Computer Systems Security (Winter 2016): Difference between revisions

From Soma-notes
Line 8: Line 8:


==Resources==
==Resources==
===Readings===


* For the first part of the course we will be reading selections from Trent Jaeger's [http://www.morganclaypool.com/doi/abs/10.2200/S00126ED1V01Y200808SPT001 Operating Systems Security] textbook.  You can download the PDF [http://www.morganclaypool.com.proxy.library.carleton.ca/doi/abs/10.2200/S00126ED1V01Y200808SPT001 through Carleton's library].  In the reading assignments this text will be referred to as "Jaeger".
* For the first part of the course we will be reading selections from Trent Jaeger's [http://www.morganclaypool.com/doi/abs/10.2200/S00126ED1V01Y200808SPT001 Operating Systems Security] textbook.  You can download the PDF [http://www.morganclaypool.com.proxy.library.carleton.ca/doi/abs/10.2200/S00126ED1V01Y200808SPT001 through Carleton's library].  In the reading assignments this text will be referred to as "Jaeger".
* An excellent but dated text on browser security is Michal Zalewski's [https://code.google.com/p/browsersec/wiki/Main Browser Security Handbook].
===Other Courses===
* Dan Boneh ran an excellent course at Stanford in Spring 2015 on [https://crypto.stanford.edu/cs155/ Computer and Network Security].  This course has many interesting readings that we will not be covering.  Also, the assignments are very good sources for hacking opportunities.
* Dan Boneh ran an excellent course at Stanford in Spring 2015 on [https://crypto.stanford.edu/cs155/ Computer and Network Security].  This course has many interesting readings that we will not be covering.  Also, the assignments are very good sources for hacking opportunities.
* The assignments from the Winter 2015 run of COMP 4108 [https://www.ccsl.carleton.ca/~askillen/COMP4108/ are available].  They are a reasonable start for several hacking opportunities.
* The assignments from the Winter 2015 run of COMP 4108 [https://www.ccsl.carleton.ca/~askillen/COMP4108/ are available].  They are a reasonable start for several hacking opportunities.

Revision as of 22:23, 10 January 2016

Course Outline

Here is the course outline.

Hacking Opportunities

The Hacking Opportunities page lists potential hacking opportunities that you can attempt for your hacking journal. If you attempt but do not successfully accomplish one of them, be sure to document what you tried. As you learn more, you may come back to them and try again.

Resources

Readings

Other Courses

  • Dan Boneh ran an excellent course at Stanford in Spring 2015 on Computer and Network Security. This course has many interesting readings that we will not be covering. Also, the assignments are very good sources for hacking opportunities.
  • The assignments from the Winter 2015 run of COMP 4108 are available. They are a reasonable start for several hacking opportunities.

Lectures and Exams

Date

Topic

Readings

Jan. 7

Introduction

Jaeger, Chapter 1 (Introduction)

Jan. 12

Access Control, Security Hacking 101

Jaeger, Chapter 2 (Access Control Fundamentals)

Jan. 14

Multics, UNIX, and Windows

Jaeger, Chapter 3 (Multics) and Chapter 4 (UNIX & Windows)

Jan. 19

Secure OSs, theory and practice

Jaeger, Chapter 6 (Security Kernels) and Chapter 7 (Securing Commercial Operating Systems)

Jan. 21

LSM, SELinux, & Capabilities

Jaeger, Chapter 9 (LSM & SELinux) and Chapter 10 (Secure Capability Systems)

Jan. 26

Secure Virtual Machines, Systems Assurance

Jaeger, Chapter 11 (Secure Virtual Machine Systems) and Chapter 12 (System Assurance)

Jan. 28

Lecture 7

Feb. 2

Lecture 8

Feb. 4

Lecture 9

Feb. 9

Lecture 10

Feb. 11

Lecture 11

Feb. 23

Midterm Review

Feb. 25

Midterm (in class)

Mar. 1

Lecture 13

Mar. 3

Lecture 14

Mar. 8

Lecture 15

Mar. 10

Lecture 16

Mar. 15

Lecture 17

Mar. 17

Lecture 18

Mar. 22

Lecture 19

Mar. 24

Lecture 20

Mar. 29

Lecture 21

Mar. 31

Lecture 22

Apr. 5

Lecture 23

April 7

Lecture 24

TBA

Final Exam

Assignments

Due Date

Assignments

Jan. 30

Assignment 1

Feb. 22

Assignment 2

Mar. 19

Assignment 3

April 4

Assignment 4

Lecture Notes Guidelines

Part of your participation mark is doing notes for at least one of the lectures. Here are the guidelines for those notes.

The class TA Borke (BorkeObadaObieh at cmail.carleton.ca) will be handling course notes. Please contact her to schedule your class to take notes.

Borke or Anil will set you up with an account on this wiki. You'll enter your initial draft notes here and then work with Borke to make sure they are of sufficient quality. This may require a few rounds of revisions; however, if you follow the guidelines below it shouldn't be too bad.

You should plan on organizing your notes as follows:

  • Organize them in at least the following sections: Topics & Readings and Notes.
  • The Topics & Readings section lists the main topics covered in the class, e.g. "buffer overflows". Please use an unordered bulleted list (using *'s in wiki markup). In this section also list readings relevant to the lecture that were mentioned in class.
  • Put your notes in the Notes section.

Use (nested) lists if appropriate for the notes; however, please have some text that isn't bulleted. Please try to make the notes even if you did not attend lecture; however, you don't need to cover every small bit of information that was covered. In particular the notes do not need to include digressions into topics only tangentially related to the course. Complete sentences are welcome but not required.