Computer Security

CS642 Fall 2012: Computer Security

Instructor: Thomas Ristenpart
Instructor email: rist at cs dot wisc dot edu
Instructor office hours: Mondays, 3:45-4:45 (CS building room 7387)
TA: Fatemeh Panahi
TA office hours: Thursday, 3:00-4:00 (CS building room 5385)
Lectures: MW 2:30 - 3:45 pm
Location: 2239 Engineering Hall
Final exam time slot: 12/19/2012 10:05am - 12:05pm

Updates:

Homework 4 has been posted here. It is due December 12.
Homework 3 has been posted here. It is due November 28.
Homework 2 has been posted here. It is due November 2.
Tom's office hours cancelled Monday, October 15.
Homework 1 has been posted here. It is due October 8, but don't wait to start it.
Here is the demo from lecture last Wednesday. Run it in the boxes VM used for HW1.
Initial course info and syllabus posted (subject to change!)

Summary:

Computer security is the study of computing systems in the presence of adversaries. This course will introduce students to security across a range of areas, including operating systems, low-level software, networks, cryptography, and the web. We'll study the techniques attackers use to break into systems and networks as well as the defense mechanisms used by security engineers to combat threats in the real world. We will discuss ethics.

Pre-requisites:

Students should have a reasonably good understanding of concepts from networking and operating systems. Familiarity with Intel assembly, C programming, the UNIX/Linux shell, one or more scripting languages (shell, python, perl, etc.) will be very helpful. Security is cross-cutting: understanding vulnerabilities and defenses against them will require diving deeply into perhaps unfamiliar topics. We'll try to cover in lecture the basic tools needed, but the ability to seek out and teach oneself will be requisite.

Requirements:

The class will consist of readings, homework assignments, a final, and (if you are a graduate student) a term project.

Homework assignments (ugrad: 70%, grad: 50%): These will be a combination of written questions and labs. For example, we will gain experience understanding how attackers can exploit common vulnerabilities.
Final (ugrad: 20%, grad: 20%): More details will be forthcoming
Project (ugrad: 0%, grad: 20%): Grad students will be expected to complete a term project. The main deliverable will be a presentation during the last week of class on recent security research.
Participation (ugrad: 10%, grad: 10%): Feel free to bring your laptops, iPads, etc. to lecture. However, I will be bored if I am talking to a silent room, and my boredom will negatively impact your grades.

Collaboration / outside sources policy:

Homework assignments may sometimes be completed individually or with one partner, and the assignment will clearly specify which. If it is the former, discussing the assignment with a classmate is prohibited. If it is the latter, discussing the assignment with a classmate beyond your partner is prohibited. Of course we encourage discussion of topics in the class, so use your judgement.

Searching for general information on security topics is encouraged, but finding solutions to homework problems is academic misconduct.

If you have found a security tool not discussed in class and want to use it to aid you in the assignments, please email me with a link to the tool, a short description of the tool, and what you intend to use it for.

When work is done with a partner, a single writeup will be handed in. It is expected that both members be able to answer impromptu questions regarding all aspects of an assignment's solution.

Late assignments policy:

Assignments will be graded at some indeterminite and undisclosed time after the due date. You can turn in your assignment:

Before the due date/time. Good job!
After the due date but before grading occurs. You are a risk taker. You may or may not be penalized, depending on the grader (myself or Fatemeh's) mood.
After grading occurs. Your assignment probably won't get graded. This is referred to as a late assignment below.

If you feel that we have erred in our grading or you want to attempt to get a late assignment graded, then your task is now to convince me of this. In computer security this is referred to as "social engineering". You might approach me at office hours or after a lecture and make a case. My general proclivity is for ignoring such attempts. Cleverness will be appreciated, wasting my time will not.

Tentative syllabus:

The expected lecture schedule is below. We undoubtedly will modify the schedule as the class progresses.

A lot (if not the bulk) of lecture material will be drawn from the indicated readings. The readings are a combination of academic papers, industry reports, presentation slides, surveys, RFCs, etc. The expectation is that you skim materials before lecture. This means to understand the broad outlines of the paper's contents (i.e., what is the topic, main points as made in intro/abstract, etc.) You will want to read them in more detail later or use them as reference as you see fit. Being prepared to say something intelligent about (some) of the indicated readings at lecture will be an easy way to get participation credit.

