Computer Security

CS642 Fall 2011: Computer Security

Instructor: Thomas Ristenpart
Email: rist at cs dot wisc dot edu
Office hours: Thomas Ristenpart 3:45-4:45 Tues (7387 CS)
Office hours: Sanjib Das 3:45-4:45 Thurs (3393 CS)
Lectures: TR 2:30 - 3:45 pm
Location: 1207 Computer Science and Statistics
Final exam: 12/21/2011 10:05am - 12:05pm (1207 Computer Science and Statistics)

Updates:

Homework 4 is posted here. It is due Dec 15.
Homework 2 was returned in class today. Stop by my office if you didn't get it.
Third homework is here. It is due Nov 22.
Project proposals due November 1st. You can email them to me, please include cs642 in subject line.
Some of the later courses have been moved around in terms of tentative schedule to accomodate a few guest lectures.
Second homework is here. It is due Oct 27.
Guest lecture Tuesday October 18, Thursday October 20
Guest lecture Thursday September 29
Lecture Tuesday September 27 cancelled
Lecture Thursday will be a tutorial by Sanjib to get you started on the first homework. The syllabus has been shifted accordingly. Notice that the tutorial will be held in the mumble lab and will start at 2:45pm.
First homework is here. It is due Oct 6
Demo code from today's lecture is available here. Copy it into the boxes environment to play with.
Office hours updated
Slides are linked down below in syllabus
Initial course info and syllabus posted (subject to change!)

Summary:

Computer security is the study of computing systems in the presence of adversaries. This course will introduce students to security across a range of areas, including operating systems, low-level software, networks, cryptography, and the web. We'll study the techniques attackers use to break into systems and networks as well as the defense mechanisms used by security engineers to combat threats in the real world. We will discuss ethics.

Pre-requisites:

Students should have a reasonably good understanding of concepts from networking and operating systems. Familiarity with Intel assembly, C programming, the UNIX/Linux shell, one or more scripting languages (shell, python, perl, etc.) will be very helpful. Security is cross-cutting: understanding vulnerabilities and defenses against them will require diving deeply into perhaps unfamiliar topics. We'll try to cover in lecture the basic tools needed, but the ability to seek out and teach oneself will be requisite.

Requirements:

The class will consist of readings, homework assignments, a final, and (if you are a graduate student) a term project.

Homework assignments (ugrad: 70%, grad: 50%): These will be a combination of written questions and labs. For example, we will gain experience understanding how attackers can exploit common vulnerabilities.
Final (ugrad: 20%, grad: 20%): More details will be forthcoming
Project (ugrad: 0%, grad: 20%): Grad students will be expected to complete a term project. The main deliverable will be a presentation during the last week of class on recent security research.
Participation (ugrad: 10%, grad: 10%): Feel free to bring your laptops, iPads, etc. to lecture. However, I will be bored if I am talking to a silent room, and my boredom will negatively impact your grades.

Collaboration policy:

Homework assignments may sometimes be completed individually or with one partner, and the assignment will clearly specify which. If it is the former, discussing the assignment with a classmate is prohibited. If it is the latter, discussing the assignment with a classmate beyond your partner is prohibited. Of course we encourage discussion of topics in the class, so use your judgement.

Searching for general information on security topics is encouraged, but finding solutions to homework problems is academic misconduct.

If you have found a security tool not discussed in class and want to use it to aid you in the assignments, please email me with a link to the tool, a short description of the tool, and what you intend to use it for.

When work is done with a partner, a single write up will be handed in. It is expected that both members be able to answer impromptu questions regarding all aspects of an assignment's solution.

Grading policies:

Assignments will be graded at some indeterminite and undisclosed time after the due date. You can turn in your assignment:

Before the due date/time. Good job!
After the due date but before grading occurs. You are a risk taker and struck gold. You will not be penalized.
After grading occurs. Your assignment probably won't get graded. This is referred to as a late assignment below.

