Course Syllabus

Spring 2018


Lecture 1: 4/ 3/18 (DB)	Course overview [pdf, ppt] Reading: Reflections on Trusting Trust, Ken Thompson Measuring Pay-per-Install: The Commoditization of Malware Distribution, by J. Caballero, C. Grier, C. Kreibich, V. Paxson
Part 1: Basics

Lecture 2: 4/ 5/18 (DB)	Control hijacking attacks: exploits [pdf, ppt] Reading: Hacking blind, A. Bittau et al. Basic Integer Overflows, blexim Use after free exploit example, K. Winterborn Bypassing Browser Memory Protections, A. Sotirov, M. Dowd

Lecture 3: 4/10/18 (DB)	Control hijacking attacks: defenses [pdf, ppt] Reading: Return oriented programming, H. Shacham et al. Control flow integrity, M. Abadi et al. kBouncer: Efficient and Transparent ROP Mitigation, V. Pappas

Lecture 4: 4/12/18 (JM)	Principle of least privilege, access control, and operating systems security [pdf, ppt] Reading: SetUID Demystified, Chen, Dean, and Wagner, 2002. Operating Systems Security, T. Jaeger, 2008. Chapter 4, Security in Ordinary Operating Systems.

Lecture 5: 4/17/18 (DB)	Dealing with legacy code: sandboxing and isolation [pdf, ppt] Reading: Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, T. Garfinkel Efficient Software-Based Fault Isolation, Robert Wahbe, et al.

Lecture 6: 4/19/18 (inv)	Exploitation techniques and fuzzing (Alex Stamos) [pdf] Reading: How hackers look for bugs, by Dave Aitel An example: Exploiting Broadcom’s Wi-Fi Stack, by Gal Beniamini, Google project zero. Real world fuzzing, by Charlie Miller Effective Bug Discovery, vf.

Lecture 7: 4/24/18 (DB)	Overview of cryptography [pdf, ppt] Reading: The BREACH attack: encryption and compression don't mix, by Gluck, Harris, and Prado The case for prefetching and prevalidating TLS server certificates, by E. Stark, L.S. Huang, et al.
Part 2: Web Security

Lecture 8: 4/26/18 (JM)	Basic web security model [pdf, ppt] Reading: Securing Browser Frame Communication. Adam Barth, Collin Jackson, and John C. Mitchell Analyzing and Defending Against Web-based Malware. J. Chang et al. Exposing private information by timing web applications. A. Bortz, D. Boneh, and P. Nandy

Lecture 9: 5/ 1/18 (DB)	HTTPS: goals and pitfalls [pdf, ppt] Reading: ForceHTTPS: protecting high-security web sites from network attacks, by A. Barth and C. Jackson The case for short-lived certificates. by Topalovic et al.

Lecture 10: 5/ 3/18 (JM)	Web application security [pdf, ppt] Reading: Cross site scripting explained, Amit Klein SQL Injection attacks, Chris Anley Robust Defenses for Cross-Site Request Forgery. Adam Barth, Collin Jackson, and John C. Mitchell

Lecture 11: 5/ 8/18 (JM)	Session management and user authentication [pdf, ppt] Reading: Secure Session Management With Cookies for Web Applications. Chris Palmer Origin Cookies: Session Integrity for Web Applications. by Bortz et al.

Lecture 12: 5/10/18 (JM)	Content Security Policies (CSP), Web workers, and extensions [pdf, ppt] Reading: Web workers Content Security Policies Sandboxed iFrames cors
Part 3: Network security

Lecture 13: 5/15/18 (DB)	Security issues in Internet protocols: TCP, DNS, and routing [pdf, ppt] Reading: A look back at Security Problems in the TCP/IP Protocol Suite, S. Bellovin, ACSAC 2004. BGP Security in Partial Deployment, Lychev, Goldberg, Schapira, 2013. DNS cache poisoning, Steve Friedl

Lecture 14: 5/17/18 (JM)	Network defense tools: Firewalls, VPNs, Intrusion Detection, and filters [pdf, ppt] Reading: A Security Evaluation of DNSSEC with NSEC3, J. Bau and J.C. Mitchell Distributed Firewalls, S. Bellovin Bro: A System for Detecting Network Intruders in Real-Time, V. Paxon

Lecture 15: 5/22/18 (DB)	Unwanted traffic: denial of service attacks [pdf, ppt] Reading: DDoS amplification attack statistics, 2017 The real cause of large DDoS - IP Spoofing, Marek Majkowski, 2018. Practical network support for IP Traceback, S. Savage, et al. A DoS-Limiting Network Architecture, Yang, Wetherall, and Anderson

Lecture 16: 5/24/18 (JM)	Tools for improving system security [pdf, ppt] Reading: Ashcraft and Engler: Using Programmer-Written Compiler Extensions to Catch Security Holes. pdf, Sections 1-2. Bau, Wang, Bursztein, Mutchler and Mitchell: Vulnerability Factors in New Web Applications. pdf

Lecture 17: 5/29/18 (inv)	Final invited lecture: Paul Kocher, The Spectre Attacks. [pdf, ppt] Reading: Spectre Attacks: Exploiting Speculative Execution. Paul Kocher, 2018
Part 4: Security of mobile platforms

Lecture 18: 5/31/18 (JM)	Mobile platform security models: Android and iOS [pdf, ppt] Reading: TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, Enck et al. iOS Security, iOS 10. How to fake a fingerprint and break into a phone.

Lecture 19: 6/ 5/18 (JM)	Mobile threats and malware [pdf, ppt] Reading: Understanding Android Security Enck, Ongtang, and McDaniel, 2009 (Security Enforcement section) FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps (first two sections), Arzt et al. A Large-Scale Study of Mobile Web App Security P. Mutchler, A. Doupe, J. Mitchell, C. Kruegel, and G. Vigna.

CS155 Computer and Network Security

Course Syllabus

Spring 2018