Introduction to Security -- Fall '05

COMS W4995.002
MonWed 02:40P-03:55 PM
1127 Mudd
Courseworks page

Introduction to computer and network security concepts and mechanisms; measures employed in countering such threats. Concepts and tools available in order to assume an appropriate security posture. Foundations of security. Identification, authentication, authorization. Software design for security and assurance. Hardware assists. Introduction to cryptography and cryptographic protocols (Kerberos, SSL). Firewalls.

Tentative Syllabus

What is security?
Security models (Bell-Lapadula, Biba, etc.)
Designing for/with security
Identity, authentication, authorization, audit
Device and software authentication
Assurance
Confinement
Software security
Hardware features
Random number generators
Biometrics

There will be a midterm, a final, and approximately 5 homework assignments.

Textbook

Matt Bishop
Introduction to Computer Security
Addison-Wesley-Longman
ISBN: 0-321-24744-2

TAs

Peter Lin cl2399@columbia.edu
Office hours: 4-6pm Thursday, Mudd 122A.

Pinxing Ye py2125@cs.columbia.edu
Office hours: 11-1pm Tuesday, Mudd 122A.

Lectures

Sep 7

Introduction; Administrivia

Sep 12

Access control

Sep 14

Complex access control

Homework due Sep 28.
Grade histogram.

Sep 19

Privileges

Sep 21

Authentication
Reading:

Password security: a case history - Robert Morris and Ken Thompson, Communications of the ACM, Volume 22, Issue 11 (November 1979), Pages: 594 - 597
Textbook - Chapter 11 of Bishop
Dr. Fun (recommended)

Sep 26

Biometrics; Authentication as a Systems Problem
Reading:

Chapter 5 of Who Goes There? Authentication Through the Lens of Privacy

Certificates:

Sep 28

Cryptography; Cryptographic Engineering 1
Reading:

Textbook - Chapters 8 and 9
M. Blaze. "A Cryptographic File System for Unix." Proceedings of the First ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993.
"The CryptoGraphic Disk Driver", Roland C. Dowdeswell, The NetBSD Project; John Ioannidis, AT&T Labs Research, USENIX 2003 Annual Technical Conference, FREENIX Track

Oct 3

Public key cryptography; hash functions
Reading:

New Directions in Cryptography, Whitfield Diffie and Martin E. Hellman, IEEE Transactions on Information Theory, vol IT-22, number 6, pp. 644--654, November 1976.
British invention of non-secret encryption (recommended)
Nuclear Weapons and public-key crypto (recommended)
The Case for Elliptic Curve Cryptography (recommended)
A method for obtaining digital signatures and public-key cryptosystems, R. L. Rivest, A. Shamir, L. Adleman, Communications of the ACM, Volume 21 Issue 2, February 1978. (recommended)

Oct 5

Key management and handling; random numbers
Reading:

Public Key Cryptography: The First Ten Years, Whit Diffie, Proceedings of the IEEE, vol. 76, no. 5, May 1988, pp: 560-577
Using encryption for authentication in large networks of computers, Roger M. Needham, Michael D. Schroeder, December 1978, Communications of the ACM, Volume 21 Issue 12
Randomness Requirements for Security, RFC 4086, D. Eastlake, 3rd, J.Schiller, S. Crocker. June 2005.

Homework 2, due October 19
Grade histogram.

Oct 10

Secure programming
Reading:

The emperor's old clothes, Charles Antony Richard Hoare, February 1981, Communications of the ACM, Volume 24 Issue 2
Smashing The Stack For Fun And Profit, Aleph One, Phrack 49, Volume Seven, Issue Forty-Nine, File 14 of 16
Exploiting Format String Vulnerabilities, scut / team teso, March 17, 2001, Version 1.0
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. Proceedings of the 7th USENIX Security Symposium, January 1998, San Antonio, TX.
Building Secure Software, John Viega and Gary McGraw, Addison-Wesley, 2002. (on reserve in Engineering Library) (Recommended)
Secure Coding in C and C++, Robert C. Seacord, Addison-Wesley, 2006. (Recommended)

