semester.
Warning: The notes below may contain errors. Use with caution.

Date	Topic/Reading assignment
1/26	Security basics: goals, threat models Notes, Hen Fung Ng. Notes, William Anzovino.
1/30	Trust, open design, principles of secure system design Reflections on trusting trust, Thompson Rudimentary treatise on the construction of locks, Tomlinson Notes, Hen Fung Ng.
2/2	Confinement, virtual machines No reading Notes, Sujay Godbole.
2/6	Access Control: ACMs, HRU Theorem, Bell-Lapadula Protection, Butler Lampson. Notes, Rucha Lale.
2/9	Access Control: Biba, Capabilities, Revocation The Confused Deputy, Hardy. Notes, Nikhil Joshi. Notes, Dong-yi Wu. Notes, Avanti Limaje. Notes, Goutham Meruva. Notes, Bharti Kripalani.
2/13	Access Control: Revocation Authentication No reading Notes, Aravinda Kidambi.
2/16	Software security: Buffer overflows OPTIONAL: Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns, Pincus, Baker. Notes, Arvind Ayyangar. Notes, Bhuvan Mital. Notes, David Lin.
2/20	Software security: format string bugs, integer overflows, SQL injection attacks, XSS attacks, etc. Detecting Format String Vulnerabilities With Type Qualifiers, Shankar, Talwar, Foster, Wagner. OPTIONAL: Exploiting Format String Vulnerabilities, scut / team teso. Notes, Pranav Jadhav. Notes, Prachi Deshmukh
2/23	Static analysis: type qualifier inference No reading. Notes, Andres DelaCruz.
2/27	Static analysis: MECA Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions, Engler, Chelf, Chou, Hallem. Notes, Arun Ponniah. Notes, Hung Tot Ngo. Notes, Chetan Bharadwaj.
3/2	Class canceled due to snow
3/6	Static analysis: CCured CCured: Type-Safe Retrofitting of Legacy Code, George Necula, Scott McPeak, Westley Weimer Notes, Ajay Venkateshan. Notes, Rimmi Devgan. Notes, Guarav Naigaonkar. Notes, Hung Tot Ngo. Notes, Kaushik Chatterjee.
3/9	Secure software design Privtrans: Automatically Partitioning Programs for Privilege Separation, Brumley, Song. Notes, Hung Tot Ngo. Notes, Nick Hernandez.
3/13	Buffer overflows: the systems solution On the Effectiveness of Address-Space Randomization, Shacham, Page, Pfaff, Goh, Modadugu, Boneh OPTIONAL: StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Cowan, Pu, Maier, Walpole, Bakke, Beattie, Grier, Wagle, Zhang OPTIONAL: PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities, Cowan, Beattie, Johansen, Wagle Notes, Tapsie Giridher. Notes, Nick Hernandez.
3/16	Midterm
3/20	System call interposition Ostia: A Delegating Architecture for Secure System Call Interposition, Garfinkel, Pfaff, Rosenblum Notes, Nikhil Joshi. Notes, Niranjan Hasabnis. Notes, Arun Ponniah. Notes, Ganesh Sangle. Notes, Srujan Gulla. Notes, Tejas Vora.
3/23	Intrusion detection Intrusion Detection via Static Analysis, Wagner, Dean. Notes, Nick Hernandez. Notes, William Anzovino. Notes, Aneeta Bhattacharyya. Notes, Tejas Vora.
3/27	Sandboxing, Ostia (continued) Notes, David Lin.
3/30	Inline reference monitors Efficient Software-Based Fault Isolation, Wahbe, Lucco, Anderson, Graham Notes, Nick Hernandez. Notes, David Lin.
4/3	Proof-carrying code Proof-Carrying Code, Necula Notes, Nick Hernandez.
4/6	Spring Break
4/10	Spring Break
4/13	Trusted computing Terra: A Virtual Machine-Based Platform for Trusted Computing, Garfinkel, Pfaff, Chow, Rosenblum, Boneh. Notes, Pranav Jadhav. Notes, David Lin.
4/17	DOS Using Client Puzzles to Protect TLS, Dean, Stubblefield. Notes, David Lin.
4/20	Side channel attacks TIMING: Remote Timing Attacks are Practical, Brumley, Boneh OPTIONAL: TEMPEST: Optical Time-Domain Eavesdropping Risks of CRT Displays, Kuhn OPTIONAL: SOUND: Keyboard Acuoustic Emanations, Asonov, Agrawal. Notes, David Lin.
4/24	Human factors in security The Emperor's New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies, Schechter, Dhamija, Ozment, Fischer. Notes, Gaurav Naigaonkar. Notes, Nick Hernandez. Notes, Srujan Gulla. Notes, David Lin.
4/27	Guest speaker: Art Dahnert The Dark side of Engineering and how to defend against it No reading
5/1	CASE STUDY: Analysis of an Electronic Voting System, Kohno, Stubblefield, Rubin, Wallach. Notes, David Lin. Notes, Goutham Meruva.
5/4	CASE STUDY: A Security Analysis of a Cryptographically-Enabled RFID Device, Bono, Green, Stubblefield, Juels, Rubin, Szydlo. Notes, Nick Hernandez. Notes, Arunkumar Senthilnathan. Notes, Raveesh Ahuja. Notes, David Lin. Notes, Kudva Jayaram.
5/8	CASE STUDY: Lessons from the Sony CD DRM Episode, Halderman, Felten. Notes, Nick Hernandez. Notes, Sireesh Bolla. Notes, Tapsie Giridher. Notes, Abhiraj Butala. Notes, David Lin. Notes, Abishek Sharma. Notes, Arunkumar Senthilnathan.
5/18	Final Exam 2pm-4:30pm