Computer Security

CS642 Spring 2014: Computer Security

Instructor: Thomas Ristenpart
Instructor email: rist at cs dot wisc dot edu
Instructor office hours: Wednesday, 9:30-10:30 (CS building room 7387)
TA: Heming Shou
TA office hours: Tuesday, 3:00-5:00pm (3367 CS)
Lectures: MW 8:00am - 9:15am
Location: 1221 Computer Science and Stats Building
Final exam time slot: 5/17/2014 7:45am - 9:45pm

Updates:

Take-home final will be handed out in class on Wednesday, May 7. It will be due at start time of the final exam slot, 7:45am on May 17th.
Extra credit homework is now available here. It is due May 15th.
Homework 4 is now available here. It is due May 7th.
Homework 3 is now available here. It is due April 16th.
Homework 2 is now available here. It is due March 24th.
Class is cancelled for Wednesday March 5th.
Class is cancelled for Monday February 24th.
Code used for demo in lecture on Feb 3 is available here. You can copy it over into boxes, but you will need to adjust the sploitstr addresses to ensure the exploit works.
First homework assignment posted here. It is due February 19.
Initial course info and syllabus posted (subject to change!)

Summary:

Computer security is the study of computing systems in the presence of adversaries. This course will introduce students to security across a range of areas, including operating systems, low-level software, networks, cryptography, and the web. We'll study the techniques attackers use to break into systems and networks as well as the defense mechanisms used by security engineers to combat threats in the real world. We will discuss ethics.

Pre-requisites:

Students should have a reasonably good understanding of concepts from networking and operating systems. Familiarity with Intel assembly, C programming, the UNIX/Linux shell, one or more scripting languages (shell, python, perl, etc.) will be very helpful. Security is cross-cutting: understanding vulnerabilities and defenses against them will require diving deeply into perhaps unfamiliar topics. We'll try to cover in lecture the basic tools needed, but the ability to seek out and teach oneself will be requisite.

Requirements:

The class will consist of readings, homework assignments, a midterm, and a final.

Homework assignments (50%): These will be a combination of written questions and labs. For example, we will gain experience understanding how attackers can exploit common vulnerabilities. There will probably be four homework assignments spread throughout the semester.
Midterm (20%): More details will be forthcoming
Final (20%): More details will be forthcoming
Participation (10%) Feel free to bring your laptops, iPads, etc. to lecture. However, I will be bored if I am talking to a silent room, and my boredom might negatively impact your grades.

Collaboration / outside sources policy:

Homework assignments may sometimes be completed individually or with one partner, and the assignment will clearly specify which. If it is the former, discussing the assignment with a classmate is prohibited. If it is the latter, discussing the assignment with a classmate beyond your partner is prohibited. Of course we encourage discussion of more general topics in the class, so use your judgement.

Searching for general information on security topics is encouraged, but finding solutions to homework problems is academic misconduct.

If you have found a security tool not discussed in class and want to use it to aid you in the assignments, please email me with a link to the tool, a short description of the tool, and what you intend to use it for.

When work is done with a partner, a single writeup will be handed in. It is expected that both members be able to answer impromptu questions regarding all aspects of an assignment's solution.

Late assignments policy:

Assignments will be graded at some indeterminite and undisclosed time after the due date. You can turn in your assignment:

Before the due date/time. Good job!
After the due date but before grading occurs. You are a risk taker. You may or may not be penalized, depending on mood of the grader (myself or the TA).
After grading occurs. Your assignment probably won't get graded. This is referred to as a late assignment below.

If you feel that we have erred in our grading or you want to attempt to get a late assignment graded, then your task is now to convince me of this. In computer security this is referred to as "social engineering". You might approach me at office hours or after a lecture and make a case. My general proclivity is for ignoring such attempts. Cleverness will be appreciated, wasting my time will not.

Tentative syllabus:

The expected lecture schedule is below. We undoubtedly will modify the schedule as the class progresses.

A lot (if not the bulk) of lecture material will be drawn from the indicated readings. The readings are a combination of academic papers, industry reports, presentation slides, surveys, RFCs, etc. The expectation is that you skim materials before lecture. This means to understand the broad outlines of the paper's contents (i.e., what is the topic, main points as made in intro/abstract, etc.) You will want to read them in more detail later or use them as reference as you see fit. Being prepared to say something intelligent about (some) of the indicated readings at lecture will be an easy way to get participation credit.

