David Wagner (daw@cs, 629 Soda Hall, 642-2758)
Tu-Th, 11:00-12:30, 310 Soda
Wagner: By appointment
CS261: Security in Computer Systems. Prerequisite: CS162. Graduate survey of modern topics in computer security, including: protection, access control, distributed access control, Unix security, applied cryptography, network security, firewalls, secure coding practices, safe languages, mobile code, and case studies from real-world systems. May also cover cryptographic protocols, privacy and anonymity, and/or other topics as time permits. Term paper or project required. Three hours of lecture per week. (3 units)Prerequisites: CS 162 or equivalent. Familiarity with basic concepts in operating systems and networking.
An approximate list of course topics (subject to change; as time permits):
There will be a term project. You will do independent research in small groups (e.g., teams of 2--3). Projects may cover any topic of interest in systems security, interpreted broadly (it need not be a topic discussed in class); ties with current research are encouraged. You will present your work at a poster session and prepare a conference-style paper describing your work.
A project proposal is due October 24th. See the project page. The poster session will be held Thursday, December 11, 10:30am-noon, in the Woz lounge. A conference-style report on your results is due on Thursday, December 18th at 9am.
You are encouraged to start thinking of topics of interest early. Be ambitious! I expect that the best papers will probably lead to publication (with some extra work).
There will be approximately two to four homework assignments throughout the semester, to appear on the course webpage as they are assigned.
Turn in your homeworks on paper at the beginning of class on the day they are due. Due dates will be enforced strictly. Late homeworks will not be accepted.
Work on your own when doing homeworks. You may use any source you like (including other papers or textbooks), but if you use any source not discussed in class, you must cite it.
You will be expected to write scribe notes for one lecture. Email me an PDF file with your scribe notes within one week after the lecture you are assigned to scribe.
There is no required textbook. All reading will be from papers. Whenever possible, handouts and papers will be placed online on the web page; papers not available online will be handed out in class. A schedule of assigned readings is available below.
You will be required to write a brief summary of each paper you read. Submit your summary, on paper, before the beginning of the class when the reading is due. Your summary should list:
From time to time, we may discuss vulnerabilities in widely-deployed computer systems. This is not intended as an invitation to go exploit those vulnerabilities without informed consent of all involved parties. If it is not clear where to draw the line, please talk to me first.
The following schedule is tentative and subject to change.
|8/28||Overview; intro; threat models||(none) [handout]||John Engler|
|9/2||Access control, protection||(none)||Adrienne Felt|
|9/4||Software vulnerabilities||Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns, Pincus, Baker.|
Basic Integer Overflows, blexim.
|Matthias Vallentin, , |
|9/9||Runtime defenses||A Practical Dynamic Buffer Overflow Detector, Ruwase, Lam.|
Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks, Xu, Bhatkar, Sekar.
(Mentioned in class, but not required reading: , .)
|9/11||Static analysis||Finding Security Vulnerabilities in Java Applications Using Static Analysis, Livshits, Lam.||(none)|
|9/16||Inline reference monitors||Evaluating SFI for a CISC Architecture, McCamant, Morrisett.||Jeff Tang|
also: Matthias Vallentin
|9/18||Sandboxing||A secure environment for untrusted helper applications: confining the wily hacker, Goldberg, Wagner, Thomas, Brewer.||Susmit Jha|
|9/23||Sandboxing||Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools, Garfinkel.|
Preventing Privilege Escalation, Provos, Friedl, Honeyman.
|9/25||Privilege separation||Some thoughts on security after ten years of qmail 1.0, Bernstein.|
|9/30||Privilege management||Extensible security architectures for Java, Wallach, Balfanz, Dean, Felten.||Jon Whiteaker|
|10/2||Capabilities||The Confused Deputy, Hardy.|
Access Control (v0.1), Laurie.
|10/7||Network security||A look back at Security Problems in the TCP/IP Protocol Suite, Bellovin.||David McGrogan|
|10/9||Firewalls||Firewall Gateways, Chapter 3 of Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick and Bellovin (1st ed).||Hisham Zarka|
|10/14||Application-level firewalls||(no readings)||Joel Weinberger|
|10/16||DNS security||Using the Domain Name System for System Break-Ins, Bellovin.|
Reliable DNS Forgery in 2008: Kaminsky's Discovery, Matasano blog.
|10/21||Attacks||The underground economy: priceless, Thomas, Martin.|
|10/23||Web security - browsers||Cross-Site Request Forgeries: Exploitation and Prevention, Zeller, Felten.|
Robust Defenses for Cross-Site Request Forgery, Barth, Jackson, Mitchell.
|10/28||Web security - servers||Security for GWT Applications, Google|
|10/30||Usable security||The psychology of security, West.|
Why Phishing Works, Dhamija, Tygar, Hearst.
|11/4||E-voting||Security Analysis of the Diebold AccuVote-TS Voting Machine, Feldman, Halderman, Felten||Isaac Liu|
|11/6||Usable security||You've Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings, Egelman, Cranor, Hong|
Aligning Usability and Security, Yee
|11/13||Cryptography primer||No readings||Tavi Nathanson|
|11/18||Kerberos||Designing an Authentication System: a Dialogue in Four Scenes, Bryant.||Pallavi Joshi|
|11/20||Cryptographic protocols||Prudent engineering practice for cryptographic protocols, Abadi, Needham.|
|11/25||Cryptography||Why Cryptosystems Fail, Anderson.||Raluca Sauciuc|
|11/27||No class! (Thanksgiving holiday)|
|12/2||Untrusted platforms||How to Hurt the Hackers: The Scoop on Internet Cheating and How You Can Combat It, Pritchard|
|12/4||Privacy||Privacy, economics, and price discrimination on the internet, Odlyzko|
|12/9||Economics, wrap-up||Why Information Security is Hard - An Economic Perspective, Anderson|
I always welcome any feedback on what I could be doing better. If you would like to send anonymous comments or criticisms, please feel free to use an anonymous remailer to send me email without revealing your identity, like this one or this one.