Computer Security

CS642 Fall 2014: Computer Security

Instructor: Thomas Ristenpart
Instructor email: rist at cs dot wisc dot edu
Instructor office hours: Mondays, 4:00pm-5:00pm and by appointment (CS building room 7387)
TA: Heming Shou
TA office hours: Tuesdays, 1:00pm-3:00pm and by appointment (CS building room 3367)
Lectures: MW 2:30pm - 3:45pm
Location: 1221 Computer Science and Stats Building

Updates:

The take-home final was distributed in the last class. Good luck!
Extra credit homework is now available here.
Homework 4 is now available here.
Homework 3 is now available here.
The midterm has been handed back in class.
Homework 2 is now available here.
Midterm is rescheduled for Oct 20. Let me know if you have a conflict.
Homework 1 is now available here.
A tarball of the demo from the buffer overflow lecture is available here. Use the VM from first homework assignment if you want to follow along with what we did in lecture.
Initial course info and syllabus posted (subject to change!). The slides linked to below will typically be updated shortly after lecture is over.

Summary:

Computer security is the study of computing systems in the presence of adversaries. This course will introduce students to security across a range of areas, including operating systems, low-level software, networks, cryptography, and the web. We'll study the techniques attackers use to break into systems and networks as well as the defense mechanisms used by security engineers to combat threats in the real world. We will discuss ethics.

Pre-requisites:

Students should have a reasonably good understanding of concepts from networking and operating systems. Familiarity with Intel assembly, C programming, the UNIX/Linux shell, one or more scripting languages (shell, python, perl, etc.) will be very helpful. Security is cross-cutting: understanding vulnerabilities and defenses against them will require diving deeply into perhaps unfamiliar topics. We'll try to cover in lecture the basic tools needed, but the ability to seek out and teach oneself will be requisite.

Requirements:

The class will consist of readings, homework assignments, a midterm, and a final.

Homework assignments (ugrad: 50%, grad: 40%): These will be a combination of written questions and labs. For example, we will gain experience understanding how attackers can exploit common vulnerabilities. There will be at least four homework assignments spread throughout the semester.
Midterm (ugrad: 20%, grad: 20%): More details will be forthcoming
Final (ugrad: 20%, grad: 20%): More details will be forthcoming
Class project (ugrad: 10% extra credit, grad: 10%): More details will be forthcoming
Participation (ugrad: 10%, grad: 10%) Feel free to bring your laptops, iPads, etc. to lecture. However, everyone will get more out of class if we have lively discussions.

Collaboration / outside sources policy:

Homework assignments may sometimes be completed individually or with one partner, and the assignment will clearly specify which. If it is the former, discussing the assignment with a classmate is prohibited. If it is the latter, discussing the assignment with a classmate beyond your partner is prohibited. Of course we encourage discussion of more general topics in the class, so use your judgement.

Searching for general information on security topics is encouraged, but finding solutions to homework problems is academic misconduct.

If you have found a security tool not discussed in class and want to use it to aid you in the assignments, please email me with a link to the tool, a short description of the tool, and what you intend to use it for.

When work is done with a partner, a single writeup will be handed in. It is expected that both members be able to answer impromptu questions regarding all aspects of an assignment's solution.

Every year some people do together a homework assignment that is meant to be individual. This will likely lead to you losing all credit for the assignment, so pay attention to the homework assignments' instructions.

Late assignments policy:

Assignments will be graded at some indeterminite and undisclosed time after the due date. You can turn in your assignment:

Before the due date/time. Good job!
After the due date but before grading occurs. You are a risk taker. You may or may not be penalized, depending on mood of the grader (myself or the TA).
After grading occurs. Your assignment probably won't get graded. This is referred to as a late assignment below.

If you feel that we have erred in our grading or you want to attempt to get a late assignment graded, then your task is now to convince me of this. In computer security this is referred to as "social engineering". You might approach me at office hours or after a lecture and make a case. My general proclivity is for ignoring such attempts. Cleverness will be appreciated, wasting my time will not.

Tentative syllabus:

The expected lecture schedule is below. We undoubtedly will modify the schedule as the class progresses.

A lot (if not the bulk) of lecture material will be drawn from the indicated readings. The readings are a combination of academic papers, industry reports, presentation slides, surveys, RFCs, etc. The expectation is that you skim materials before lecture. This means to understand the broad outlines of the paper's contents (i.e., what is the topic, main points as made in intro/abstract, etc.) You will want to read them in more detail later or use them as reference as you see fit. Being prepared to say something intelligent about (some) of the indicated readings at lecture will be an easy way to get participation credit.

