CIS 798, Fall 2006

Computer and Information Security

Course Goals

This course aims at providing a comprehensive understanding of computer and information security. The course materials cover basic cryptography, access control, authentication, digital identity management, network security, software security, and social aspects of security. Not only mechanisms for enhancing security will be taught, a great deal of the course is also to discuss when and where things can go wrong and how design flaws in a system can be exploited to compromise security. Common attack techniques will be introduced and students will have the opportunity to work on course projects that cover both the defense and offense aspects in cyber space. The goal of the course is to give students a solid theoretical foundation for computer and information seucrity, and hands-on experience in applying the theory to practice. Interesting research topics can also be derived from course projects.

Course Schedule

Lecture 1: Introduction and a small example. Slides. The source code getscore.c . The sample score file score.txt .
Lecture 2: Setuid program and buffer overflow attacks. Slides. Assignment 1: Read the paper Setuid Demystified.
Lecture 3: More on code injection attacks. Slides. Source code testsetuid.c
Supplemental readings:
Non-execute bit.
Mitigating buffer overflows by operating system randomization.
Install-time vaccination of windows executables to defend against stack smashing attacks .
Non-control-data attacks are realistic threats.
Lecture 4: Authentication and Authorization. Slides.
Lecture 5: Authentication protocol. Slides.
Supplemental reading:
MIG-in-the-Middle Attack, Ross Anderson, Security Engineering, 2.2.2.
Lecture 6: Assignment 2: Remote buffer overflow attack.
Lecture 7: Authentication and Authorization continued. Slides.
Source code for chroot jail and two-factor authentication:
chroot_jail_sudo.c , chroot_jail_sudo.sh , sudoers .
check_login.pl .
Lecture 8: SSH public key-based authentication. Slides.
Lecture 9: Kerberos. Slides.
Lecture 10: Kerberos continued. Slides.
Source code for chroot jail in the quiz and the program to break out of a chroot jail:
chroot_jail.c, break_chroot.c
Assignment 3: Reading:
Kerberos: An Authentication Service for Computer Networks
The Evolution of the Kerberos Authentication System.
Lecture 11: Public-key infrastructure. Slides.
Lecture 12: X.509 and its problems. Slides.
Supplemental reading: Peter Gutmann's article on X.509 and his slides.
Lecture 13: Logical foundations for authentication and authorization. Slides. Handout.
Lecture 14: Authorization in a distributed environment. Slides.
Supplemental reading:
Article on SDSI and Ron Rivest's slides.
The nature of a usable PKI, by Carl Ellison (handed out in class).
Lecture 15: Logic-based authorization. Slides. Sample source code: x509.P grid.P
Assignment 4: Read the paper Binder, a Logic-Based Security Language.
Supplemental reading: What you always wanted to know about Datalog (and never dared to ask)
Lecture 16: Assignment 5: A repository manager with logic-based authorization.
Sample policy and messages:
client_credentials.msg server_challenge.msg client_response.msg client_request.msg server_reply.msg
server_policy.P client_credentials_transformed.P main.P
Lecture 17: Network Security. Slides.
Supplemental reading:
ARP Poisoning Attack. DNS Cache Poisoning Attack.
IP Spoofing Attack .
Using the Domain Name System for System Break-Ins.
Lecture 18: Network Security -- continued. Slides.
Supplemental reading:
Security Problems in the TCP/IP Protocol Suite. SYN flooding and IP spoofing.
Lecture 19: DNSSEC Slides.
Lecture 20: IPSec Slides. Assignment 6: Reading:
Fang: A firewall analysis engine.
MulVAL: A logic-based network security analyzer.
Election-day reading: Voting-machine Security.
Analysis of an Electronic Voting System.
Security Analysis of the Diebold AccuVote-TS Voting Machine.
Ceci n'est pas une urne:
On the Internet vote for the
Assemblée des Français de l'Etranger .
Lecture 22: Electronic-voting security: Slides.
Tabling in XSB. Sample code: reachable.P lawfirm.P
Lecture 23: Firewalls. Slides.
Supplemental readings: Security problems caused by FTP PORT and PASV commands.
US-CERT Vulnerability Note VU#328867
Problems With The FTP PORT Command
Lecture 24: Logic-based network security analysis. Slides.
Supplemental reading: A scalable approach to attack graph generation.
Lecture 25: Cryptographic Hash Functions. Slides.
Supplemental video: Recent Attacks on MD5, by John Black, University of Colorado at Boulder.
(Courtesy CERIAS , Purdue University).
Lecture 26: Message Authentication Code. Slides.
Supplemental reading: The HMAC papers
Lecture 27: Symmetric cipher. Slides.

Instructor and course meeting times

Instructor: Xinming (Simon) Ou.
Meeting time: TTh, 8:05-9:20, in the conference room (Nichols 236).
Office hours: Fri, 2-4, Nichols 318

Prerequisites

Basic understanding of computer systems, including operating systems, networks, compilers, etc. This is a course that primarily targets graduate students and junior/senior-level undergraduate students in computer science and computer engineering.

Grading

You will complete several assignments during the semester. An assignment could be a written homework, a programming project, or a reading task. For every assignment, you have two weeks to finish. At the end of the semester, you must also turn in a final report that focuses on a particular problem in the field of security. The topics for the report will be given out throughout the course. You are also welcome to come up with your own idea on what to write about in the report, but please discuss it with the instructor before start working on it. There is also a mid-term exam and possibly quizzes in classes. The purpose of the exam and quizzes is to make sure you understand the materials presented in the lectures and in the reading tasks. The break down of the final score of the course is:

Assignments (including quizzes): 40%
Mid-term: 20%
Final report: 40%

Contact

Questions can be emailed to xou (put some stuff here) ksu (a little dot) edu.