Computer Systems Security (Winter 2016)

Course Outline

Here is the course outline.

Hacking Opportunities

The Hacking Opportunities page lists potential hacking opportunities that you can attempt for your hacking journal. If you attempt but do not successfully accomplish one of them, be sure to document what you tried. As you learn more, you may come back to them and try again.

Resources

Readings

• For the first part of the course we will be reading selections from Trent Jaeger's Operating Systems Security textbook. You can download the PDF through Carleton's library. In the reading assignments this text will be referred to as "Jaeger".
• An excellent but dated text on browser security is Michal Zalewski's Browser Security Handbook.

Other Courses

• Dan Boneh ran an excellent course at Stanford in Spring 2015 on Computer and Network Security. This course has many interesting readings that we will not be covering. Also, the assignments are very good sources for hacking opportunities.
• The assignments from the Winter 2015 run of COMP 4108 are available. They are a reasonable start for several hacking opportunities.

Lectures and Exams

Date	Topic	Readings
Jan. 7	Introduction	Jaeger, Chapter 1 (Introduction)
Jan. 12	Access Control, Security Hacking 101	Jaeger, Chapter 2 (Access Control Fundamentals)
Jan. 14	Multics, UNIX, and Windows	Jaeger, Chapter 3 (Multics) and Chapter 4 (UNIX & Windows)
Jan. 19	Secure OSs, theory and practice	Jaeger, Chapter 6 (Security Kernels) and Chapter 7 (Securing Commercial Operating Systems)
Jan. 21	LSM, SELinux, & Capabilities	Jaeger, Chapter 9 (LSM & SELinux) and Chapter 10 (Secure Capability Systems)
Jan. 26	Secure Virtual Machines, Systems Assurance	Jaeger, Chapter 11 (Secure Virtual Machine Systems) and Chapter 12 (System Assurance)
Jan. 28	Lecture 7
Feb. 2	Lecture 8
Feb. 4	Defensive Security Technologies / Hacking Opportunities
Feb. 9	Security Research, Hashes, and Secure Protocols
Feb. 11	Modeling a potential attack/ Midterm FAQ
Feb. 23	Midterm Review
Feb. 25	Midterm (in class)
Mar. 1	Buffer Overflow/Memory Corruption Attacks	Aleph One (aka Elias Levy), Smashing The Stack For Fun And Profit (Phrack 49, 1996)
Mar. 3	Buffer Overflow/Memory Corruption Defenses	Wikipedia, Buffer Overflow Protection Crispin Cowan et al., StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks (USENIX Security, 1998)
Mar. 8	Bypassing ASLR and Buffer Overflow Exploits using return-into-libc	Hovav Shacham et al., On the effectiveness of address-space randomization (ACM CCS, 2004) (proxy) Hovav Shachem The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86) (ACM CCS 2007) (proxy)
Mar. 10	Network Firewalls	Bellovin and Cheswick, Network Firewalls (IEEE Communications Magazine, 1994) (proxy)
Mar. 15	Lecture 17	Dingledine, Mathewson, and Syverson, Tor: The Second-Generation Onion Router (USENIX Security 2004) Albert Kwon et al., Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services (USENIX Security 2015) (background)Tor: Overview
Mar. 17	Lecture 18	Blase Ur et al., Measuring Real-World Accuracies and Biases in Modeling Password Guessability (USENIX Security 2015) Nikolaos Karapanos et al., Sound-Proof: Usable Two-Factor Authentication Based on Ambient Sound (USENIX Security 2015)
Mar. 22	Lecture 19	Giancarlo Pellegrino et al., In the Compression Hornet’s Nest: A Security Study of Data Compression in Network Services (USENIX Security 2015) Ramya Jayaram Masti et al., Thermal Covert Channels on Multi-core Platforms (USENIX Security 2015)
Mar. 24	DDoS and Pinning	Seyed K. Fayaz et al., Bohatei: Flexible and Elastic DDoS Defense (USENIX Security 2015) Marten Oltrogge and Yasemin Acar, To Pin or Not to Pin—Helping App Developers Bullet Proof Their TLS Connections (USENIX Security 2015)
Mar. 29	Lecture 21	David A. Ramos and Dawson Engler, Under-Constrained Symbolic Execution: Correctness Checking for Real Code (USENIX Security 2015) Nav Jagpal et al., Trends and Lessons from Three Years Fighting Malicious Extensions (USENIX Security 2015)
Mar. 31	Cookie Integrity and XSSI	Xiaofeng Zheng et al., Cookies Lack Integrity: Real-World Implications (USENIX Security 2015) Sebastian Lekies et al., The Unexpected Dangers of Dynamic JavaScript (USENIX Security 2015)
Apr. 5	Boxify and Android Permissions	Michael Backes et al., Boxify: Full-fledged App Sandboxing for Stock Android (USENIX Security 2015) Primal Wijesekera et al., Android Permissions Remystified: A Field Study on Contextual Integrity (USENIX Security 2015)
April 7	Final Exam Review
April 18, 10 AM-12 PM	Last-Minute Study Session in LA B146
April 19, 9 AM	Final Exam

