ECE1776: Computer Security, Cryptography and Privacy

General Information

Instructor: David Lie, SF2001C
Course E-mail: lie@eecg.toronto.edu
Time: Tuesdays, 10AM-12PM, Starting Sept 20, 2011
Location: BA1220

Grading Scheme:

Paper Presentation 30%
Project Proposal 5%
Project Midterm Presentation 20%
Project Research Paper 45%

Announcements

Lecture 1 slides posted here.
Due dates for course project deliverables posted.

Course Format

This course will primarily be a reading course. Each week students are expected to read the assigned readings and discuss them. There will also be a course project due at the end of the semester.

Course Readings and Presentations

Students are expected to read the 3 papers assigned each week and come to class prepared to discuss the papers. You can sign up for a paper presentation here. Each week a group of 2-3 students will present their views of the papers. For each paper, one of the students will present pro’s for the paper, and the other will present con’s for the paper, and each student should be pro for at least one paper and con for at least one paper. A good paper should present a new and practical solution/technique so solve an important problem. It should also contain a critical evaluation of the merits of the idea, and clearly point out any flaws or shortcomings that could be solved in future work (of if they can be solved at all). Finally, the paper should clearly indicate past work in the area, and indicate how their solution improves on the existing solutions. For advice on giving presentations, refer here. You can sign up for presentations here.

Each paper presentation should last approximately 20 minutes (for both presenters) and be in this general format:

Summary of the paper (~20 minutes): You will summarize the objective of the paper, the proposed technique and the results/contributions the authors have presented. If there is background required to understand the contents of the paper, the presenter should touch upon this as well. Either the pro or con presenter can handle this part.
The Pro presenter will explain what he/she thought was good about the paper, and argue for why the paper should have been accepted. (~5 minutes)
The Con presenter will then argue for why the paper should not have been accepted. (~5 minutes)
Discussion. (~10 minutes)

The presenters should meet before hand and discuss their views of the paper. During the presentation some good questions to answer (this list is neither exhaustive nor are they applicable in all cases):

Are the authors working on a real problem? What are their contributions and are they novel/useful?
Did the authors miss any critical limitations in their paper? Was the way they presented their evaluation honest and fair?
Did the evaluation test the right aspects of the solution? For example, did the presenters pick the right benchmark? What claims to the authors make and do they justify them?
Is the solution really novel? Did the authors identify all related work or did they miss work that is very similar to theirs. You should spend time doing an extended literature search for all papers ( is your friend).
Did the authors clearly differentiate between fundamental aspects of their design as opposed to artifacts of their implementation (that might not exist on another implementation of their design)?
In your opinion, will the solution work as the authors indicated? Is it applicable in the general case or is it very specific to the cases they used in their evaluation?
What questions does the paper leave unanswered? Is there future work or is the problem essentially solved by their solution? What improvements or additional information might you expect from the authors? Remember that researchers frequently construct prototypes, not products, so improvements should answer important questions, not be requests for functionality that is incomplete, but would be straightforward to add.

Course Project

Students should work in groups of 1-3 (depending on class size) to do a research oriented course project. The project will either propose a solution to a security problem, or explore some aspect of computer security. The project will have three deliverables:

Project Proposal:

Introduce and motivate the problem they are going to attempt to solve or what previously unanswered question they are going to try and answer.
Give an outline of the proposed solution.
Provide a list of related work and an explanation of how the advantage they believe their proposal will have over existing solutions

The instructor will meet with students as necessary to discuss their proposals. The proposals will then be made available to other students the class via this webpage.

Project Midterm Update and Presentation: Approximately midway through the course, students will also provide a written report no longer than 3 pages to the instructor summarizing their progress so far. A class will be set aside for groups to make an oral presentations to the class explaining their project and progress made up to that point. They will highlight interesting problems they have had and outline their plans for the remainder of the semester. The class should comment on the project and try to give advice. For advice on giving presentations, refer here

You will be graded mainly on your presentation and your written report should just summarize your presentation. Your presentation should cover the 4 main points:

What problem are you solving and why is it an important problem?
What is the related work in the area and why is it inadequate in your opinion?
What is your proposed solution?
How will you evaluate your solution? What results do you anticipate?

