The course covers principles of computer systems security.
We will discuss various attack techniques and how to defend against them.
Topics include Network attacks and defenses, Operating system holes,
application security (web, e-mail, databases), viruses, social engineering
attacks, privacy, and digital rights management. Course projects will
focus on building reliable code. The course is intended for senior
undergraduates and first year graduate students.Pre-requisites:
CS140 (operating systems).
Part I: Application security
- Some examples of things that go wrong.
misconfiguration, macro languages, hidden functionality, buggy software.
the security of your site by breaking into it, Dan Farmer, Wietse
- Buffer overflow attacks and other
common bugs. [ppt]
Finding overflows. Exploiting overflows. Defenses.
Stack For Fun And Profit, Aleph One.
Overflows: Attacks and Defenses for the Vulnerability of the Decade,
Crispin Cowan, et al.
Format String Vulnerabilities, team teso.
- Examples and tools for designing secure
application code. [ppt]
Programmer-Written Compiler Extensions to Catch Security Holes, Ken
Ashcraft, Dawson Engler
- Dealing with bad (legacy) application code.
Sandboxing. . [ppt]
A note on the
confinement problem, Butler Lampson.
environment for untrusted helper applications: confining the wily
hacker, Ian Goldberg, David Wagner, et al.
Fault Isolation, Robert Wahbe, et al.
- Web browser and mobile code security
Reading: McGraw and Felten, Securing Java,
- Web site security: attacks and defenses
Dos and Don'ts of Client Authentication on the Web,
Kevin Fu, Emil Sit, Kendra Smith, and Nick Feamster.
Cross site scripting explained, Amit Klein.
SQL Injection attacks, Chris Anley.
- Use of cryptography in computer security
Why cryptosystems fail.
Optional: WEP protocol security.
Part II: OS Security
- Secure operating systems.
Access control and file system security
J.H. Saltzer and M.D. Schroeder,
The Protection of Information in Computer Systems.
The first three pages and section 5.2 of
Setuid Demystified, by Chen, Wagner, and Dean.
See Access control pages
Common Criteria description
for further information on Windows.
- Remote file system security. NFS, SMB, SFS.
- User authentication.
passwords, biometrics, smartcards.
- Intrusion detection and virus protection
Computer Virus-Antivirus Coevolution.
Comm. ACM, 40(1), pp. 46-51, January 1997.
Bro: A System for Detecting Network Intruders in Real-Time.
Proc. 7th USENIX Security Symposium, San Antonio, TX, January 1998.
- Trusted Computing. TCPA and NGSCB. Digital Rights Management.
Part III: Network security
- Insecurity in existing network protocols
Steven M. Bellovin,
Security Problems in the TCP/IP Protocol Suite,
in Computer Communications Review 2:19, pp. 32-48, April 1989,
Using the Domain Name System for System Break-Ins,
in Proc Fifth Usenix UNIX Security Symposium, Salt Lake City,
UT, June, 1995.
- Security protocols: IPsec, DNSsec, SBGP.
Security Architecture for the Internet Protocol, S. Kent, et al.
Secure border Gateway Protocol (SBGP), S. Kent, et al.
Insertion, Evasion, and Denial of Service: Eluding Network
Intrusion Detection, T. Ptacek and T. Newsham.
- Denial of service attacks.
The TFN distributed denial of service attack tool, D. Dittrich
Practical network support
for IP Traceback, S. Savage, et al.
Part IV: Final topics
- Root kits and forensics tools.
- Electronic transfer of money.
Payment mechanisms on the
Internet. The ACH network. The visa payment system.
ATM Security. Verified by Visa.
- Final topics
Open source/closed source debate. Full disclosure
movement (whitehat vs. blackhat). Ethical hacking.