CSE544/Spring 2010 - Course Calendar

Below is the calendar for this semester course. This is the preliminary schedule, which may need to be altered as the semester progresses. It is the responsibility of the students to frequently check this web-page for schedule, readings, and assignment changes. As the professor, I will attempt to announce any change to the class, but this web page should be viewed as authoritative. If you have any questions, please contact me (contact information is available at the course homepage).

Operating Systems Security - Ch 12

Date Topic Assignments Due Readings (read before class) Slides
1/12/10 - No class
1/14/10 Introduction

Smashing the Stack for Fun and Profit, Aleph One, Phrack, 1998.

Smashing the Modern Stack for Fun and Profit, Craig J. Heffner, The Ethical Hacker, 2009.

lecture 1

1/19/10 Protection

Proj. 1: Buffer Overflow

Due: M 2/1/10 5:00p

Operating Systems Security - Ch 1

Chapter 2: Why Systems Are Not Secure?. Morrie Gasser, in Building a Secure Computer System, 1988.

The Risks Digest.

Security Focus: Bugtraq.

lecture 2

1/21/10 Security Principles

Operating Systems Security - Ch 2

Computer Security Archives Project, Matt Bishop, UC Davis.

Computer Security Technology Planning Study, Anderson, J. P., ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206]; Volume I.

Reference Monitor Concept, Trent Jaeger, Encyclopedia of Cryptography and Security, 2010.

lecture 3

1/26/10 Multics

Operating Systems Security - Ch 3

Introduction and Overview of the Multics System F. J. Corbato and V. A. Vyssotsky, in Proceedings of the Fall Joint Computer Conference, 1965.

lecture 4
1/28/10 Multics Challenges

Multics Security Evaluation: Vulnerability Analysis. Paul A. Karger and Roger R. Schell, Tech report ESD-TR-74-193, Hanscom AFB.

Final Report of the Multics Kernel Design Project. Part I, pgs 1-13 Tech Report MIT/LCS/TR-196, Michael Schroeder, David Clark, Jerome Saltzer, D. Wells, MIT, 1977

lecture 5
2/2/10 Ordinary Operating Systems

VMware and kernel install notes

Operating Systems Security - Ch 4

lecture 6
2/4/10 Mandatory Access Control

Operating Systems Security - Ch 5

lecture 7
2/9/10 Mandatory Access Control

Lattice-Based Access Control Models. Ravi S. Sandhu, IEEE Computer, 1993.

lecture 8
2/11/10 Security Kernels

Proj. 2: Linux Security Module

Due: Th 2/25/10 11:59p

Operating Systems Security - Ch 6

Scomp: A Solution to the Multilevel Security Problem. Lester J. Fraim in IEEE Computer, 1983.

lecture 9
2/16/10 Security Kernels

Fault Isolation for Device Drivers. Jorrit N. Herder, Herbert Bos, Ben Gras, Philip Homburg, and Andrew S. Tanenbaum, in Proceedings of the 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'09), pgs. 33-42, July 2009.

lecture 10
2/18/10 Retrofit Commercial

Operating Systems Security - Ch 7

lecture 11
2/23/10 Trusted Solaris

Operating Systems Security - Ch 8

lecture 12
2/25/10 MAC OS Systems - Linux

Linux Security Modules: General Security Support for the Linux Kernel. Chris Wright, Crispin Cowan, Stephen Smalley, James Morris, and Greg Kroah-Hartman, in Proceedings of the 11th USENIX Security Symposium, 2002.

lecture 13
3/2/10 MAC OS Systems - SELinux

Operating Systems Security - Ch 9

lecture 14

SELinux Policy

SELinux Design

3/4/10 SELinux Policy and Analysis

Project 3 Program

Analyzing Integrity Protection in the SELinux Example Policy. Trent Jaeger, Xiaolan Zhang, and Reiner Sailer, in Proceedings of the 12th USENIX Security Symposium, 2003.

