| Course Description/Topics | Lecture Notes | Grading | Class Hours |
| Important Dates | Instructor and TA | Texts | Special needs |
This course will describe the principles and practice of securing software systems. We will cover software vulnerabilities and defenses, with a focus on
One of the main objectives of this course is adversarial thinking: students should be able to quickly zoom in on the weakest link in any security technology, or system design. Students should be able to imagine how an attacker might break their system, and build in protection and mitigation measures to thwart such attacks.
The topics covered in the course can be divided into two parts: foundations, and applications. Although the two parts are presented in sequence below, in reality, the lectures will alternate between the two.
Foundations
- Review of cryptographic foundations
- Review of Identification and Authentication: passwords, biometrics, ...
- Authorization and Access control: ACLs, capabilities, MLS, DTE, RBAC, ...
- Operating system security
- Principles: memory protection, privilege separation, layering, isolation, sharing, ...
- Case studies: UNIX/Linux, SELinux
- Database security: encryption, views, delegation, statistical inference
- Principles and practices for secure system design
Contemporary Threats, Vulnerabilities and Defenses
- Software vulnerabilities
- Memory corruption: stack-smashing, heap overflows, integer overflows, ...
- Input validation errors: SQL and command injection, format-string attacks, ...
- Race conditions and other software vulnerabilities
- Web server and Browser vulnerabilities
- Malware and Untrusted software
- Viruses and worms, Rootkits, Botnets, ...
- Obfuscation and evasion
- Defenses for software threats
- Static analysis for vulnerability detection
- Code transformation for runtime policy checking
- Runtime policy enforcement and sandboxing
- Isolation and information-flow control
- Virtual machines, TPM, ...
- Network-layer threats: network probing, scanning, evasion, ...
- Defenses: Intrusion detection, ...
- Side-channel attacks: covert channels, timing attacks, power analysis, emanations, remanence and reuse
- Privacy and Anonymity
| Topic # |
Description/Reading | Slides | Notes |
| 1 | Introduction Challenges and Mitigation Techniques |
||
| 2 | Cryptography Basics Reading: Who is guarding the guardians: The Comodohacker's postings Reading: The Perfect Weapon: How Russian Cyberpower Invaded the U.S. |
||
| 3 | Identification and Authentication Reading: Password Security:A Case History Reading: Lamport's One-Time Password Scheme Optional Reading: How anonymous hacked into a security firm |
||
| 4 | Background: Runtime memory organization Layout of code, static area, stack and heap Struct/Object layout in C/C++ (Review only the last part of notes.) |
TXT TXT |
|
| 5 | Stack-smashing, Heap overflows and Format string attacks Reading: Smashing the stack for fun and profit |
||
| 6 | Integer overflows Memory corruption defenses: guarding, ASR, DSR, ... Optional Reading: Memory exploitation defenses in Windows Optional Reading: (Not so) Recent advances in exploiting buffer overruns Optional Reading: Basic Integer Overflows |
See Prev. Topic | |
| 7 | Memory-error detection: Bounds-checking, etc. | See Prev. Topic | |
| 8 | Malware Evasion, obfuscation, Software tamper-resistance A very short article from 2011 on specific malware trends. |
||
| 9 | Securing Untrusted Code: System-call interception, Inline-reference monitoring |
||
| 10 | Securing Untrusted Code: Inline-reference monitoring, Software-based fault isolation, Control-flow integrity |
||
| 11 | Binary analysis and transformation: Disassembly, static binary rewriting Dynamic translation |
||
| 12 | Security policies Reading (): Revisiting "Setuid Demystified" Reading: (): Confining Root Programs with Domain and Type Enforcement |
||
| 13 | Vulnerability analysis: Fuzzing and Symbolic Execution | ||
| 14 | Injection Attacks, Taint-tracking Race conditions CWE and CVE Principles of Secure System Design |
||
| 15 | Web security | ||
| 16 | Virtual Machines | ||
| 17 | Side-channel attacks Network-based attacks Intrusion Detection Course summary |
Lectures: Mon, Fri 1:00pm to 2:20am Room New CS 115
R . Sekar
Office: Rm 364 New Computer Science
Office Hours: Mon/Fri noon to 1:00pm
There is no official textbook for this course. We will primarily rely on lectures and notes posted on this page. Some of the lectures will draw on material from the following books, but I don't expect students to obtain copies of these books or read them, except for those who do it out of their own interest.
First day of classes Jan 23 No classes March 13 to 17 Mid-term March 20 1:00pm to 2:20pm Last day of classes May 5 Final Tuesday, May 16 2:15 PM to 5:00 PM
Your final grades will be computed as follows. You should expect some changes to the weightages over the semester.
Copying homeworks from a fellow student or from the Internet, and all other forms of academic dishonesty, are considered serious offenses. They will be prosecuted to the maximum extent permitted by university policies.
If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, I would urge that you contact the staff in the Disabled Student Services office (DSS), in the ECC building, 632-6748v/TDD. DSS will review your concerns and determine, with you, what accommodations are necessary and appropriate. All information and documentation of disability is confidential.