If you feel that we have erred in our grading or you want to attempt to get a late assignment graded, then your task is now to convince me of this. In computer security this is referred to as "social engineering". You might approach me at office hours or after a lecture and make a case. You might also send a "phishing" email whose goal is to trick me into thinking your demands be met. For my part, I will feel free to ignore your attempts. Cleverness will be appreciated, wasting my time will not.

Tentative syllabus:

The expected lecture schedule is below. We undoubtedly will modify the schedule as the class progresses.

A lot (if not the bulk) of lecture material will be drawn from the indicated readings. The readings are a combination of academic papers, industry reports, presentation slides, surveys, RFCs, etc. The expectation is that you skim readings before lecture to at least familiarize yourself with the broad outlines of the topics, and read them in more detail later as you see fit. Being prepared to say something intelligent about (some) of the indicated readings at lecture will be an easy way to get your participation credit.

Texts that would be useful for the course are:

Cryptography and Network Security by Stallings
Gray-Hat Hacking The Ethical Hackers Handbook, 3rd Edition by Harper, Harris, Ness, Eagle, Lenkey, Williams

Dates and Areas	Lecture topic and reading
Introduction Sep 6, 2011	Computer security, ethics, disclosure, security principles Reflections on Trusting Trust by Ken Thompson The Legitimate Vulnerability Market. Inside the Secretive World of 0-day Exploit Sales, by Charlie Miller Slides (PDF)
OS security basics Sep 8, 2011	Access controls, capabilities, privilege levels, Biba and Bell-Lapadula Paul A. Karger, Roger R. Schell, Multics Security Evaluation: Vulnerability Analysis The protection of information in computer systems, by Saltzer and Schroeder A Large-Scale Study of Web Password Habits, by Florencio and Herley Slides (PDF)
Low-level software security Sep 13, 2011	Buffer overflows, format string vulnerabilities, integer overflows, heap overflows Smashing the stack for fun and profit, by Aleph One Basic Integer Overflows, by blexim Exploiting Format String Vulnerabilities, by Scut and Team Teso U. Erlingsson, Y. Younan, and F. Piessens: Low-level Software Security by Example Slides (PDF)
Low-level software security Sep 15, 2011	Tutorial for getting started on HW1. Starts at 2:45pm in the mumble lab.
Low-level software security Sep 20, 2011	Fuzzing, reverse engineering, static analysis, dynamic analysis How hackers look for bugs, by Dave Aitel Real world fuzzing, by Charlie Miller Slides (PDF)
Low-level software security Sep 22, 2011	Memory protection mechanisms (e.g., StackGuard, StackGhost, W^X, etc.), address randomization, sandboxing, containment, host IDS StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks, by Cowan et al. StackGhost: Hardware Facilitated Stack Protection, by Frantzen and Shuey On the effectiveness of address-space randomization, by Shacham et al. Adapting Software Fault Isolation to Contemporary CPU Architectures, by D. Sehr et al. (optional) Slides (PDF)
- Sep 27, 2011	Lecture cancelled.
- Sep 29, 2011	Guest lecture by Matt Fredrikson: rootkits, privacy, tracking on the web
Network security Oct 4, 2011	ARP spoofing, 802.11, evil-twins, packet sniffing, man-in-the-middle Address Resolution Protocol Spoofing and Man-in-the-Middle Attacks, by B. Wagner and J. Bryner A look back at Security Problems in the TCP/IP Protocol Suite, by S. Bellovin Secure In-Band Wireless Pairing, by Gollakata et al. (optional) Wireshark tool (for reference) Slides (PDF)