Lecture Notes Guidelines

Part of your participation mark is doing notes for at least one of the lectures. Here are the guidelines for those notes.

The class TA Borke (BorkeObadaObieh at cmail.carleton.ca) will be handling course notes. Please contact her to schedule your class to take notes.

Borke or Anil will set you up with an account on this wiki. You'll enter your initial draft notes here and then work with Borke to make sure they are of sufficient quality. This may require a few rounds of revisions; however, if you follow the guidelines below it shouldn't be too bad.

You should plan on organizing your notes as follows:

• Organize them in at least the following sections: Topics & Readings and Notes.
• The Topics & Readings section lists the main topics covered in the class, e.g. "buffer overflows". Please use an unordered bulleted list (using *'s in wiki markup). In this section also list readings relevant to the lecture that were mentioned in class.
• Put your notes in the Notes section.

Use (nested) lists if appropriate for the notes; however, please have some text that isn't bulleted. Please try to make the notes even if you did not attend lecture; however, you don't need to cover every small bit of information that was covered. In particular the notes do not need to include digressions into topics only tangentially related to the course. Complete sentences are welcome but not required.

Security Reading Analysis Guidelines

A security reading analysis is a detailed analysis of a security research paper. In it you analyze the key arguments of the paper and give your informed opinion.

Most security papers can be classified as attack or defense papers. You should analyze them differently.

For attack papers:

• What systems are vulnerable to the attack?
• What is the nature of the vulnerability?
• What is the the exploit? In particular, what is its technical core?
• How reproducible is the exploit?
• Are there likely to be many similar exploits, in the targeted system or other systems?
• How difficult will it be mitigate/fix the vulnerability in targeted systems?

For defense papers:

• What is the security problem the paper addresses? In what kind of threat model(s) does the problem exist?
• How significant is the problem? Specifically, to what degree do existing solutions not work sufficiently well?
• What is the defense? How does it work?
• To what degree will the defense potentially solve the targeted security problem? In particular, how difficult will it be for attackers to adapt to this defense?
• What are the challenges facing deployment of the defense? Are they likely to be overcome?

For both kinds of papers, you should give your reaction by addressing questions like the following:

• Did you like the paper?
• Was it easy to understand, or was it hard to read?
• Did you learn much from the paper?
• How surprised were you by the result?

Your analysis should not cover the above questions separately (this would tend to make for a very wordy analysis); instead, use these questions as a guide in writing a short essay (1-2 pages) on the paper in question.

Each analysis will be graded out of 10 as follows:

• U: 3 for demonstrating understanding of the content (preferably without summarizing)
• T: 3 for technical analysis (does it work)
• C: 3 for contextual analysis (does it matter)
• V: 1 for your viewpoint