CSE597A - Topics in Systems and Program Security - Fall 2008

Instructor Trent Jaeger (tjaeger 'at' cse.psu.edu)
Location 333 IST
Meeting Times MF 9:45am-11:00am
Credits 3
Office Hours Prof. Jaeger, 346A IST: MTu 3-4 or by appointment


In this course, we explore techniques to build systems and programs securely. Since perfect security is not possible, we examine the classical security requirements (to determine our goals), techniques for implementing systems and programs to achieve those goals (both old and new), and then experiment with practical techniques to enable measurable secure in the systems and programs that we will build.

Topics will include program security, operating system security, virtual machine security, storage security, trusted computing, and distributed systems security. We will review a combination of classic papers (to set the desired goals) and recent papers (to explore emerging techniques). The intent is not solely to explore techniques, but to build approaches in which the security of system (in particular its risks) can be precisely articulated.

A detailed list of a lecture by lecture contents, assignments, and due dates (subject to change as semester evolves) is available on the course calendar.


The course will be graded on course projects, paper presentations, occasional quizzes, and class participation in the following proportions:

20% Mid-term Project
30% Final Project
20% Presentations
10% Quizzes and Other Assignments
20% Class Participation

Course Projects

This is primarily a project course, and I expect that you already have a security project ongoing. If not, you will need to do a security evaluation of some Linux software. In the first project, I want an evaluation of how your current work satisfies and does not satisfy ideal security goals. Such an assessment must be precise and comprehensive. If you are breaking a system, you should still be able to assess how that system fails relative to ideal system security goals.

In the second project, you should aim to use (improve) on the tools and techniques discussed in the class to really define measurable security for some aspect of your first project. I will expect that a more formal argument about the security of your system (and also its insecurity) will be made.

Grades will be based on the following factors: depth, correctness, clarity of presentation, and effort.


Quizzes will be given at the beginning of class and will cover topics from the prior lectures and readings. It is strongly suggested that students do the reading prior to this class, as a good percentage of their grade will depend on this paper. Quizzes will be announced in advance. Quizzes missed because of absences cannot be made up unless arrangements are made with the instructor prior to the course meeting.

Class Participation

Class participation focuses on the assigned papers for the class. During the lecture, we will discuss the paper, focusing on the concepts discussed earlier in the class. Students are required to participate in discussions of the paper during each lecture. Ultimately, the students' ability to exhibit comprehension of papers is essential to a good grade.

Lateness Policy

All milestones are assesed a 10% per-day late penalty, up to a maximum of 4 days. Unless the problem is apocalyptic, don't give me excuses. Students with legitmate reasons who contact the professor before the deadline may apply for an extension.

Required Texts

Most of the course readings will come from seminal papers in the field and from chapters in my forthcoming book that we will make available via the SIIS wiki. Make sure that you have access to the wiki.

Course Outline

A rough outline of the class is as follows:

  1. Introduction
    1. What is a "secure" component?
    2. What is effective security enforcement look like?
    3. What are security goals?
  2. Security Challenges: Malware attacks on
    1. interfaces
    2. kernels
    3. configurations
    4. and permissions
  3. OS Security
    1. Security Kernels
    2. MAC OS -- SELinux
    3. MAC OS -- Asbestos and derivatives
    4. OS and Program Configuration
  4. Program Security
    1. N-Variants
    2. Flow Integrity
    3. Specifications
    4. Malware Flows
  5. Web Systems
    1. Malware
    2. Privilege Separation
    3. Containment
  6. Virtual Machines
    1. Background
    2. Security Issues
    3. Security Architectures
  7. Special Topics
    1. Trusted Computing
    2. Distributed Systems
    3. (Distributed) Storage

Ethics Statement

This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

When in doubt, please contact the instructor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from Professor Jaeger.

CSE 597A - Fall 2008

Last modified: Tu Aug 15 12:34:04 EDT 2008