Course Syllabus

Spring 2017


Lecture 1: 4/ 4/17 (DB)	Course overview [pdf, ppt] Reading: Reflections on Trusting Trust, Ken Thompson Measuring Pay-per-Install: The Commoditization of Malware Distribution, by J. Caballero, C. Grier, C. Kreibich, V. Paxson
Part 1: Basics

Lecture 2: 4/ 6/17 (DB)	Control hijacking attacks: exploits [pdf, ppt] Reading: Hacking blind, A. Bittau et al. Basic Integer Overflows, blexim Use after free exploit example, K. Winterborn Bypassing Browser Memory Protections, A. Sotirov, M. Dowd

Lecture 3: 4/11/17 (DB)	Control hijacking attacks: defenses [pdf, ppt] Reading: Return oriented programming, H. Shacham et al. Control flow integrity, M. Abadi et al. kBouncer: Efficient and Transparent ROP Mitigation, V. Pappas

Lecture 4: 4/13/17 (JM)	Principle of least privilege, access control, and operating systems security [pdf, ppt] Reading: SetUID Demystified, Chen, Dean, and Wagner, 2002. Operating Systems Security, T. Jaeger, 2008. Chapter 4, Security in Ordinary Operating Systems.

Lecture 5: 4/18/17 (DB)	Dealing with legacy code: sandboxing and isolation [pdf, ppt] Reading: Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, T. Garfinkel Efficient Software-Based Fault Isolation, Robert Wahbe, et al.

Lecture 6: 4/20/17 (inv)	Exploitation techniques and fuzzing (Alex Stamos) [pdf] Reading: How hackers look for bugs, by Dave Aitel An example: Exploiting Broadcom’s Wi-Fi Stack, by Gal Beniamini, Google project zero. Real world fuzzing, by Charlie Miller Effective Bug Discovery, vf.
Part 2: Web Security

Lecture 7: 4/25/17 (JM)	Basic web security model [pdf, ppt] Reading: Securing Browser Frame Communication. Adam Barth, Collin Jackson, and John C. Mitchell The Security Architecture of the Chromium Browser. Adam Barth, Collin Jackson, Charles Reis, and the Google Chrome Team Exposing private information by timing web applications. A. Bortz, D. Boneh, and P. Nandy

Lecture 8: 4/27/17 (JM)	Web application security [pdf, ppt] Reading: Cross site scripting explained, Amit Klein SQL Injection attacks, Chris Anley Robust Defenses for Cross-Site Request Forgery. Adam Barth, Collin Jackson, and John C. Mitchell

Lecture 9: 5/ 2/17 (DB)	Session management and user authentication [pdf, ppt] Reading: Secure Session Management With Cookies for Web Applications. Chris Palmer Origin Cookies: Session Integrity for Web Applications. by Bortz et al.

Lecture 10: 5/ 4/17 (JM)	Content Security Policies (CSP), Web workers, and extensions [pdf, ppt] Reading: Web workers Content Security Policies Sandboxed iFrames cors

Lecture 11: 5/ 9/17 (DB)	Overview of cryptography [pdf, ppt] Reading: The BREACH attack: encryption and compression don't mix, by Gluck, Harris, and Prado The case for prefetching and prevalidating TLS server certificates, by E. Stark, L.S. Huang, et al.

Lecture 12: 5/11/17 (DB)	HTTPS: goals and pitfalls [pdf, ppt] Reading: ForceHTTPS: protecting high-security web sites from network attacks, by A. Barth and C. Jackson The case for short-lived certificates. by Topalovic et al.
Part 3: Network security

Lecture 13: 5/16/17 (DB)	Security issues in Internet protocols: TCP, DNS, and routing [pdf, ppt] Reading: A look back at Security Problems in the TCP/IP Protocol Suite, S. Bellovin, ACSAC 2004. BGP Security in Partial Deployment, Lychev, Goldberg, Schapira, 2013. DNS cache poisoning, Steve Friedl

Lecture 14: 5/18/17 (JM)	Network defense tools: Firewalls, VPNs, Intrusion Detection, and filters [pdf, ppt] Reading: A Security Evaluation of DNSSEC with NSEC3, J. Bau and J.C. Mitchell Distributed Firewalls, S. Bellovin Bro: A System for Detecting Network Intruders in Real-Time, V. Paxon

Lecture 15: 5/23/17 (DB)	Unwanted traffic: denial of service attacks [pdf, ppt] Reading: Details of a recent large-scale DDoS event (2013) Practical network support for IP Traceback, S. Savage, et al. A DoS-Limiting Network Architecture, Yang, Wetherall, and Anderson

Lecture 16: 5/25/17 (JM)	Tools for improving system security [pdf, ppt] Reading: Ashcraft and Engler: Using Programmer-Written Compiler Extensions to Catch Security Holes. pdf, Sections 1-2. Bau, Wang, Bursztein, Mutchler and Mitchell: Vulnerability Factors in New Web Applications. pdf
Part 4: Security of mobile platforms

Lecture 17: 5/30/17 (JM)	Mobile platform security models: Android and iOS [pdf, ppt] Reading: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Enck et al. iOS Security, iOS 10. How to fake a fingerprint and break into a phone.

Lecture 18: 6/ 1/17 (JM)	Mobile threats and malware [pdf, ppt] Reading: Understanding Android Security Enck, Ongtang, and McDaniel, 2009 (Security Enforcement section) FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps (first two sections), Arzt et al. A Large-Scale Study of Mobile Web App Security P. Mutchler, A. Doupe, J. Mitchell, C. Kruegel, and G. Vigna.

Lecture 19: 6/ 6/17 (inv)	Final lecture: Diogo Mónica, Docker [pdf] Reading: Analysis of Docker Security, Bui 2015.

CS155 Computer and Network Security

Course Syllabus

Spring 2017