Dates and Areas	Lecture topic and reading
Introduction Sep 5	Computer security, ethics, disclosure, security principles Reflections on Trusting Trust by Ken Thompson The Legitimate Vulnerability Market. Inside the Secretive World of 0-day Exploit Sales, by Charlie Miller Slides (PDF)
OS security basics Sep 10	Access controls, capabilities, privilege levels, Biba and Bell-Lapadula Paul A. Karger, Roger R. Schell, Multics Security Evaluation: Vulnerability Analysis The protection of information in computer systems, by Saltzer and Schroeder A Large-Scale Study of Web Password Habits, by Florencio and Herley Slides (PDF)
Low-level software security Sep 12	Buffer overflows, format string vulnerabilities, integer overflows, heap overflows Smashing the stack for fun and profit, by Aleph One Basic Integer Overflows, by blexim Exploiting Format String Vulnerabilities, by Scut and Team Teso U. Erlingsson, Y. Younan, and F. Piessens: Low-level Software Security by Example Slides (PDF)
Low-level software security Sep 17	Fuzzing, reverse engineering, static analysis, dynamic analysis How hackers look for bugs, by Dave Aitel Real world fuzzing, by Charlie Miller Slides (PDF)
Low-level software security Sep 19	Memory protection mechanisms (e.g., StackGuard, StackGhost, W^X, etc.), address randomization, sandboxing, containment, host IDS StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks, by Cowan et al. StackGhost: Hardware Facilitated Stack Protection, by Frantzen and Shuey On the effectiveness of address-space randomization, by Shacham et al. Adapting Software Fault Isolation to Contemporary CPU Architectures, by D. Sehr et al. (optional) Slides (PDF)
Low-level software security Sep 24	Guest lecture by Matt Fredrikson (rootkits, privacy, ...)
Network security Sept 26	ARP spoofing, 802.11, evil-twins, packet sniffing, man-in-the-middle Address Resolution Protocol Spoofing and Man-in-the-Middle Attacks, by B. Wagner and J. Bryner A look back at Security Problems in the TCP/IP Protocol Suite, by S. Bellovin Secure In-Band Wireless Pairing, by Gollakata et al. (optional) Wireshark tool (for reference) Slides (PDF)
Network security Oct 1	IP fragmentation attacks, UDP, TCP, Denial of service How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack, by Berinato Practical network support for IP Traceback, by Savage et al. Inferring Internet Denial of Service Activity, by Moore, Voelker, Savage Slides (PDF)
Network security Oct 3	Port scanning, host fingerprinting, stealth scans, IDS NMAP Manual Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, by Ptacek and Newsham Slides (PDF)
Network security Oct 8	BGP/S-BGP, DNS/DNSsec, DNS cache poisoning, by Steve Friedl A survey of BGP security, Butler et al. Slides (PDF)
Web security Oct 10	Browser security, same origin, cookies Browser Security Handbook, by Zalewski (Part 2) Interpreter Exploitation, by Blazakis Browser Security: Lessons from Google Chrome, by C. Reis, A. Barth, and C. Pizano SQL Injection attacks, by Chris Anley Slides (PDF)
Network security Oct 15	Guest lecture by David Parter
No lecture Oct 17	Lecture cancelled
Web security Oct 22	cross-site scripting, cross-site request forgery, SQL injection Clickjacking, by Hansen and Grossman Cross site scripting explained, by Amit Klein Robust Defenses for Cross-Site Request Forgery, by Barth, Jackson, Mitchell (particularly Sections 2, 3) Slides (PDF)
Cryptography Oct 24	Overview of TLS (HTTPS), symmetric encryption, classical encryption, Shannon security, one-time pad encryption A Method for Obtaining Digital Signatures and Public Key Cryptosystems, by Rivest, Shamir, and Adleman Communication Theory of Secrecy Systems, by Shannon (for reference only) RFC 5246: Transport Layer Security (TLS) Protocol Version 1.2, by Dierks and Rescorla (for reference only) Slides (PDF)
Cryptography Oct 29	TLS record layer, security goal, block ciphers, modes of operation, hash functions, HMAC FIPS 1980 Standard 2: DES Modes of Operation (for reference only) Slides (PDF)
Cryptography Oct 31	Public-key encryption, RSA basics, RSA key encapsulation, PKCS#1.5, Diffie-Hellman, Digital signatures, PKI Slides (PDF)
Cryptography Oct 5	RNGs, password-based cryptography, WPA and aircrack Analysis of the Linux Random Number Generator, by Gutterman, Pinkas, and Reinman PKCS #5: Password-Based Cryptography Standard (reference only)
Ethics, privacy, and policy Nov 7, 2011	Guest lecture by Alan Rubel
Privacy and anti-censorship Nov 12	Onion routing, TOR, great firewall of China, deep packet inspection Tor: The Second-Generation Onion Router, by Dingledine et al. Ignoring the Great Firewall of China, by Clayton et al. Slides (PDF)
Virtualization security Nov 14	Virtualization security, reset vulnerabilities, VM introspection, covert channels A Note on the Confinement Problem, by Lampson When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , by Garfinkel and Rosenblum When Good Randomness Goes Bad: VM Reset Vulnerabilities and Hedging Deployed Systems, by Ristenpart and Yilek Slides (PDF)
Nov 19	No lecture
Nov 21	NO LECTURE (Thanksgiving)
Cloud security Nov 26	Public cloud risk models, cloud cartography, placement abuse, side channels Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, by Ristenpart et al. AmazonIA: when elasticity snaps back, by Bugiel et al. Slides (PDF)
No lecture Nov 28	Lecture cancelled
E-crime Dec 3, 2011	Spam, "crimeware", SEO, cloaking, traffic selling, phishing, credit-card fraud, cashing out The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, by DHS, SRI and APWG Money Mules: Sophisticated Global Cyber Criminal Operations, by iDefense Slides (PDF)
E-crime Dec 5, 2011	Empirical methods, measurement studies No Plan Survives Contact: Experience with Cybercrime Measurement, by Kanich et al. Click Trajectories: End-to-End Analysis of the Spam Value Chain, by Levchenko et al. Slidedeck from last lecture used
Student presentations Dec 10
Student presentations Dec 12