CIS 751/590, Fall 2008

Computer and Information Security

Course Goals

Course Schedule

• Week 1: Introduction and stack overflow attacks on Linux platforms. Slides.
  The source code getscore.c . The sample score file score.txt .
  The sample code for generating the malicious input.
  Programming Assignment 1: Remote buffer overflow attack.
  Reading Assignment 1: Setuid Demystified.
  Supplemental readings:
  Non-execute bit.
  Mitigating buffer overflows by operating system randomization.
  Install-time vaccination of windows executables to defend against stack smashing attacks .
  Non-control-data attacks are realistic threats.
  How to write a shellcode.
• Week 2: Setuid programs and stack overflow attacks. Slides.
  A sample program for circumventing stack randomization.
  
• Week 3: Introduction to heap overflow attacks. Slides.
  The heap.c program and the sample exploit generation program.
  Programming Assignment 2: Write a heap_overflow exploit for getscore2.c. Due: Sept 24 11:59pm.
  Reading Assignment 2: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86). Due: Sept 24.
  Supplemental readings:
  x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique. .
  Bypassing non-executable-stack during exploitation using return-to-libc.
  Getting around non-executable stack.
  Circumventing Stack Randomization.
  Advanced Doug Lea's malloc exploits.
• Week 4: Vulnerability Taxonomy.
• Week 5: Introduction to Windows exploits.
  Programming Assignment 3: Windows buffer overflow attack. Due: Oct 3. A sample solution.
  Reading Assignment 3: All Your iFRAMEs Point to Us. Due: Oct 8.
  
• Week 6: Authentication and Authorization 1. Slides.
  
• Week 7: Authentication and Authorization 1 continued.
  In-class lab: use Burp Suite to analyze web authentication.
  The digest of the secret site is simon:CIS751:dc1ad367999329e918b4c6493913fae8
  Programming Assignment 4: Write a program that searches for the plain-text password from a digest like the one above. Due: Oct 17, 11:59pm.
  Reading Assignment 4: Chapter 2: Protocols in Security Engineering, by Ross Anderson. Due: Oct 22.
  Non-graded assignment: Practice using OpenSSL for crypto operation.
  
• Week 8: Common authentication protocols. Slides.
  Reading Assignment 5 (due Oct 24):
  Kerberos: An Authentication Service for Computer Networks
  The Evolution of the Kerberos Authentication System.
  Homework 1 (due Oct 24)
  
• Week 9: Public-key infrastructure and logic-based authentication. Slides.
  Reading Assignment 6 (due Oct 31): Peter Gutmann's article on X.509 and his slides.
  Reading Assignment 7 (due Oct 31): Binder, a Logic-Based Security Language.
  Programming Assignment 5: Logic-based Authentication and Authorization. Due: Oct 31.
  Sample solutions: server policy, client certificate, and after imported. The complete file to run in XSB can be found here.
• Week 10: Student presentations.
• Week 11: Authorization and Network Security.
  Solutions to HW1.
  Programming Assignment 6: A repository manager with logic-based authorization. Due: Nov 17.
  The client code. Client's private key file. Sample client credential. Sample server policy.
  Server's transcript. Client's transcript.
  Supplemental reading:
  ARP Poisoning Attack. DNS Cache Poisoning Attack.
  IP Spoofing Attack .
  Using the Domain Name System for System Break-Ins.
  It's the End of the Cache as We Know It. Dan Kaminsky, Black Hat USA 2008
  DNS Poisoning: Developments, Attacks and Research Directions, David Dagon.
  USENIX Security 2008. (The slides and audio of the presentation can be found on Thursday's panel "Setting DNS's Hair on Fire".)
• Week 12: Enterprise network defense.
  Reading Assignment 8 (due Nov 21): Security Problems in the TCP/IP Protocol Suite.
  Supplemental reading:
  Problems With The FTP PORT Command
  US-CERT Vulnerability Note VU#328867
  Fang: A firewall analysis engine.
  MulVAL: A logic-based network security analyzer.
  Spamalytics: An Empirical Analysis of Spam Marketing Conversion
• Week 13: Web security. Access Control Matrix. Security Policies.
  Reading Assignment 9 (due Nov 24):
  Robust Defenses for Cross-Site Request Forgery
  SOMA: Mutual Approval for Included Content in Web Pages
  Supplemental reading:
  Cross-site Scripting Vulnerability.
  Risks of the Passport Single Signon Protocol.
• Week 15: Confidentiality Policies.
  Reading Assignment 10 (due Dec 8): Reflections on Trusting Trust.
  Supplemental reading:
  The Limits of Formal Security Models.
  A Failure to Learn from the Past.

Instructor and course meeting times

Instructor: Xinming (Simon) Ou.

Meeting time: MWF 4:30-5:20, at Nichols 127

Office hours: by appointment.

Prerequisites

Basic understanding of computer systems, including operating systems, networks, compilers, etc. This is a course that primarily targets graduate students and junior/senior-level undergraduate students in computer science and computer engineering.

Grading

There will be on average one assignment per week, which could be a written homework or a programming project. There will also be a nubmer of reading tasks handed out throughout the semester. At the end of the semester, you must also turn in a final report that focuses on a particular problem in the field of security. The topics for the report will be seeked out by the students and approved by the instructor. There will be one exam and a number of in-class quizzes. The purpose of the exam and quizzes is to make sure you understand the materials presented in the lectures and in the reading tasks. The break down of the final score of the course is:

• Assignments: 40%
• Exams and quizzes: 30%
• Final report: 20%
• Class participation: 10%

Acknowledgment

Contact