CS 587: Computer Systems Security

A note about the course

This is a broad, conceptual course about computer security---% the problems we expore here are relevant to servers, desktops, phones, and the web. In general, computer security is the study of what is the effect on computing when there are attackers. The attacker is by defintion an intelligent adversary. Thus the attacker will seek the weakest link(s) in attacking a system. This threat cannot be defended against by a single technique or a single set of techniques. This course paints a broad picture of computer security, with an emphasis on how computer security affects computer systems.

This is a systems course, so it is advisable that students have some systems background and hence it is desirable to have a background in CS 385, CS 366, and/or CS 450. This is not a programming intensive course like CS 485 (Network Operating System Programming).

Announcements

  • Project presentation is from 3:00-6:00 on Thursday, Dec. 13th in Room 4224 SEL (west wing of SEL). Please send me email with a requested 15 minute slot, starting at a time divisible by 15.
    • 3:00 Saheel Sakharkar
    • 3:15 Mattia and Gabriele
    • 3:30 Davide and Andrea
    • 3:45 Tommaso Pozzetti
    • 5:30 Serzod Muminov
    • 5:45 George Kharchenko
  • HW2 (due 26.Nov): Chap. 7: 1, 4, 7, 10, 11, 12. Chap. 3: prob. 4, 5, 10, 14, 20, 23, 28, 35, 43, 47, 52, 55
  • HW2 (due 19.Nov): Chap 6: prob. 1, 2, 3, 8
    1. OS1 is evaluated at EAL3 while OS2 is evaluated at EAL4. Which is more secure? Explain.
    2. And OS and cryptographic authentication device are both evaluated at EAL4. Which is likely to be more secure? Expain.
    3. If Ethos were evaluated at EAL3 and Linux at EAL4, which would be more secure to write programs in? Explain.
    4. You can authenticate with a special purpose device or using a phone application. Which is likely to be more secure (assuming comprable assurance levels and why?
    5. You have a seperate VM for for holding your passwords in a password manager. How is that better than holding it in the same VM where you use it? How does that effect the ability to assure it?
    6. Your processor has a discrete TPM (Trusted Platform Module) for holding cryptographic keys. How can this be used to improve the encryption on your disk or checks that the software comes from a approved source?
  • test: Nov. 28th
  • HW1 (due 12.Nov): Chap 4: prob. 1, 3, 5, 8, 11, 16, 19. Chap 5: prob. 1, 2, 4, 8, 17, 22, 24.
    1. Ethos has typed I/O. What kind of attacks does that prevent? What kind of attacks remain?
    2. Ethos encrypts all network connections and cryptographically authenticates users and hosts. What kind of attacks does that prevent?
    3. Services today are typically implemented on VMs today, a separate VM for each service. What are the advantages of this?
    4. Qubes OS separates different uses into separate VMs implemented on top of Xen. Dom0 VM has no network access. Sys-firewall VM performs firewall rules. Sys-net VM contains no applications; Application VMs connect to the network through sys-net. User seperates different types of activities into different VMs. Describe how this improbes security.
  • Project proposals due Wed. Nov. 7. (Project due during final exam week.) These are 1 or 2 person projects. You should either do an experimental project or a research project (looking into some problem). Suggestions include: Security of specific virtualization or container models; OS security analysis relative to a set of vulnerabilities; hardware vulnerability (such as Spectre); privacy issues in communication networks (such as Tor), for example, statistical confirmaiton attack; Programming language security impact on a particular issue such as threads, memory allocation, etc.; Implementation of some interesting application on Ethos; or propose your own. We'll talk about these in class on Wed.
  • First Ethos program: Ethos stores log entries under the /log directory, in general one subdirectory per program (such as kernel, applications, ...) You are to write a program: logGrep path expr where path is a path to which "/log/" is pre-pended and expr is an arbitrary regular expression. logGrep searches through the log directory, reads in each string, does a pattern match against it, and outputs to directory /user/me/matches the matching lines. Due: 24 Oct, Midnight

Required Text

    We'll be using my manuscript which we used last time. Its over 500 pages at this point (we cover about 1/2 in this course) plus front and back matter.

Required work

  1. 1 Midterm (20%)
  2. 1 Final (30%)
  3. Class Project (30%)
  4. Programming project (Ethos) (10%)
  5. Homeworks (10%)

Description

This course explores in depth Computer Security. Computer security is a subject of growing concern as a result of increasing
  1. number of computers on the Internet;
  2. number of services on the Internet;
  3. amount of sensitive information on the Internet;
  4. reliance on computers for organizations; and
  5. commonality of software and hardware.

Syllabus

This course will examine:
  • Definition of computer security
  • Computer systems structure and its impact on security
  • Attacks
  • Errant programs
  • Assurance that systems meet their security goals
  • Security models (eg. Chinese Wall, Bell-LaPadula, and Clark Wilson) and properties (eg. information flow, non-interference, separation of duties)
  • Authentication
  • Access control models, their use and analysis (eg. POSIX/Unix models, Lattice, Type enforcement, LEAP)
  • Covert channels and their analysis
We shall examine these issues from the perspective of the white hats--those that protect the system--and the black hats--those that attack the system.

This is a systems course, and while it is intended to be self-contained will explore issues primarily in software including operating systems and applications software.

Recommended Reading

  • Ross Anderson, Security Engineering, John Wiley. (Really nice discussions of many topics and very readable. Highly recommended.)
  • Pfleeger and Pfleeger, Security in Computing, Prentice-Hall, 3rd Edition. (Used previously for this course, good coverage of OS issues.)
  • Gollmann, Computer Security, John Wiley. (Broad coverage, but terse)

Undergraduates wishing to take the course should send me email with the following information:

  • Number of completed credit hours
  • Any required courses not yet taken.
  • List of 400 level courses taken (and grades achieved).
  • Background in OS
  • Are you requesting course count as a technical elective (this will be harder)
  • Have you filed a petition?
  • Reason for wanting to take the course

Jon A. Solworth
Last modified: 29 August 2012