Instructor: Dr. Guofei Gu (guofei@cse, 502C HRBB)
Lectures: Tuesday, Thursday 5:30-6:45pm, Rm 126 HRBB
Office Hour: By appointment
TA: Weiqin Ma (weiqinma@cse)
TA' s Office Hour: By appointment
Prerequisites: Operating Systems, Computer Networks, and C/C++ and/or Java.
This course will introduce various modern topics in computer and network security. It will provide a thorough grounding in computer and network security suitable for those interested in conducting research in this area, as well as students more broadly interested in real-world security issues/techniques. Topics may span (but not limited to):
Textbook (s): There is no required textbook. Most readings will be from research papers in top security conferences and journals (listed below). In addition to research papers, you may also read the following textbooks for more security background.
Three hours of lecture per week. (3 units)
Paper mini-review,
presentation, and discussion: 25%
Assignment/Lab: 35%
Mini research project: 35%
Participation: 5%
There is no mid-term or final exam.
All late submissions (but still within one day after the deadline) will automatically lose half points. Submissions one day after the deadline will NOT be accepted.
There will be bonus points for EXCELLENT mini research projects.
There will be several assignments/labs. You will be asked to finish well-instructed programing assignments or labs by yourself and submit necessary reports in CSNET.
There will be a term project. You will do research in a team of two or individually. You can choose any interested topic in computer/network security (not necessary a topic discussed in class, and, tied with your current research is encouraged). Be ambitious and start thinking of project topics early!
A project proposal should contain introduction (motivation, problem statement), proposed technique/solution, related work (and comparison), project plan (tasks, timeline, job split in the team).
The final report is expected to be a workshop quality paper. For your information, the deadline of 3rd USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET '10) is Feb. 25, a good timing for you to target if you do an excellent mini project.
A project progress report is essentially close to the final report with some experiments/evaluation to be filled.
The grade of projects will be based on the following factors: novelty, depth, correctness, clarity of presentation, and effort.Before every class, you are expected to read all corresponding readings (listed below), particularly [basics] and [required].
You need to write a mini-review for each paper marked as [required]. This mini-review can include:
The mini-reviews are to be done individually and submited in CSNET before the midnight prior to the corresponding lecture.
You need to present papers for a certain topic in one calss. You need to read deeply in all papers in that day's class, including [required] and [further readings]. As a paper presenter, you don't need to submit a review, but you should prepare slides, present to the class, and steer the extensive discussion (your need to prepare a list of discussion questions on the topic/papers, sometimes also incorporate all other students' review comments on the topic/papers). Please send the final slides to the instructor within at most two days.
We will study/discuss threats and attacks in class. You should be fully aware of ethics when studying these techniques. If in any context you are not sure about where to draw the line, come talk to me first.
"An Aggie does not lie, cheat, or steal or tolerate those who do."
Upon accepting admission to Texas A&M University, a student immediately assumes a commitment to uphold the Honor Code, to accept responsibility for learning, and to follow the philosophy and rules of the Honor System. Students will be required to state their commitment on examinations, research papers, and other academic work. Ignorance of the rules does not exclude any member of the TAMU community from the requirements or the processes of the Honor System.
This tentative schedule will be updated as the course progresses. Please check back for most recent update!
| Lecture | Date | Topic | Readings | Presenter | Note |
| 1 | 9/1 | Course overview & logistics | none | Dr. Gu [slides] | Assignment 0 out |
| 2 | 9/3 | Computer security overview | [Basics] KPS, PP, SB | Dr. Gu [slides] | |
| 3 | 9/8 | Applied
cryptography & cryptosystems |
[Basics] KPS |
Dr. Gu [slides] | |
| 4 | 9/10 | [Basics] KPS | Dr. Gu [slides] | ||
| 5 | 9/15 |
[Required]
Why
cryptosystems fail, Ross Anderson. CCS'93 [Further reading] Lest we remember: Cold Boot Attacks on Encryption Keys. Anderson et al. Security'08 |
Mike George [slides] | Assignment 0 due | |
| 6 | 9/17 | Malware
& Intrusion detection |
[Basics] How to 0wn the Internet in Your Spare Time, Stuart Staniford, Vern Paxson and Nicholas Weaver, USENIX Security'02 Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Crispin Cowan, et al. |
Dr. Gu [slides] | Lab 1 out |
| 7 | 9/22 | [Required] Hypervisor
support for identifying covertly executing binaries. Lionel