Dates and Areas	Lecture topic and reading
Introduction Jan 22	Computer security, ethics, disclosure, security principles Reflections on Trusting Trust by Ken Thompson The Legitimate Vulnerability Market. Inside the Secretive World of 0-day Exploit Sales, by Charlie Miller Slides (PDF)
OS security basics Jan 27	(lecture by Matt Fredrekson) Access controls, capabilities, privilege levels, Biba and Bell-Lapadula Paul A. Karger, Roger R. Schell, Multics Security Evaluation: Vulnerability Analysis The protection of information in computer systems, by Saltzer and Schroeder A Large-Scale Study of Web Password Habits, by Florencio and Herley Slides (PDF) (Updated 1/29/14)
x86 review Jan 29	(lecture by Drew Davidson) Recall details of x86 ISA, process layout, etc. Slides (PDF) (Updated 1/29/14)
Low-level software security Feb 3	Buffer overflows, format string vulnerabilities, integer overflows, heap overflows Smashing the stack for fun and profit, by Aleph One Basic Integer Overflows, by blexim Exploiting Format String Vulnerabilities, by Scut and Team Teso U. Erlingsson, Y. Younan, and F. Piessens: Low-level Software Security by Example Slides (PDF)
Low-level software security Feb 5	Fuzzing, reverse engineering, static analysis, dynamic analysis How hackers look for bugs, by Dave Aitel Real world fuzzing, by Charlie Miller Slides (PDF)
Low-level software security Feb 10	Memory protection mechanisms (e.g., StackGuard, StackGhost, W^X, etc.), address randomization, sandboxing, containment, host IDS StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks, by Cowan et al. StackGhost: Hardware Facilitated Stack Protection, by Frantzen and Shuey On the effectiveness of address-space randomization, by Shacham et al. Adapting Software Fault Isolation to Contemporary CPU Architectures, by D. Sehr et al. (optional) Slides (PDF)
Network security Feb 12	ARP spoofing, 802.11, evil-twins, packet sniffing, man-in-the-middle Address Resolution Protocol Spoofing and Man-in-the-Middle Attacks, by B. Wagner and J. Bryner A look back at Security Problems in the TCP/IP Protocol Suite, by S. Bellovin Secure In-Band Wireless Pairing, by Gollakata et al. (optional) Wireshark tool (for reference) Slides (PDF)
Network security Feb 17	IP fragmentation attacks, UDP, TCP, Denial of service How a Bookmaker and a Whiz Kid Took On a DDOS-based Online Extortion Attack, by Berinato Practical network support for IP Traceback, by Savage et al. Inferring Internet Denial of Service Activity, by Moore, Voelker, Savage Slides (PDF)
Network security Feb 19	Port scanning, host fingerprinting, stealth scans, IDS NMAP Manual Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, by Ptacek and Newsham Slides (PDF)
Network security Feb 24	Class cancelled
Network security Feb 26	BGP/S-BGP, DNS/DNSsec, DNS cache poisoning, by Steve Friedl A survey of BGP security, Butler et al. Slides (PDF)
Web security Mar 3	Browser security, same origin, cookies Browser Security Handbook, by Zalewski (Part 2) Interpreter Exploitation, by Blazakis Browser Security: Lessons from Google Chrome, by C. Reis, A. Barth, and C. Pizano SQL Injection attacks, by Chris Anley Slides (PDF)
Web security Mar 5	Class may be cancelled (TBA)
Web security Mar 10	cross-site scripting, cross-site request forgery, SQL injection Clickjacking, by Hansen and Grossman Cross site scripting explained, by Amit Klein Robust Defenses for Cross-Site Request Forgery, by Barth, Jackson, Mitchell (particularly Sections 2, 3) Slides (PDF)
Midterm Mar 12	In-class midterm
Mar 17	Spring break
Mar 19	Spring break
Cryptography Mar 24	Overview of TLS (HTTPS), symmetric encryption, classical encryption, Shannon security, one-time pad encryption A Method for Obtaining Digital Signatures and Public Key Cryptosystems, by Rivest, Shamir, and Adleman Communication Theory of Secrecy Systems, by Shannon (for reference only) RFC 5246: Transport Layer Security (TLS) Protocol Version 1.2, by Dierks and Rescorla (for reference only) Slides (PDF)
Cryptography Mar 26	TLS record layer, security goal, block ciphers, modes of operation, hash functions, HMAC FIPS 1980 Standard 2: DES Modes of Operation (for reference only) Slides (PDF)
Cryptography Mar 31	Authenticated-encryption, password-based cryptography, WPA and aircrack PKCS #5: Password-Based Cryptography Standard (reference only) Slides (PDF)
Cryptography Apr 2	Public-key encryption, RSA basics, RSA key encapsulation, PKCS#1.5, Diffie-Hellman, Digital signatures, PKI Slides (PDF)
Cryptography Apr 7	Discuss Diffie-Hellman key exchange, ephemeral DH in TLS. Briefy introduce notion of side-channel attacks. Rando number generation Slides (PDF)
Privacy, censorship, surveillance Apr 9	Onion routing, TOR, great firewall of China, deep packet inspection Tor: The Second-Generation Onion Router, by Dingledine et al. Ignoring the Great Firewall of China, by Clayton et al. Slides (PDF)
Privacy, censorship, surveillance Apr 14	Continued on Tor, DPI, censorship. Discussion of FTE Tor: The Second-Generation Onion Router, by Dingledine et al. Protocol Misidentification Made Easy with Format-Transforming Encryption, by Dyer et al. Slides (PDF)
Virtualization security Apr 16	Virtualization security, reset vulnerabilities, VM introspection, covert channels A Note on the Confinement Problem, by Lampson When Virtual is Harder than Real: Security Challenges in Virtual Machine Based Computing Environments , by Garfinkel and Rosenblum When Good Randomness Goes Bad: VM Reset Vulnerabilities and Hedging Deployed Systems, by Ristenpart and Yilek Slides (PDF)
Cloud security Apr 21	Public cloud risk models, cloud cartography, placement abuse, side channels Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, by Ristenpart et al. AmazonIA: when elasticity snaps back, by Bugiel et al. Slides (PDF)
E-crime Apr 23	Spam, "crimeware", SEO, cloaking, traffic selling, phishing, credit-card fraud, cashing out The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond, by DHS, SRI and APWG Money Mules: Sophisticated Global Cyber Criminal Operations, by iDefense Slides (PDF)
E-crime Apr 28	Empirical methods, measurement studies No Plan Survives Contact: Experience with Cybercrime Measurement, by Kanich et al. Click Trajectories: End-to-End Analysis of the Spam Value Chain, by Levchenko et al. Slidedeck from last lecture used
Apr 30	TBA
May 5	Class may be canceled (TBA)
May 7	TBA