Course Syllabus

Spring 2015


Lecture 1: 3/31/15 (DB)	Course overview [pdf, ppt] Reading: Reflections on Trusting Trust, Ken Thompson Measuring Pay-per-Install: The Commoditization of Malware Distribution, by J. Caballero, C. Grier, C. Kreibich, V. Paxson
Part 1: Basics

Lecture 2: 4/ 2/15 (DB)	Control hijacking attacks: exploits and defenses [pdf, ppt] Reading: Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, et al. Basic Integer Overflows, blexim Optional: Bypassing Browser Memory Protections, A. Sotirov

Lecture 3: 4/ 7/15 (DB)	Dealing with legacy code: sandboxing and isolation [pdf, ppt] Reading: Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, T. Garfinkel Efficient Software-Based Fault Isolation, Robert Wahbe, et al.

Lecture 4: 4/ 9/15 (JM)	Tools for writing robust application code [pdf, ppt] Reading: KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, by C. Cadar, D. Dunbar, D. Engler Finding Security Vulnerabilities in Java Applications with Static Analysis, by B. Livshits and M. Lam

Lecture 5: 4/14/15 (JM)	Principle of least privilege, access control, and operating systems security [pdf, ppt] Reading: SetUID Demystified, Chen, Dean, and Wagner, 2002. Operating Systems Security, T. Jaegeri, 2008. Chapter 4, Security in Ordinary Operating Systems.

Lecture 6: 4/16/15 (inv)	Exploitation techniques and fuzzing (Alex Stamos) [pdf, ppt] Reading: How hackers look for bugs by Dave Aitel Real world fuzzing, by Charlie Miller Effective Bug Discovery, vf.
Part 2: Web Security

Lecture 7: 4/21/15 (JM)	Basic web security model [pdf, ppt] Reading: Securing Browser Frame Communication. Adam Barth, Collin Jackson, and John C. Mitchell The Security Architecture of the Chromium Browser. Adam Barth, Collin Jackson, Charles Reis, and the Google Chrome Team Exposing private information by timing web applications. A. Bortz, D. Boneh, and P. Nandy

Lecture 8: 4/23/15 (JM)	Web application security [pdf, ppt] Reading: Cross site scripting explained, Amit Klein SQL Injection attacks, Chris Anley Robust Defenses for Cross-Site Request Forgery. Adam Barth, Collin Jackson, and John C. Mitchell

Lecture 9: 4/28/15 (JM)	Content Security Policies (CSP), Web workers, and extensions [pdf] Reading: Web workers Content Security Policies Sandboxed iFrames cors

Lecture 10: 4/30/15 (DB)	Session management and user authentication [pdf, ppt] Reading: Secure Session Management With Cookies for Web Applications. Chris Palmer Origin Cookies: Session Integrity for Web Applications. by Bortz et al.

Lecture 11: 5/ 5/15 (DB)	Overview of cryptography [pdf, ppt] Reading: The BREACH attack: encryption and compression don't mix, by Gluck, Harris, and Prado The case for prefetching and prevalidating TLS server certificates, by E. Stark, L.S. Huang, et al.

Lecture 12: 5/ 7/15 (DB)	HTTPS: goals and pitfalls [pdf, ppt] Reading: ForceHTTPS: protecting high-security web sites from network attacks, by A. Barth and C. Jackson The case for short-lived certificates. by Topalovic et al.
Part 3: Network security

Lecture 13: 5/12/15 (DB)	Security issues in Internet protocols: TCP, DNS, and routing [pdf, ppt] Reading: A look back at Security Problems in the TCP/IP Protocol Suite, S. Bellovin, ACSAC 2004. BGP Security in Partial Deployment, Lychev, Goldberg, Schapira, 2013. DNS cache poisoning, Steve Friedl

Lecture 14: 5/14/15 (JM)	Network defense tools: Firewalls, VPNs, Intrusion Detection, and filters [pdf, ppt] Reading: A Security Evaluation of DNSSEC with NSEC3, J. Bau and J.C. Mitchell Distributed Firewalls, S. Bellovin Bro: A System for Detecting Network Intruders in Real-Time, V. Paxon

Lecture 15: 5/19/15 (DB)	Unwanted traffic: denial of service attacks [pdf, ppt] Reading: Details of a recent large-scale DDoS event (2013) Practical network support for IP Traceback, S. Savage, et al. A DoS-Limiting Network Architecture, Yang, Wetherall, and Anderson
Part 4: Security of mobile platforms

Lecture 16: 5/21/15 (JM)	Mobile platform security models: Android and iOS [pdf, ppt] Reading: Understanding Android Security Enck, Ongtang, and McDaniel, 2009 (Security Enforcement section) TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Enck et al.

Lecture 17: 5/26/15 (JM)	Mobile threats and malware [pdf, ppt] Reading: FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps Arzt et al. A Large-Scale Study of Mobile Web App Security P. Mutchler, A. Doupe, J. Mitchell, C. Kruegel, and G. Vigna.

Lecture 18: 5/28/15 (DB)	More on malware: viruses, Spyware and key-loggers Reading: All your iFrames point to us, N. Provos et al. Is finding security holes a good idea, E. Rescorla Know Your Enemy: Fast-Flux Service Networks, Honeynet

Lecture 19: 6/ 2/15 (inv)	Final lecture: Oded Horovitz (Facebook)

CS155 Computer and Network Security

Course Syllabus

Spring 2015