CS 155 Syllabus

(Spring 2008)


The course covers principles of computer systems security. We will discuss various attack techniques and how to defend against them. Topics include Network attacks and defenses, Operating system holes, application security (web, e-mail, databases), viruses, social engineering attacks, privacy, and digital rights management. Course projects will focus on building reliable code. The course is intended for senior undergraduates and first year graduate students.

Pre-requisites: CS140 (operating systems).
Lecture 1:   
4/ 1/08
Course overview   [ppt]
Reflections on Trusting Trust, Ken Thompson
Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress (Congressional Research Services report)
Part 1: Basics
Lecture 2:   
4/ 3/08
Secure system design, access control, and protection   [ppt]
The Protection of Information in Computer Systems J.H. Saltzer and M.D. Schroeder
Protection, by Butler Lampson
The Confused Deputy, Norm Hardy
Preventing privilege escalation, Provos et al. 2003
Lecture 3:   
4/ 8/08
Buffer overflows and other common bugs: exploits and defenses   [ppt]
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, et al.
Smashing The Stack For Fun And Profit, Aleph One
Basic Integer Overflows, blexim

Exploiting Format String Vulnerabilities, team teso (optional)
Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server, David Litchfield (optional)

Once upon a free(), anonymous (Optional but useful for Project 1)
Intel Architecture Guide for Software Developers, Intel (Optional but pages 155-162 useful for Project 1)
How to hijack the Global Offset Table with pointers for root shells, c0ntex (Optional but useful for Project 1)
Lecture 4:   
Malware: Computer viruses, Spyware, and key-loggers
Hunting for metamorphic, Szor, P. Ferrie
Computer Virus-Antivirus Coevolution. Nachenberg, Comm. ACM, 40(1), pp. 46-51, 1997
Know your Enemy: Tracking Botnets, Honeynet
The Anatomy of Clickbot.A, Daswani et al. (optional)
Lecture 5:   
Fuzzing and tools for writing robust application code   [ppt]
Using Programmer-Written Compiler Extensions to Catch Security Holes, Ken Ashcraft, Dawson Engler
Thorough Static Analysis of Device Drivers, Ball et al.
White box fuzzing, by P. Godefroid et al.
How hackers look for bugs by Dave Aitel
Real world fuzzing, by Charlie Miller
Lecture 6:   
Dealing with bad (legacy) application code: sandboxing and isolation   [ppt]
A note on the confinement problem, Butler Lampson
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, T. Garfinkel
Efficient Software-Based Fault Isolation, Robert Wahbe, et al.
Lecture 7:   
Use of cryptography in computer security   [ppt]
Five-minute university
Why cryptosystems fail, Ross Anderson
Part 2: Web Security
Lecture 8:   
Web security: introduction   [ppt]
The ghost in the browser: analysis of web-based malware, Provos et al.
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks, Jackson and Barth.
Lecture 9:   
The browser security model   [ppt]
browser security papers.
Lecture 10:   
5/ 1/08
Secure web site design   [ppt]
Cross site scripting explained, Amit Klein
SQL Injection attacks, Chris Anley
Cross Site Request Forgeries, Schreiber, 2004
Lecture 11:   
5/ 6/08
User authentication: Password management, phishing, user interfaces, single sign on   [ppt]
Protecting Browser State from Web Privacy Attacks, Jackson et al
Designing and Conducting Phishing Experiments, Finn and Jakobsson, 2007
Part 3: Network security
Lecture 12:   
5/ 8/08
Security problems in network protocols: TCP, DNS, SMTP, and routing   [ppt]
A look back at Security Problems in the TCP/IP Protocol Suite, S. Bellovin, ACSAC 2004.
Protecting Browsers from DNS Rebinding Attacks
Lecture 13:   
Network defense tools: Firewalls, VPNs, Intrusion Detection, and filters   [pdf]
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, T. Ptacek
Bro: A System for Detecting Network Intruders in Real-Time, V. Paxon
Linux Firewall - the Traffic Shaper , J. Wortelboer and J. Van Oorschot
Lecture 14:   
Unwanted traffic: denial of service attacks and spam email   [ppt]
Practical network support for IP Traceback, S. Savage, et al.
A DoS-Limiting Network Architecture, Yang, Wetherall, and Anderson
A detailed DDoS extortion story
Lecture 15:   
Privacy: Anonymous routing, mix nets (Tor), and PIR   [ppt]
Tor: The Second-Generation Onion Router, Dingledine et al.
Lecture 16:   
Network worms and bot-nets: attacks and defenses   [ppt]
Inside the slammer worm, S. Savage
Automated worm fingerprinting, S. Singh et al.
Blocking new attacks without patching, H. Wang et al.
Characterizing the Remote Control Behavior of Bots , E. Stinson and J.C. Mitchell
Part 5: Final topics
Lecture 17:   
Trusted Computing Systems   [ppt]
Experimenting with TCG Hardware, Marchesini, et al.
TCG Specification Architecture Overview
A Virtual Machine-Based Platform for Trusted Computing, Garfinkel et al.
Lecture 18:   
Digital Rights Management   [ppt]
Hardware-assisted circumvention of self-hashing software tamper resistance, Oorschot et al.
Wikipedia description and links
Lecture 19:   
6/ 3/08
Final lecture: Zulfikar Ramzan, Symantec Corp.   [pdf]