Network security Oct 6, 2011	IP fragmentation attacks, UDP, TCP, Denial of service How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack, by Berinato Practical network support for IP Traceback, by Savage et al. Inferring Internet Denial of Service Activity, by Moore, Voelker, Savage Slides (PDF)
Network security Oct 11, 2011	Port scanning, host fingerprinting, stealth scans, IDS NMAP Manual Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, by Ptacek and Newsham Slides (PDF)
Network security Oct 13, 2011	BGP/S-BGP, DNS/DNSsec, DNS cache poisoning, by Steve Friedl A survey of BGP security, Butler et al. Slides (PDF)
Network security Oct 18, 2011	Guest lecture by David Parter
Network security Oct 20, 2011	Guest lecture by David Parter
Cryptography Oct 25, 2011	Overview of TLS (HTTPS), symmetric encryption, classical encryption, Shannon security, one-time pad encryption A Method for Obtaining Digital Signatures and Public Key Cryptosystems, by Rivest, Shamir, and Adleman Communication Theory of Secrecy Systems, by Shannon (for reference only) RFC 5246: Transport Layer Security (TLS) Protocol Version 1.2, by Dierks and Rescorla (for reference only) Slides (PDF)
Cryptography Oct 27, 2011	TLS record layer, security goal, block ciphers, modes of operation, hash functions, HMAC FIPS 1980 Standard 2: DES Modes of Operation (for reference only) Slides (PDF)
Cryptography Nov 1, 2011	Public-key encryption, RSA basics, RSA key encapsulation, PKCS#1.5, Diffie-Hellman, Digital signatures, PKI Slides (PDF)
Cryptography Nov 3, 2011	RNGs, password-based cryptography, WPA and aircrack Analysis of the Linux Random Number Generator, by Gutterman, Pinkas, and Reinman PKCS #5: Password-Based Cryptography Standard (reference only) Slides (PDF)
Web security Nov 8, 2011	Browser security, same origin, SQL injection, Browser Security Handbook, by Zalewski (Part 2) Interpreter Exploitation, by Blazakis Browser Security: Lessons from Google Chrome, by C. Reis, A. Barth, and C. Pizano SQL Injection attacks, by Chris Anley Slides (PDF)
Web security Nov 10, 2011	Click-jacking, cross-site scripting, cross-site request forgery, Clickjacking, by Hansen and Grossman Cross site scripting explained, by Amit Klein Robust Defenses for Cross-Site Request Forgery, by Barth, Jackson, Mitchell (particularly Sections 2, 3) Slides (PDF)
Privacy and anti-censorship Nov 15, 2011	Onion routing, TOR, great firewall of China, deep packet inspection Tor: The Second-Generation Onion Router, by Dingledine et al. Ignoring the Great Firewall of China, by Clayton et al. Slides (PDF)
Ethics, privacy, and policy Nov 17, 2011	Guest lecture by Alan Rubel Slides (PDF)
Hardware security Nov 22, 2011	Guest lecture on hardware security by Chris Meyer and Anton Kapela
Nov 24, 2011	NO LECTURE (Thanksgiving)
Virtualization security Nov 29, 2011	Virtualization security, reset vulnerabilities, VM introspection, covert channels A Note on the Confinement Problem, by Lampson When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , by Garfinkel and Rosenblum When Good Randomness Goes Bad: VM Reset Vulnerabilities and Hedging Deployed Systems, by Ristenpart and Yilek Slides (PDF)
Cloud security Dec 1, 2011	Public cloud risk models, cloud cartography, placement abuse, side channels Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, by Ristenpart et al. Slides (PDF)
E-crime Dec 6, 2011	Spam, "crimeware", SEO, cloaking, traffic selling, phishing, credit-card fraud, cashing out The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, by DHS, SRI and APWG Money Mules: Sophisticated Global Cyber Criminal Operations, by iDefense
E-crime Dec 8, 2011	Empirical methods, measurement studies No Plan Survives Contact: Experience with Cybercrime Measurement, by Kanich et al. Click Trajectories: End-to-End Analysis of the Spam Value Chain, by Levchenko et al.
Student presentations Dec 13, 2011
Student presentations Dec 15, 2011