CS 155 Syllabus

(Spring 2007)


The course covers principles of computer systems security. We will discuss various attack techniques and how to defend against them. Topics include Network attacks and defenses, Operating system holes, application security (web, e-mail, databases), viruses, social engineering attacks, privacy, and digital rights management. Course projects will focus on building reliable code. The course is intended for senior undergraduates and first year graduate students.

Pre-requisites: CS140 (operating systems).
Lecture 1:   
4/ 3/07
Course overview   [ppt]
Reflections on Trusting Trust, Ken Thompson
Part 1: Basics
Lecture 2:   
4/ 5/07
Buffer overflows and other common bugs: exploits and defenses   [ppt]
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, et al.
Smashing The Stack For Fun And Profit, Aleph One
Basic Integer Overflows, blexim

Exploiting Format String Vulnerabilities, team teso (optional)
Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server, David Litchfield (optional)

Once upon a free(), anonymous (Optional but useful for Project 1)
Intel Architecture Guide for Software Developers, Intel (Optional but pages 155-162 useful for Project 1)
How to hijack the Global Offset Table with pointers for root shells, c0ntex (Optional but useful for Project 1)
Lecture 3:   
Tools for writing robust application code   [ppt]
Using Programmer-Written Compiler Extensions to Catch Security Holes, Ken Ashcraft, Dawson Engler
Thorough Static Analysis of Device Drivers, Ball et al.
EXE: Automatically Generating Inputs of Death, Cadar et al.
Lecture 4:   
Malware: Computer viruses, Spyware, key-loggers, and bots
Hunting for metamorphic, Szor, P. Ferrie
Computer Virus-Antivirus Coevolution. Nachenberg, Comm. ACM, 40(1), pp. 46-51, 1997
Know your Enemy: Tracking Botnets, Honeynet
The Anatomy of Clickbot.A, Daswani et al. (optional)
Lecture 5:   
Secure system design, access control, and protection   [pdf]
The Protection of Information in Computer Systems J.H. Saltzer and M.D. Schroeder
Setuid Demystified, Chen, Wagner, and Dean (first three pages and section 5.2)
Windows access control pages
Lecture 6:   
Dealing with bad (legacy) application code: Sandboxing   [pdf]
A note on the confinement problem, Butler Lampson
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, T. Garfinkel
Efficient Software-Based Fault Isolation, Robert Wahbe, et al.
Lecture 7:   
Use of cryptography in computer security   [pdf]
Why cryptosystems fail, Ross Anderson
Part 2: Web Security
Lecture 8:   
Web site security: attacks and defenses   [ppt]
Cross site scripting explained, Amit Klein
SQL Injection attacks, Chris Anley
Dos and Don'ts of Client Authentication on the Web, Kevin Fu et al.
Lecture 9:   
5/ 1/07
Web site architecture   [pdf]
Securing Java, McGraw and Felten, Chapter 2
Lecture 10:   
5/ 3/07
User authentication: Password management, phishing, user interfaces, single sign on
Protecting Browser State from Web Privacy Attacks, Jackson et al
Part 3: Network security
Lecture 11:   
5/ 8/07
Security problems in network protocols: TCP, DNS, SMTP, and routing   [pdf]
A look back at Security Problems in the TCP/IP Protocol Suite, S. Bellovin, ACSAC 2004.
Using the Domain Name System for System Break-Ins, S. Bellovin, 1995
Lecture 12:   
Network defense tools: Firewalls, Intrusion Detection, and filters   [pdf]
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, T. Ptacek
Bro: A System for Detecting Network Intruders in Real-Time, V. Paxon
Linux Firewall - the Traffic Shaper , J. Wortelboer and J. Van Oorschot
Lecture 13:   
Denial of service attacks   [ppt]
Practical network support for IP Traceback, S. Savage, et al.
A DoS-Limiting Network Architecture, Yang, Wetherall, and Anderson
A detailed DDoS extortion story
Lecture 14:   
Network worms: attacks and defenses   [pdf]
Inside the slammer worm, S. Savage
Automated worm fingerprinting, S. Singh et al.
Blocking new attacks without patching, H. Wang et al.
Lecture 15:   
Privacy: Anonymous browsing, mix nets (Tor), voting, PIR
Tor: The Second-Generation Onion Router, Dingledine et al.
Simple Verifiable Elections, Benaloh
Part 5: Final topics
Lecture 16:   
Secure file systems and backups, Byzantine agreement   [pdf]
Lecture 17:   
Trusted Computing Systems   [ppt]
Experimenting with TCG Hardware, Marchesini, et al.
TCG Specification Architecture Overview
A Virtual Machine-Based Platform for Trusted Computing, Garfinkel et al.
Lecture 18:   
Digital Rights Management
Hardware-assisted circumvention of self-hashing software tamper resistance, Oorschot et al.
Wikipedia description and links
Lecture 19:   
6/ 5/07
Final lecture: Neil Daswani, Google Inc.
The Anatomy of Clickbot.A, Daswani et al. (optional)