Project Research Paper and Presentation: Students will hand in a research paper describing their project. The paper will be no longer than 10 pages. The most important goal of any research paper is to confer knowledge that the author learned by doing the research onto the reader. Thus, when writing the project research paper, students should focus on things they learned in the course of the project, that was not obvious to them before they embarked on the work. A good research paper should:

Introduce and motivate the problem the paper attempts to solve.
Provide a description of the proposed solution, as well as any interesting implementation details of the prototype (if one was built)
Give a critical analysis of the strengths, weaknesses and limitations of their system, making sure to differentiate fundamental limitations of the solution from limitations specific to the prototype implementation
Conclude with no more than 3 points describing the enlightening things that were learned from doing the research.

For more guidance, refer to information on writing research papers in the Course Resources Section. For a suggested format for your paper refer to this paper.pdf and these latex files: paper.tex, usenix.sty, biblio.bib. A nice tutorial on Latex can be found here. Students will also do a presentation for the class summarizing the points of their research paper. Such a presentation should be clear and concise. Students are encouraged to use visual aids.
Potential Projects

Below are some potential projects, but students are encouraged to up with their own as well!

Mobile device security:

Malicious applications that infiltrate phones through social engineering or a confusing security model
Weaknesses in the security and protection systems on a phone that might permit malicious applications to steal information or damage privacy
Flaws in phone software implementation or design that allow malicious websites or networks to attack phones
Protection of information if a phone is lost or stolen

As a starting point, I suggest interested students look at Google’s open-source Android operating system (Developer page, Open-source project page) as well as check out smart phone hacking community sites (XDA, Modaco, and Cyanogen).

Cloud security: As the cost and speed of bandwidth drops and the cost and complexity of device maintenance increases, distributed applications accessed through thin clients and web browsers will become the norm. However, web browsers were never designed to be thin clients and so many interesting browser designs have emerged recently. Design decisions include how to provide extensibility, how to handle plugins and how to isolate different web pages from each other. Starting points include open source browsers (Firefox, Chromium – the open source version of Google’s Chrome browser)

Interesting problems include:

How to protect against Web-based attacks, such as phishing, XSS and XSRF attacks.
How to properly isolate plugins and extensions.
Fast Native code support (See Native Client)

Another interesting development in this space is the advent of thing, non-extensible operating systems like Google’s ChromeOS operating system, which is also open source. ChromeOS is designed to be a simple Linux distribution that only supports one application, a web browser. It is designed to hold a minimum of state on the client so that it can be easily re-installed and reset if compromised, and is also designed for easy remote management. Some interesting points.

ChromeOS tries to ensure that attackers cannot modify the OS image without the user knowing. To do this they use TCG support. Updates include an entire disk image and the entire disk image is signed. Here is a presentation describing their design. Analyze aand test the security of this design, are there improvements or weaknesses?
ChromeOS uses your Google Account to sign in, and then uses this credentials to access various web services.
While ChromeOS does not allow any other native applications other than the web browser, persistent 3rd party code in the form of extensions, web apps and plugins are still permitted. These must be screened for malware -- but how to do this?
ChromeOS’s updates are automatic and you can’t revert (easily). This has interesting implications if an update fails.

Building secure Virtualizaiton infrastructure: By 2013, more than half of all workloads will be virtualized. Virtualization frees us from having to pick one OS for each computer and forcing all applications to run on that OS. Instead, each application to have its own operating system that is tailored to its needs. How can we make configurable OSs that minimize the attack surface for applications? Some old systems already proposed this ((OSKit, Exokernel)). How do you build the modular, configurable minimal OS of the future? Some problems are:

Appliances need to have small memory and disk footprints. They should boot quickly.
It should be possible for appliances to be patched even while off. If there are many appliances, we don’t want them to have to be running all the time to be patched. On the other hand, if you start up an unpatched appliance, you don’t want to be compromised as soon as you start the appliance.