Dates and Areas	Lecture topic and reading
Introduction Sep 3	Computer security, ethics, disclosure, security principles Reflections on Trusting Trust by Ken Thompson The Legitimate Vulnerability Market. Inside the Secretive World of 0-day Exploit Sales, by Charlie Miller Slides (PDF)
OS security basics Sep 8	(lecture by Matt Fredrekson) Access controls, capabilities, privilege levels, Biba and Bell-Lapadula Paul A. Karger, Roger R. Schell, Multics Security Evaluation: Vulnerability Analysis The protection of information in computer systems, by Saltzer and Schroeder A Large-Scale Study of Web Password Habits, by Florencio and Herley Slides (PDF)
x86 review Sep 10	(lecture by Drew Davidson) Recall details of x86 ISA, process layout, etc. Slides (PDF)
Low-level software security Sep 15	Buffer overflows, format string vulnerabilities, integer overflows, heap overflows Smashing the stack for fun and profit, by Aleph One Basic Integer Overflows, by blexim Exploiting Format String Vulnerabilities, by Scut and Team Teso U. Erlingsson, Y. Younan, and F. Piessens: Low-level Software Security by Example Slides (PDF)
Low-level software security Sep 17	Fuzzing, reverse engineering, static analysis, dynamic analysis How hackers look for bugs, by Dave Aitel Real world fuzzing, by Charlie Miller Slides (PDF)
Low-level software security Sep 22	Memory protection mechanisms (e.g., StackGuard, StackGhost, W^X, etc.), address randomization, sandboxing, containment, host IDS StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks, by Cowan et al. StackGhost: Hardware Facilitated Stack Protection, by Frantzen and Shuey On the effectiveness of address-space randomization, by Shacham et al. Adapting Software Fault Isolation to Contemporary CPU Architectures, by D. Sehr et al. (optional) Slides (PDF)
Network security Sep 24	ARP spoofing, 802.11, evil-twins, packet sniffing, man-in-the-middle Address Resolution Protocol Spoofing and Man-in-the-Middle Attacks, by B. Wagner and J. Bryner A look back at Security Problems in the TCP/IP Protocol Suite, by S. Bellovin Secure In-Band Wireless Pairing, by Gollakata et al. (optional) Wireshark tool (for reference) Slides (PDF)
Network security Sep 29, Oct 1	IP fragmentation attacks, UDP, TCP, Denial of service How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack, by Berinato Practical network support for IP Traceback, by Savage et al. Inferring Internet Denial of Service Activity, by Moore, Voelker, Savage Slides (PDF)
Network security Oct 6	Port scanning, host fingerprinting, stealth scans, IDS NMAP Manual Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, by Ptacek and Newsham Slides (PDF)
Network security Oct 8	BGP/S-BGP, DNS/DNSsec, DNS cache poisoning, by Steve Friedl A survey of BGP security, Butler et al. Slides (PDF)
Web security Oct 13	Browser security, same origin, cookies Browser Security Handbook, by Zalewski (Part 2) Interpreter Exploitation, by Blazakis Browser Security: Lessons from Google Chrome, by C. Reis, A. Barth, and C. Pizano SQL Injection attacks, by Chris Anley Slides (PDF)
Web security Oct 15	cross-site scripting, cross-site request forgery, SQL injection Clickjacking, by Hansen and Grossman Cross site scripting explained, by Amit Klein Robust Defenses for Cross-Site Request Forgery, by Barth, Jackson, Mitchell (particularly Sections 2, 3) Slides (PDF)
Midterm Oct 20	In-class midterm
Cryptography Oct 22	Overview of TLS (HTTPS), symmetric encryption, classical encryption, Shannon security, one-time pad encryption A Method for Obtaining Digital Signatures and Public Key Cryptosystems, by Rivest, Shamir, and Adleman Communication Theory of Secrecy Systems, by Shannon (for reference only) RFC 5246: Transport Layer Security (TLS) Protocol Version 1.2, by Dierks and Rescorla (for reference only) Slides (PDF)
Cryptography Oct 27	TLS record layer, security goal, block ciphers, modes of operation, hash functions, HMAC FIPS 1980 Standard 2: DES Modes of Operation (for reference only) Slides (PDF)
Cryptography Oct 29	Symmetric encryption continued
Cryptography Nov 3	Public-key encryption, RSA basics, RSA key encapsulation, PKCS#1.5, Diffie-Hellman, Digital signatures, PKI Slides (PDF)
Cryptography Nov 5	Guest lecture by Adam Everspaugh RNGs, password-based cryptography, WPA and aircrack Analysis of the Linux Random Number Generator, by Gutterman, Pinkas, and Reinman PKCS #5: Password-Based Cryptography Standard (reference only) Slides
Privacy, censorship, surveillance Nov 10	Onion routing, TOR, great firewall of China, deep packet inspection Tor: The Second-Generation Onion Router, by Dingledine et al. Ignoring the Great Firewall of China, by Clayton et al. Slides (PDF)
TBA Nov 12	TBA
Virtualization security Nov 17	Virtualization security, reset vulnerabilities, VM introspection, covert channels A Note on the Confinement Problem, by Lampson When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , by Garfinkel and Rosenblum When Good Randomness Goes Bad: VM Reset Vulnerabilities and Hedging Deployed Systems, by Ristenpart and Yilek Slides (PDF)
Cloud security Nov 19	Public cloud risk models, cloud cartography, placement abuse, side channels Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, by Ristenpart et al. AmazonIA: when elasticity snaps back, by Bugiel et al. Slides (PDF)
E-crime Nov 24	Spam, "crimeware", SEO, cloaking, traffic selling, phishing, credit-card fraud, cashing out The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, by DHS, SRI and APWG Money Mules: Sophisticated Global Cyber Criminal Operations, by iDefense Slides (PDF)
Nov 24	TBA
Nov 26	Class may be cancelled (TBA)
E-crime Dec 1	Empirical methods, measurement studies No Plan Survives Contact: Experience with Cybercrime Measurement, by Kanich et al. Click Trajectories: End-to-End Analysis of the Spam Value Chain, by Levchenko et al. Slidedeck from last lecture used
Dec 3	Bitcoin
Dec 8	Project presentations
Dec 10	Project presentations