CS642 Spring 2014: Computer Security

Instructor: Thomas Ristenpart
Instructor email: rist at cs dot wisc dot edu
Instructor office hours: Wednesday, 9:30-10:30 (CS building room 7387)
TA: Heming Shou
TA office hours: Tuesday, 3:00-5:00pm (3367 CS)
Lectures: MW 8:00am - 9:15am
Location: 1221 Computer Science and Stats Building
Final exam time slot: 5/17/2014 7:45am - 9:45pm



Computer security is the study of computing systems in the presence of adversaries. This course will introduce students to security across a range of areas, including operating systems, low-level software, networks, cryptography, and the web. We'll study the techniques attackers use to break into systems and networks as well as the defense mechanisms used by security engineers to combat threats in the real world. We will discuss ethics.


Students should have a reasonably good understanding of concepts from networking and operating systems. Familiarity with Intel assembly, C programming, the UNIX/Linux shell, one or more scripting languages (shell, python, perl, etc.) will be very helpful. Security is cross-cutting: understanding vulnerabilities and defenses against them will require diving deeply into perhaps unfamiliar topics. We'll try to cover in lecture the basic tools needed, but the ability to seek out and teach oneself will be requisite.


The class will consist of readings, homework assignments, a midterm, and a final.

Collaboration / outside sources policy:

Homework assignments may sometimes be completed individually or with one partner, and the assignment will clearly specify which. If it is the former, discussing the assignment with a classmate is prohibited. If it is the latter, discussing the assignment with a classmate beyond your partner is prohibited. Of course we encourage discussion of more general topics in the class, so use your judgement.

Searching for general information on security topics is encouraged, but finding solutions to homework problems is academic misconduct.

If you have found a security tool not discussed in class and want to use it to aid you in the assignments, please email me with a link to the tool, a short description of the tool, and what you intend to use it for.

When work is done with a partner, a single writeup will be handed in. It is expected that both members be able to answer impromptu questions regarding all aspects of an assignment's solution.

Late assignments policy:

Assignments will be graded at some indeterminite and undisclosed time after the due date. You can turn in your assignment: If you feel that we have erred in our grading or you want to attempt to get a late assignment graded, then your task is now to convince me of this. In computer security this is referred to as "social engineering". You might approach me at office hours or after a lecture and make a case. My general proclivity is for ignoring such attempts. Cleverness will be appreciated, wasting my time will not.

Tentative syllabus:

The expected lecture schedule is below. We undoubtedly will modify the schedule as the class progresses.

A lot (if not the bulk) of lecture material will be drawn from the indicated readings. The readings are a combination of academic papers, industry reports, presentation slides, surveys, RFCs, etc. The expectation is that you skim materials before lecture. This means to understand the broad outlines of the paper's contents (i.e., what is the topic, main points as made in intro/abstract, etc.) You will want to read them in more detail later or use them as reference as you see fit. Being prepared to say something intelligent about (some) of the indicated readings at lecture will be an easy way to get participation credit.

Dates and Areas Lecture topic and reading
Jan 22
Computer security, ethics, disclosure, security principles
Slides (PDF)
OS security basics
Jan 27
(lecture by Matt Fredrekson) Access controls, capabilities, privilege levels, Biba and Bell-Lapadula Slides (PDF) (Updated 1/29/14)
x86 review
Jan 29
(lecture by Drew Davidson) Recall details of x86 ISA, process layout, etc.
    Slides (PDF) (Updated 1/29/14)
    Low-level software security
    Feb 3
    Buffer overflows, format string vulnerabilities, integer overflows, heap overflows Slides (PDF)
    Low-level software security
    Feb 5
    Fuzzing, reverse engineering, static analysis, dynamic analysis Slides (PDF)
    Low-level software security
    Feb 10
    Memory protection mechanisms (e.g., StackGuard, StackGhost, W^X, etc.), address randomization, sandboxing, containment, host IDS Slides (PDF)
    Network security
    Feb 12
    ARP spoofing, 802.11, evil-twins, packet sniffing, man-in-the-middle Slides (PDF)
    Network security
    Feb 17
    IP fragmentation attacks, UDP, TCP, Denial of service Slides (PDF)
    Network security
    Feb 19
    Port scanning, host fingerprinting, stealth scans, IDS Slides (PDF)
    Network security
    Feb 24
    Class cancelled
    Network security
    Feb 26
    BGP/S-BGP, DNS/DNSsec, Slides (PDF)
    Web security
    Mar 3
    Browser security, same origin, cookies Slides (PDF)
    Web security
    Mar 5
    Class may be cancelled (TBA)
    Web security
    Mar 10
    cross-site scripting, cross-site request forgery, SQL injection Slides (PDF)
    Mar 12
    In-class midterm

    Mar 17
    Spring break

    Mar 19
    Spring break
    Mar 24
    Overview of TLS (HTTPS), symmetric encryption, classical encryption, Shannon security, one-time pad encryption Slides (PDF)
    Mar 26
    TLS record layer, security goal, block ciphers, modes of operation, hash functions, HMAC Slides (PDF)
    Mar 31
    Authenticated-encryption, password-based cryptography, WPA and aircrack Slides (PDF)
    Apr 2
    Public-key encryption, RSA basics, RSA key encapsulation, PKCS#1.5, Diffie-Hellman, Digital signatures, PKI
    Slides (PDF)
    Apr 7
    Discuss Diffie-Hellman key exchange, ephemeral DH in TLS. Briefy introduce notion of side-channel attacks. Rando number generation
    Privacy, censorship, surveillance
    Apr 9
    Onion routing, TOR, great firewall of China, deep packet inspection Slides (PDF)
    Privacy, censorship, surveillance
    Apr 14
    Continued on Tor, DPI, censorship. Discussion of FTE Slides (PDF)
    Virtualization security
    Apr 16
    Virtualization security, reset vulnerabilities, VM introspection, covert channels Slides (PDF)
    Cloud security
    Apr 21
    Public cloud risk models, cloud cartography, placement abuse, side channels Slides (PDF)
    Apr 23
    Spam, "crimeware", SEO, cloaking, traffic selling, phishing, credit-card fraud, cashing out Slides (PDF)
    Apr 28
    Empirical methods, measurement studies Slidedeck from last lecture used

    Apr 30

    May 5
    Class may be canceled (TBA)

    May 7