Oct 12

Secure programming
Reading:

Preparation of Internationalized Strings ("stringprep"), Paul Hoffman, RFC 3454, December 2002.
Checking for Race Conditions in File Accesses, Matt Bishop and Michael Dilger, Computing Systems 9 (2) pp. 131-152 (Spring 1996). (recommended)
setuid - checklist for security of setuid programs (recommended0
Writing Safe SetUID Programs, Matt Bishop (recommended)

October 17

Protecting the Client
Reading:

Reading Between the Lines: Lessons from the SDMI Challenge, Scott A. Craver, Min Wu, Bede Liu, Adam Stubblefield, Ben Swartzlander, Dan W. Wallach, Drew Dean, and Edward W. Felten. Proc. of 10th USENIX Security Symposium, August 2001.
Viewpoint: the ACM declaration in Felten v. RIAA, Simons, B. 2001. Commun. ACM 44, 10 (Oct. 2001), 23-26.
Java Card Security: How Smart Cards and Java Mix, From Securing Java: Getting Down to Business with Mobile Code, Gary McGraw and Ed Felten, John Wiley & Sons, 1999.
MYK-78 CLIPPER CHIP: ENCRYPTION/DECRYPTION ON A CHIP (recommended)
Using Memory Errors to Attack a Virtual Machine, A. Appel and S. Govindavajhala. In IEEE Symposium on Security and Privacy, 2003 ( "Oakland Security Conference"). (recommended)
Overview of Differential Power Analysis, An engineering overview of Differential Power Analysis by Paul Kocher, Joshua Jaffe, and Benjamin Jun. (recommended)
Information Hiding: A Survey, Fabien A. P. Petitcolas, Ross J. Anderson and Markus G. Kuhn, Proceedings of the IEEE, special issue on protection of multimedia content, 87(7):1062{1078, July 1999. (recommended)

Homework 3, due November 2

October 19

Midterm Review

October 24

Midterm

Grade histogram.

October 27

Midterm Post-mortem; Architecture

October 31

Architecture
Reading:

Security Tips, Apache 2.0 (recommended)
suEXEC Support, Apache 2.0 (recommended)

November 2

The Confinement Problem
Reading:

Textbook, Chapter 16
A domain and type enforcement UNIX prototype, Lee Badger, Daniel F. Sterne, David L. Sherman, and Kenneth M. Walker. USENIX Computing Systems, 9(1):47--83, Winter 1996. (recommended)
A Secure Environment for Untrusted Helper Applications, Ian Goldberg, David Wagner, Randi Thomas and Eric A. Brewer, Proc. Usenix Security Symposium, 1996. (recommended)

November 9

Viruses and Trojan Horses
Reading:

Textbook, Chapter 19
Computer Viruses - Theory and Experiments, F. Cohen. DOD/NBS 7th Conference on Computer Security, originally appearing in IFIP-sec 84, also appearing as invited paper in IFIP-TC11, ``Computers and Security'', V6#1 (Jan. 1987), pp 22-35
Reflections on trusting trust, Ken Thompson, CACM 27:8, August 1984.
Viral Attacks On UNIX System Security, Tom Duff, August 1987.
The worm programs -- early experience with a distributed computation, John Shoch and Jon Hupp, Communications of the ACM 25:3 (March 1982).

November 14

Program Structure
Please see the 4.3BSD FTP daemon source.

Homework 4, due November 30. (Note: Homework 5, which will be due on December 9, will be assigned on November 28. I wanted to avoid having this assignment due immediately after Thanksgiving.)

I've gotten a number of questions about how to use the encryption functions I mentioned. I wrote a sample program to demonstrate it; it's at http://www.cs.columbia.edu/~smb/classes/f05/sample_des.c. This is not code that you should use, in the sense that it does too much (printing too much, especially for errors where the man page is wrong) and too little (not doing anything useful with the output, not handling block sizes that aren't a multiple of 8, not seeding the random number generator). But it does show the basics of how to use the CBC encryption function.