lecture 15
3/8/10-3/12/10 - No class - Spring Break
3/16/10 Capability Systems

In Room 222 IST

Proj. 3: Attack Surface

Operating Systems Security - Ch 10

A Secure Identity-Based Capability System. L. Gong, 1989 IEEE Symposium Security and Privacy, May 1989.

lecture 16
3/18/10 Virtual Machine Systems

Operating Systems Security - Ch 11

lecture 17
3/23/10 Virtual Machine Systems

Overshadow: A Virtualization-Based Approach to Retrofitting Protection in Commodity Operating Systems. Xiaoxin Chen, Tal Garfinkel, E. Christopher Lewis, Pratap Subrahmanyam, Carl A. Waldspurger (VMware), Dan Boneh (Stanford), Jeffrey Dwoskin (Princeton), and Dan R.K. Ports (MIT), in Proceedings of the 2008 Conference on Architectural Support for Programming Languages and Operating Systems, 2008.

Splitting Interfaces: Making Trust Between Applications and Operating Systems Configurable. Richard Ta-Min, Lionel Litty and David Lie, in Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2006). Pages 279-292. November 2006.

lecture 18
3/25/10 Catch Up

Take Home Exam - Due 3/30/10

3/30/10 Assurance

seL4: Formal Verification of an OS Kernel. Gerwin Klein et al, in Proceedings of the 22nd ACM Symposium on Operating Systems Principles, October 2009.

lecture 19 seL4
4/1/10 Practical Integrity

Usable Mandatory Integrity Protection for Operating Systems. Ninghui Li, Ziqing Mao, and Hong Chen, in Proceedings of the 2007 IEEE Symposium on Security and Privacy, 2007.

Toward Automated Information-Flow Integrity Verification for Security-Critical Applications. Umesh Shankar, Trent Jaeger, and Reiner Sailer, in Proceedings of the Symposium on Network and Distributed Systems Security, 2006.

UMIP CW-Lite
4/6/10 Application Security

A Decentralized Model for Information Flow Control. Andrew Myers and Barbara Liskov, in Proceedings of the 16th ACM Symposium on Operating Systems Principles, 1997.

DLM
4/8/10 Decentralized Info Flow

Information flow control for standard OS abstractions. Maxwell Krohn et al, in Proceedings of the ACM Symposium on Operating Systems Principles, 2007.

Flume
4/13/10 Application Integrity

Control-flow Integrity. Martin Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti, in Proceedings of the 12th ACM Conference on Computer and Communications Security, 2005.

Securing software by enforcing data-flow integrity. Miguel Castro, Manuel Costa, and Tim Harris, in Proceedings of the 7th Symposium on Operating Systems Design and Implementation, 2006.

CFI DFI
4/15/10 Storage Security

Rootkit-Resistant Disks. Kevin R. B. Butler, Stephen McLaughlin and Patrick D. McDaniel, in Proceedings of the 15th ACM Conference on Computer and Communications Security, 2008.

RRD
4/20/10 Trustworthy Computing

Outbound Authentication for Programmable Secure Coprocessors. Sean W. Smith, International Journal on Information Security, May 2004.

Design and Implementation of a TCG-based Integrity Measurement Architecture. Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn, in Proceedings of the 13th USENIX Security Symposium, August 2004.

OA IMA
4/22/10 System-Wide Integrity

Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications. Davide Balzarotti et al. in Proceedings of the 2008 IEEE Symposium on Security and Privacy, 2008.

Saner
4/27/10 Web Systems Security

Secure web browsing with the OP web browser. Chris Grier, Shuo Tang, and Samuel T. King (UIUC), in Proceedings of the 2008 IEEE Symposium on Security and Privacy, 2008.

OP
4/29/10 Final Exam -- in class

CSE544 - Spring 2010

Last modified: Mon Mar 29 09:59:01 EST 2010