Class outline and references (COMP 5407)
Last updated: Nov. 11, 2003 10:00pm
Notation:
"BSS" denotes
Building Secure Software (Viega and McGraw, 2002).
"HAC ssN" denotes section N in
Handbook of Applied Cryptography (Menezes, Van Oorschot, Vanstone, 1996).
-
Class 1: Getting Started.
Preliminaries (course outline, expectations; course web site;
enrolment information, pre-requisites).
Course overview; relationship between software vulnerabilities,
malicious software, and authentication failures.
Discussion of Project 1 - begin immediately (for extra background
see BSS and/or read Spafford's paper under class 11 below).
Began discussion of paper for Class 2.
-
Class 2: On-line Password Dictionary Attacks.
Preventing on-line dictionary
attacks using cookies and tests distinguishing humans from machines.
Pinkas and Sander,
"Securing Passwords Against Dictionary Attacks''
(ACM CCS-9: Computer and Communications Security, Nov.2002);
for context, also visit the
CAPTCHA Project site.
-
Class 3: Off-line Password Dictionary Attacks.
Preventing off-line dictionary attacks using "encrypted key exchange".
Bellovin and Merritt,
"Encrypted Key Exchange:
Password-Based Protocols Secure Against Dictionary Attack''
(IEEE Security and Privacy, May 1992).
Also review reading - passwords: HAC ss10.2.1-10.2.2;
time variant parameters: HAC ss10.3.1.
-
Class 4: Graphical Passwords.
Replacing text passwords
by user-drawn figures on graphical input devices.
Jermyn et al.,
The Design and Analysis of Graphical Passwords
(1999 USENIX Security).
-
Classes 5-7: Buffer Overflows.
For Class 5 read: BSS, Ch.7 (Buffer Overflows).
For Class 6, read: Wilander and Kamkar,
A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention, NDSS'03.
For Class 7, read to start of section 4 in:
scut,
Exploiting Format String Vulnerabilities (Sept.2001).
Optional further reading -
among many other papers on buffer overflows and related memory problems are:
(a) Simon,
A Comparative Analysis of Methods of Defense against Buffer Overflow Attacks (Jan. 2001).
(b) Cowan et al.,
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade (Jan. 2000).
(c) Rogers,
rlogin(1): The Untold Story
(tech report CMU/SEI-98-TR-017, Nov.1998, Carnegie Mellon Software Eng. Inst.).
-
Class 8: Authentication and Router Update Protocols .
How routing tables are created and updated in common routing protocols;
vulnerabilities due to lack of authentication; and potential solutions.
Reference: Security Problems in Internet Routing Protocols (slides).
-
Classes 9-10: Computer Viruses and Trojan Horses.
For class 9 read: Nachenberg,
Computer Virus-Antivirus Coevolution (Comm. ACM, Jan. 1997);
pdf available online.
Readings for class 10:
McIlroy,
Virology 101 (Computing Systems, Spring 1989); and
Thompson,
Reflections on Trusting Trust (Comm. ACM, Aug.1984).
-
Classes 11-12: Computer Worms.
Reading for class 11 (a look at 15 years ago):
Spafford, "Crisis and Aftermath (The Internet Worm)",
Comm. of the ACM, vol.32 no.6 (1989), pp.678-687.
PDF available online.
Readings for class 12 (advanced threats): Staniford et al.,
How to 0wn the Internet in Your Spare Time
(2002 Usenix Security); and
Moore et al.,
The Spread of the Sapphire/Slammer Worm (Feb.2003).
-
Class 13: Trusting Software and Input Validation.
Read: BSS, Ch.12 (Trust Management and Input Validation).
-
Class 14: Authentication and Usability.
Usability aspects related to password-based authentication,
and challenge questions for password recovery.
PDF Slides (M. Just, Oct.2003)
-
Class 15: Malicious software - additional details.
(No assigned reading.)
-
Class 16: Software Protection through Diversity (introduction).
S. Forrest et al.,
Building Diverse Computer Systems (1997 Workshop on Hot Topics in Operating Systems).
-
Class 17: Class Test.
-
Class 18-19: Digital Signatures - Practical Issues.
Public key infrastructure for digital signatures:
RSA signatures (background) - HAC pp.433-434;
public-key certificates - HAC pp.559-560;
certificate and key life cycle - HAC pp.576-581.
A Comparison of Digital and Handwritten Signatures
(D. Fillingham, 1997 course paper).
-
Class 20: Client-Side Security (BSS Chapter 15).
Topics include: copy protection, license files,
software obfuscation and tamper resistance.
-
Class 21: Software Protection - Program Evolution and Diversity.
Operating System Protection Through Program Evolution
(F. Cohen, Computers and Security, Oct.1993).
-
Class 22-24: Software Protection -
Obfuscation, Tamper Resistance, Watermarking.
Watermarking, Tamper-Proofing and Obfuscation -
Tools for Software Protection (IEEE Trans. S.E., June 2002).
-
Computer Worms and Viruses - some interesting links for recent media
articles:
Viruses and Worms: What Can We Do About Them?, (10 Sept. 2003, Testimony to U.S. House Committee by Director of CERT).
Internet Worms: Worst is Yet to Come? (www.NewsFactor.com, 16 Sept 2003).
Microsoft's New Security Roadmap (www.NewsFactor.com, 15 Sept 2003).