CS642 Fall 2012: Computer Security

Instructor: Thomas Ristenpart
Instructor email: rist at cs dot wisc dot edu
Instructor office hours: Mondays, 3:45-4:45 (CS building room 7387)
TA: Fatemeh Panahi
TA office hours: Thursday, 3:00-4:00 (CS building room 5385)
Lectures: MW 2:30 - 3:45 pm
Location: 2239 Engineering Hall
Final exam time slot: 12/19/2012 10:05am - 12:05pm



Computer security is the study of computing systems in the presence of adversaries. This course will introduce students to security across a range of areas, including operating systems, low-level software, networks, cryptography, and the web. We'll study the techniques attackers use to break into systems and networks as well as the defense mechanisms used by security engineers to combat threats in the real world. We will discuss ethics.


Students should have a reasonably good understanding of concepts from networking and operating systems. Familiarity with Intel assembly, C programming, the UNIX/Linux shell, one or more scripting languages (shell, python, perl, etc.) will be very helpful. Security is cross-cutting: understanding vulnerabilities and defenses against them will require diving deeply into perhaps unfamiliar topics. We'll try to cover in lecture the basic tools needed, but the ability to seek out and teach oneself will be requisite.


The class will consist of readings, homework assignments, a final, and (if you are a graduate student) a term project.

Collaboration / outside sources policy:

Homework assignments may sometimes be completed individually or with one partner, and the assignment will clearly specify which. If it is the former, discussing the assignment with a classmate is prohibited. If it is the latter, discussing the assignment with a classmate beyond your partner is prohibited. Of course we encourage discussion of topics in the class, so use your judgement.

Searching for general information on security topics is encouraged, but finding solutions to homework problems is academic misconduct.

If you have found a security tool not discussed in class and want to use it to aid you in the assignments, please email me with a link to the tool, a short description of the tool, and what you intend to use it for.

When work is done with a partner, a single writeup will be handed in. It is expected that both members be able to answer impromptu questions regarding all aspects of an assignment's solution.

Late assignments policy:

Assignments will be graded at some indeterminite and undisclosed time after the due date. You can turn in your assignment: If you feel that we have erred in our grading or you want to attempt to get a late assignment graded, then your task is now to convince me of this. In computer security this is referred to as "social engineering". You might approach me at office hours or after a lecture and make a case. My general proclivity is for ignoring such attempts. Cleverness will be appreciated, wasting my time will not.

Tentative syllabus:

The expected lecture schedule is below. We undoubtedly will modify the schedule as the class progresses.

A lot (if not the bulk) of lecture material will be drawn from the indicated readings. The readings are a combination of academic papers, industry reports, presentation slides, surveys, RFCs, etc. The expectation is that you skim materials before lecture. This means to understand the broad outlines of the paper's contents (i.e., what is the topic, main points as made in intro/abstract, etc.) You will want to read them in more detail later or use them as reference as you see fit. Being prepared to say something intelligent about (some) of the indicated readings at lecture will be an easy way to get participation credit.

Dates and Areas Lecture topic and reading
Sep 5
Computer security, ethics, disclosure, security principles
Slides (PDF)
OS security basics
Sep 10
Access controls, capabilities, privilege levels, Biba and Bell-Lapadula Slides (PDF)
Low-level software security
Sep 12
Buffer overflows, format string vulnerabilities, integer overflows, heap overflows Slides (PDF)
Low-level software security
Sep 17
Fuzzing, reverse engineering, static analysis, dynamic analysis Slides (PDF)
Low-level software security
Sep 19
Memory protection mechanisms (e.g., StackGuard, StackGhost, W^X, etc.), address randomization, sandboxing, containment, host IDS Slides (PDF)
Low-level software security
Sep 24
Guest lecture by Matt Fredrikson (rootkits, privacy, ...)
Network security
Sept 26
ARP spoofing, 802.11, evil-twins, packet sniffing, man-in-the-middle Slides (PDF)
Network security
Oct 1
IP fragmentation attacks, UDP, TCP, Denial of service Slides (PDF)
Network security
Oct 3
Port scanning, host fingerprinting, stealth scans, IDS Slides (PDF)
Network security
Oct 8
BGP/S-BGP, DNS/DNSsec, Slides (PDF)
Web security
Oct 10
Browser security, same origin, cookies Slides (PDF)
Network security
Oct 15
Guest lecture by David Parter
No lecture
Oct 17
Lecture cancelled
Web security
Oct 22
cross-site scripting, cross-site request forgery, SQL injection Slides (PDF)
Oct 24
Overview of TLS (HTTPS), symmetric encryption, classical encryption, Shannon security, one-time pad encryption Slides (PDF)
Oct 29
TLS record layer, security goal, block ciphers, modes of operation, hash functions, HMAC Slides (PDF)
Oct 31
Public-key encryption, RSA basics, RSA key encapsulation, PKCS#1.5, Diffie-Hellman, Digital signatures, PKI
Slides (PDF)
Oct 5
RNGs, password-based cryptography, WPA and aircrack
Ethics, privacy, and policy
Nov 7, 2011
Guest lecture by Alan Rubel
Privacy and anti-censorship
Nov 12
Onion routing, TOR, great firewall of China, deep packet inspection Slides (PDF)
Virtualization security
Nov 14
Virtualization security, reset vulnerabilities, VM introspection, covert channels Slides (PDF)

Nov 19
No lecture
Nov 21 NO LECTURE (Thanksgiving)
Cloud security
Nov 26
Public cloud risk models, cloud cartography, placement abuse, side channels Slides (PDF)
No lecture
Nov 28
Lecture cancelled
Dec 3, 2011
Spam, "crimeware", SEO, cloaking, traffic selling, phishing, credit-card fraud, cashing out Slides (PDF)
Dec 5, 2011
Empirical methods, measurement studies Slidedeck from last lecture used
Student presentations
Dec 10
Student presentations
Dec 12