CSE608 Fall 2005. Advanced Computer Security

Focus: Software Security

Lecturer:	Rob Johnson
Location:	1211 Computer Science Building, Oct. 11 onward
Time:	TuTh 3:50-5:10pm
Office Hours:	Tu 2-3:30pm

News

10/19: See the projects page for details, deadlines, and suggestions for the class project.

Overview

This class will cover common security vulnerabilities and recently developed techniques for detecting and fixing these security holes. More importantly, the course will prepare students to conduct their own research in software security.

Topics

Common security bugs
- Buffer overflows
- Invalid input bugs (format string bugs, user-kernel bugs, SQL bugs, XSS bugs, etc.)
- Race conditions
- File descriptor attacks
- Tempfile bugs
- Integer overflow bugs
Countermeasures
- Static analysis: type inference, model checking, meta-compilation
- Code transformation: CCured, automated privilege separation
- Runtime support: Java, sandboxing, intrusion detection
- Other topics: proof carrying code, student-selected topics

Requirements and Grading

Paper reviews (15%). We will discuss 1-2 papers during each session. You must read the papers before coming to class and write a short (about a half-page) review of each paper. Your review must give at least two criticisms of each paper and should be handed in at the beginning of class.
Class project (75%). You will work in groups of 2-3 on a class project in computer security. Your project does not have to be in the area of software security, but whatever the topic, you should aim to produce original, publishable research. Your team will write a 12-16 page paper describing your project and results and will give a 20-minute, conference-style presentation on your project at the end of the semester.
Class participation (10%). I strongly encourage discussion and debate in class. Please don't hesitate to ask questions if you don't understand or disagree with anything covered in this course.
No exam.

Reading Assignments

Note: the reading list may change throughout the semester.

Date	Reading assignment
8/30	Overview of software security
9/1	Two approaches to software security Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services, Miller, et al. Improving Security Using Extensible Lightweight Static Analysis, Evans, Larochelle.
9/6	Data-flow analyses: type qualifier inference Detecting Format String Vulnerabilities With Type Qualifiers, Shankar, Talwar, Foster, Wagner.
9/8	Data-flow analyses: type qualifier inference Finding User/Kernel Pointer Bugs With Type Inference, Johnson, Wagner. Data-flow analyses: points-to analysis Finding Security Vulnerabilities in Java Applications with Static Analysis, Livshits, Lam.
9/13	No reading assignment. Turn in reviews for any of the papers so far.
9/15	Control-flow analyses: model checking MOPS: an infrastructure for examining security properties of software, Chen, Wagner.
9/20	Control-flow analyses: model checking Model checking one million lines of C code, Chen, Dean, Wagner.
9/22	No reading assignment. Turn in reviews for any of the papers so far.
9/27	Control+data-flow: model checking with data Automatically Validating Temporal Safety Properties of Interfaces, Ball, Rajamani.
9/29	No reading assignment. Turn in reviews for any of the papers so far.
10/4	No class - Rosh Hashanah
10/6	Control+data-flow: model checking with lazy abstraction Lazy Abstraction, Henzinger, Jhala, Majumdar, Sutre.
10/11	No reading assignment. Turn in reviews for any of the papers so far.
10/13	No reading assignment. Turn in reviews for any of the papers so far.
10/18	No reading assignment. Turn in reviews for any of the papers so far.
10/20	Control+data-flow: Meta-compilation Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions, Engler, Chelf, Chou, Hallem.
10/25	Automated specification generation Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code, Engler, Chen, Hallem, Chou, Chelf.
10/27	Buffer overflows A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities, Wagner, Foster, Brewer, Aiken.
11/1	Buffer overflows (due to the short notice, this paper is optional, but highly recommended!) CCured: Type-Safe Retrofitting of Legacy Code, George Necula, Scott McPeak, Westley Weimer
11/3	Buffer overflows StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Crispin Cowan, Calton Pu, Dave Maier, Jonathon Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang. PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities, Crispin Cowan, Steve Beattie, John Johansen, Perry Wagle.
11/8	Control hijacking attacks: (optional reading) Control-Flow Integrity, Abadi, Budiu, Erlingsson, Ligatti.
11/10	Intrusion detection Intrusion Detection via Static Analysis, Wagner, Dean.
11/15	Intrusion detection Efficient Context-sensitive Intrusion Detection, Giffin, Jha, Miller.
11/17	Architecting secure code: privilege separation Preventing Privilege Escalation, Provos, Friedl, Honeyman.
11/22	Architecting secure code: automated privilege separation Privtrans: Automatically Partitioning Programs for Privilege Separation, Brumley, Song.
11/24	No class - Thanksgiving
	Tentative future reading assignments
11/29	Java security Extensible security architectures for Java, Wallach, Balfanz, Dean, Felten.
12/1	Java security IRM enforcement of Java stack inspection, Erlingsson, Schneider.
12/6	Malware detection Semantics-Aware Malware Detection, Christodorescu, Jha, Seshia, Song, Bryant.
12/8	Student Interests: TBD
12/13	Project presentations