Course Resources

Lecture Notes

Lecture 1

Advice on writing/reading papers:

Advice on Presentations:

Course Schedule

Week	Topic	Readings	Presenters	Project Deadlines
Sept 20	Introduction
Sept 27	Black Hats	How to 0wn the Internet in Your Spare Time. Stuart Staniford, Vern Paxson and Nicholas Weaver. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) Hovav Shacham Chip and PIN is Broken Steven J. Murdoch, Saar Drimer, Ross Anderson and Mike Bond	Andres Rodriguez, Kazi Faisal, Sheng Xu
Oct 4	Black Hats 2	Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zhen. All Your iFRAMES Point to Us Niels Provos, Panayiotis Mavrommati, Moheeb Abu Rajab and Fabian Monrose Show Me the Money: Characterizing Spam-advertised Revenue C. Kanich, N. Weaver, D. McCoy, T. Halvorson, C. Kreibich, K. Levchenko, V. Paxson, G. Voelker and S. Savage	Richard Abrich, Matthew Thorpe	Project Proposal
Oct 11	Detecting Exploits	StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. Detecting past and present intrusions through vulnerability-specific predicates Ashlesha Joshi, Samuel T. King, George W. Dunlap, Peter M. Chen Large-Scale Automatic Classification of Phishing Pages Colin Whittaker, Brian Ryner and Marria Nazif	Sintujan Panchalingan, Colin Chung, Kristopher Gibbs
Oct 18	No Class Instructor Away
Oct 25	Midterm Project Presentations
Nov 1	Writing Correct Code	Using Programmer-Written Compiler Extensions to Catch Security Holes. Ken Ashcraft and Dawson Engler TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection Tielei Wang, Tao Wei, Guofei Gu and Wei Zou TAJ: effective taint analysis of web applications Omer Tripp, Marco Pistoia, Stephen Fink, Manu Sridharan and Omri Weisman		Midterm Report
Nov 8	Mobile Security	Understanding Android's Security Framework (Tutorial) William Enck PiOS: Detecting Privacy Leaks in iOS Applications Manuel Egele, Christopher Kruegely, Engin Kirdaz and Giovanni Vignay A Study of Android Application SecurityWilliam Enck, Damien Octeau, Patrick McDaniel, and Swarat Chaudhuri	Akshay Kumar, Mani Golafra, Valentin Berbenetz
Nov 15	Operating System Security	Terra: A Virtual Machine-Based Platform for Trusted Computing. T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh Fixing Races for Fun and Profit: How to Abuse atime.Nikita Borisov, Rob Johnson, Naveen Sastry and David Wagner Intrusion Recovery Using Selective Re-execution. Taesoo Kim, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek.	Reza Mokhtari, Daniel Di Matteo, Kalin Ovtcharov
Nov 22	Web Security	Protecting Browsers from DNS Rebinding Attacks. Collin Jackson, Adam Barth, Andrew Bortz, Weidong Shao, and Dan Boneh Browser Security: Lessons from Google Chrome Charlie Reis, Adam Barth, Carlos Pizano Trust and Protection in the Illinois Browser Operating System Shuo Tang, Haohui Mai, and Samuel T. King	Ilian Tili, Antoine Samaha, John Matienzo, Mohammad Sadegh
Nov 29	Network Security	Building a Dynamic Reputation System for DNS. Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, and Nick Feamster Let the Market Drive Deployment: A Strategy for Transitioning to BGP SecurityPhillipa Gill, Michael Schapira and Sharon Goldberg Outside the Closed World: On Using Machine Learning For Network Intrusion Detection Robert Sommer and Vern Paxson	Kianoosh Mokhtarian, Maryam Samizadeh, Ryne Yang
Dec 6	Project Presentations			Final Report