November 16

Protecting an E-Commerce Site

November 21

Logging and Auditing
Reading:

Stalking the wily hacker, Communications of the ACM 31:5, May 1988.
Shadow Hawk Busted Again, Phrack 16, File 11 (Nov 1987) (recommended)
Chicago Phone Freak Gets Prison Term, Risks Digest 8:29, 22 February 1989 (recommended)

November 23

War Stories
Reading:

An Evening with Berferd, Chapter 10 of the first edition of Firewalls and Internet Security: Repelling the Wily Hacker, William R. Cheswick and Steven M. Bellovin, Addison-Wesley, 1994.
Seizing the Enigma: The Race to Break the German U-Boats Codes, 1939-1943, David Kahn. Houghton Mifflin, 1991. (recommended)
An Analysis of the Systemic Security Weaknesses of the U.S. Navy Fleet Broadcasting System, 1967-1974, as Exploited by CWO John Walker, Maj. Laura Heath, Master's Thesis, Georgia Institute of Technology, 2001. (recommended)

November 28

Analysis
Reading:

ITS4: A Static Vulnerability Scanner for C and C++ Code, John Viega, J.T. Bloch, Tadayoshi Kohno, and Gary McGraw, Annual Computer Security Applications Conference, 2000.
Checking for Race Conditions in File Accesses, M. Bishop and M. Dilger, Computing Systems 9:2, pp. 131-152 (Spring 1996)
CGI/Perl Taint Mode FAQ
Perl Advisor: Taint so Easy, Is It?, Randal L. Schwartz, Unix Review, August 2000.
Static analysis and computer security: New techniques for software assurance. David Wagner. Ph.D. dissertation, Dec. 2000, University of California at Berkeley. (recommended)
Using CQUAL for Static Analysis of Authorization Hook Placement, Xiaolan Zhang & Antony Edwards & Trent Jaeger, Proc. Usenix Security, 2002. (recommended)

Homework 5, due December 9

November 30

Analysis
Reading:

The Art of Deception, Kevin Mitnick and William Simon, Wiley, 2002. (recommended) (Available as an EBook from the CU library)

December 5

Forensics (guest lecturer: Wietse Venema)
Reading:

"The Taking of Clark", Chapter 17, Firewalls and Internet Security: Repelling the Wily Hacker, William R. Cheswick, Steven M. Bellovin, and Aviel D. Rubin, Second Edtion, Addison-Wesley, 2003. (See Courseworks)
Playing "Hide and Seek" with Stored Keys, Adi Shamir and Nicko van Someren, Proceedings of the Third International Conference on Financial Cryptography, 1999. (Recommended)

December 7

Review
Reading: see above...

December 12

Final exam.
Grade histogram.

Submitting Homework

All homework assignments must be submitted as a single "tar" file. The filename MUST be of the form UNI.#.tar or UNI.#.tgz, where "UNI" is your UNI and "#" is the number of the homework assignment. Thus, my filename for the first homework assignment would be "smb2132.1.tar". Use .tgz if you've gzip'd the file -- I doubt that that's necessary, but if you're on a slow link you may wish to do that.

Submit the assignments by sending them to my dropbox via the Courseworks "Class Files" mechanism.

All assignments must run on the CLIC machines. See http://www1.cs.columbia.edu/clic/ for details. You'll need a CS account to do that; if you don't already have one, see http://www.cs.columbia.edu/~crf/accounts/Intro_Accounts.html

The tar file MUST unpack to create a single top-level directory whose name is again "UNI.#". Your programs and documents are in that directory; any subdirectories you create are up to you.

There must be a Makefile, a README, plus any program and test data. The Makefile must have targets "build" (which has to be the default), "test" (which runs the program with your test data), "exec", which will be used to run the program with our test data, and "clean". Any command-line arguments (which must be documented) are supplied by saying ARG="..." on the "make" command. If you hae more than one test set, "make test" must invoke them all. "make clean" should delete any .o files, executables, core dumps, test output, etc. Run "make clean" before submitting the assignment.

A sample homework assignment is in http://www.cs.columbia.edu/~smb/classes/f05/smb2132.0.tar