David Wagner (daw@cs, 629 Soda Hall, 642-2758)
Tu-Th, 10:30-12:00, 310 Soda
Wagner: Tu 2:30-3:30 in 629 Soda.
CS261: Security in Computer Systems. Prerequisite: CS162. Graduate survey of modern topics in computer security, including: protection, access control, distributed access control, Unix security, applied cryptography, network security, firewalls, secure coding practices, safe languages, mobile code, and case studies from real-world systems. May also cover cryptographic protocols, privacy and anonymity, and/or other topics as time permits. Term paper or project required. Three hours of lecture per week. (3 units)Prerequisites: CS 162 or equivalent. Familiarity with basic concepts in operating systems and networking.
An approximate list of course topics (subject to change; as time permits):
There will be a term project. You will do independent research in small groups (e.g., teams of 2--3). Projects may cover any topic of interest in systems security, interpreted broadly (it need not be a topic discussed in class); ties with current research are encouraged. A conference-style report on your results will be due on Monday, December 20th by 9am in the morning.
Information on projects is now available.
You are encouraged to start thinking of topics of interest early. Be ambitious! I expect that the best papers will probably lead to publication (with some extra work).
There will be approximately two to four homework assignments throughout the semester, to appear on the course webpage as they are assigned.
Reminder: Turn in your homeworks on paper at the beginning of class on the appropriate day. This deadline will be enforced strictly. Late homeworks will not be accepted.
Work on your own when doing homeworks. You may use any source you like (including other papers or textbooks), but if you use any source not discussed in class, you must cite it.
There is no required textbook. All reading will be from papers. Whenever possible, handouts and papers will be placed online on the web page; papers not available online will be handed out in class. A schedule of assigned readings is available below.
You will be required to write a brief "review" of each paper you read, to be submitted online before the beginning of the class when the reading is due. Your review should list the two or three most significant new insights you took away from the paper and its one or two most significant flaws or weaknesses or how it could be improved. (Unlike the standard refereeing process, you do not need to address the novelty of the paper. All of the papers you will read have been previously published.)
Submit your reviews (before class starts) at this URL:
You should have received a username and password by email. When you enter the site, you will receive a security warning (because I am using a self-signed SSL certificate); you will need to accept my public key and then enter your username and password. Please read the "Review Guidelines" on that site before entering reviews.
From time to time, we may discuss vulnerabilities in widely-deployed computer systems. This is not intended as an invitation to go exploit those vulnerabilities. It is important that we be able to discuss real-world experience candidly; students are expected to behave responsibly.
Berkeley's policy (and my policy) on this should be clear: you may not break into machines that are not your own; you may not attempt to attack or subvert system security. Breaking into other people's systems is inappropriate, and the existence of a security hole is no excuse.
The following schedule is tentative and subject to change.
|1||8/31||Overview; intro to computer security||
(no readings assigned)
Reflections on trusting
Rudimentary treatise on the construction of locks, Tomlinson.
A note on the confinement problem, Lampson.
Excerpts from the Orange Book, DoD.
(no readings assigned)
|6||9/16||Software security||Shifting the odds: Writing (more) secure software, Bellovin.|
|7||9/21||Vulnerabilities and mitigations||
Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks,
Cowan, Pu, Maier, Hinton, Bakke, Beattie, Grier, Wagle, and Zhang.
Detecting Format String Vulnerabilities With Type Qualifiers, Shankar, Talwar, Foster, Wagner.
(for the 2nd paper: read & review, but don't enter numeric scores)
|8||9/23||Privilege management||Extensible security architectures for Java, Wallach, Balfanz, Dean, Felten|
|9||9/28||Inline reference monitors||IRM enforcement of Java stack inspection, Erlingsson, Schneider|
|10||9/30||Capabilities||The Confused Deputy, Hardy|
|11||10/5||Network security||Security Problems in the TCP/IP Protocol Suite, Bellovin [html, pdf]|
|12||10/7||TCP/IP attacks||A simple active attack against TCP/IP, Joncheray|
|13||10/12||Firewalls||Firewall Gateways, Chapter 3 of Firewalls and Internet Security: Repelling the Wily Hacker, Cheswick and Bellovin (1st ed).|
|13||10/14||App-level firewalls||(no readings)|
|14||10/19||Infrastructure||Using the Domain Name System for System Break-ins, Bellovin|
|15||10/21||Intrusion detection||Bro: A System for Detecting Network Intruders in Real-Time, Paxson [also in html]|
|16||10/28||Cryptography||Why Cryptosystems Fail, Anderson|
|17||11/2||E-voting||Analysis of an Electronic Voting System, Kohno, Stubblefield, Rubin, Wallach|
|18||11/4||Kerberos||Designing an Authentication System: a Dialogue in Four Scenes, Bryant|
Prudent engineering practice for cryptographic protocols, Abadi and Needham
slides: ps, pdf.
|11/11||No class! (Veteran's day holiday)|
Authentication in Distributed Systems:
Theory and Practice, Lampson, Abadi, Burrows, and Wobber
Note: Skip Sections 4.3, 5.2, 5.3, 6, 7.1, 7.2, 8, 9, and the appendix.
Logic in Access Control, Abadi
SD3: A Trust Management System with Certified Evaluation, Jim
Optional: Binder, a logic-based security language, DeTreville
Proof-Carrying Code, Necula
Note: Skip the section labelled 'Safety proofs' and the appendix.
|11/25||No class! (Thanksgiving day holiday)|
Privacy-enhancing technologies for the Internet, Goldberg, Wagner, Brewer
(for the 1st paper: read & review, but don't enter numeric scores)
The design, implementation and operation of an email pseudonym server, Mazieres and Kaashoek
|24||12/2||Worms & viruses||
Guest lecture: Vern Paxson; slides
(no readings assigned)
(no readings assigned)
|26||12/9||Untrusted platforms||How to Hurt the Hackers: The Scoop on Internet Cheating and How You Can Combat It, Pritchard|
I always welcome any feedback on what I could be doing better. If you would like to send anonymous comments or criticisms, please feel free to use an anonymous remailer to send me email without revealing your identity, like this one.