Litty, H. Andrés Lagar-Cavilla, and David Lie. Security'08 [Further readings] Ether: Malware Analysis via Hardware Virtualization Extensions. Artem Dinaburg et al. CCS'08 |
Jyotsna Priyadarshini [slides] |
|
|
| 8 | 9/24 | [Basics] A sense of self for Unix processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. Oakland'96 Bro: A System for Detecting Network Intruders in Real-Time, Vern Paxson, Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999. The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson. CCS'99 |
Dr. Gu [slides] | Project topic selection due | |
| 9 | 9/29 | [Required] Effective and Efficient Malware Detection at the End Host. Clemens Kolbitsch et al. Security'09 | Sanmin Liu [slides] |
||
| 10 | 10/1 | Botnet |
[Basics] Know your Enemy:Tracking Botnets Using honeynets to learn more about Bots, Paul Bacher, Thorsten Holz, Markus Kotter, Georg Wichersk The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. Evan Cooke, Farnam Jahanian, and Danny McPherson A Multifaceted Approach to Understanding the Botnet Phenomenon. Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis. IMC'06 |
Dr. Gu [slides] | Lab 1 due |
| 11 | 10/6 | [Required] BotMiner:
Clustering Analysis of Network Traffic for Protocol- and
Structure-Independent Botnet Detection. Guofei Gu, Roberto
Perdisci, Junjie Zhang, and Wenke Lee. Security'08
[Further readings] BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. Guofei Gu, Phillip Porras, Vinod Yegneswaran, Martin Fong, and Wenke Lee. Security'07 Characterizing the Remote Control Behavior of Bots. Stinson, E., & Mitchell, J. C. DIMVA'07 Wide-scale Botnet Detection and Characterization. Anestis Karasaridis,Brian Rexroad, David Hoeflin. Hotbots '07 |
Zhaoyan Xu [slides] |
||
| 12 | 10/8 |
[Required] Dispatcher:
Enabling Active Botnet Infiltration using Automatic Protocol
Reverse-engineering. Juan Caballero, Pongsin Poosankam,
Christian
Kreibich and Dawn Song. CCS'09. [Further reading] Your Botnet is My Botnet: Analysis of a Botnet Takeover. Brett Stone-Gross et al. CCS'09 Studying Spamming Botnets Using Botlab. John P. John, Alexander Moshchuk, Steven D. Gribble, and Arvind Krishnamurthy. NSDI'09 |
Bobby Harkreader, Chao Yang [slides] |
Project proposal due | |
| 13 | 10/13 | Web security |
[Basics] CSS explained, CSRF, SQL Injection The Ghost In The Browser, Analysis of Web-based Malware. N. Provos et al. HotBots'07. [Further readings] All Your iFRAMEs Point to Us. Niels Provos and Panayiotis Mavrommatis, Moheeb Abu Rajab, Fabian Monrose. Security'08 |
Dr. Gu [slides] | Lab 2 out |
| 14 | 10/15 |
[Required]
An
Efficient Black-box Technique for Defeating Web Application Attacks.
R. Sekar. NDSS"09 [Further readings] Blueprint: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers. Mike Ter Louw, V.N. Venkatakrishnan. Oakland'09 Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications. Cova et al. Oakland'08 |
Solairaja Ramasamy [slides] |
||
| 15 | 10/20 | [Required] Defending Browsers against Drive-by Downloads: Mitigating Heap-spraying Code Injection Attacks. Manuel Egele, Peter Wurzinger, Christopher Kruegel, and Engin Kirda. DIMVA'09 | Seungwon Shin [slides] |
||
| 16 | 10/22 | [Required] Convergence
of Desktop and Web Applications on a Multi-Service OS. Helen
J. Wang, Alexander Moshchuk, Alan Bush. HotSec'09 [Further readings] Secure web browsing with the OP web browser. Chris Grier, Shuo Tang, Samuel King. Oakland'08 The Multi-Principal OS Construction of the Gazelle Web Browser. Helen J. Wang et al. Security'09 |
Shardul Vikram [slides] |
||
| 17 | 10/27 | Unwanted traffic | [Basics] A
taxonomy of DDoS attack and DDoS defense mechanisms. Jelena
Mirkovic
and Peter Reiher, ACM SIGCOMM Computer Communication Review archive,
pages 39-54, 34 (2), April, 2005. [Required] SIFF: An Endhost Capability Mechanism to Mitigate DDoS Flooding Attacks. Abraham Yaar, Adrian Perrig, and Dawn Song. Oakland'04 [Further readings] A DoS-Limiting Network Architecture, Yang, Wetherall, and Anderson. SIGCOMM'05. |
Ayan
Mandal,
Ashwath Kumar Reddy [slides] |
|
| 18 | 10/29 | [Required] Detecting Forged TCP Reset Packets. Nicholas Weaver, Robin Sommer, Vern Paxson. NDSS'09 | Yuxiang Zhu [slides] |
Lab 2 due | |
| 19 | 11/3 | Information flow | [Basics] Denning1976, Yin2007 | Dr. Gu [slides] | |
| 20 | 11/5 |
[Required] Improving
Application Security with Data Flow Assertions. Alexander
Yip, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek. SOSP'09 [Further readings] Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications. Michael Dalton and Christos Kozyrakis, Nickolai Zeldovich. Security'09 Making information flow explicit in HiStar. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières. OSDI'06 |
Xiaoxi Zhang, Wen Yuan [slides] |
Project progress report due | |
| 21 | 11/10 | Security configuration
& hardening |
[Basics] Wikipedia -- Access Control (link) Wikipedia -- Access Control (link) Wikipedia -- UNIX Secuirty (link) Linux iptables HOWTO Rusty Russell. (link) |
Guest lecture by Mr. Willis Marti | |
| 22 | 11/12 | Spam |
[Basics] SNARE, Botnet-generated spam | Guest lecture by Dr. Liu | Lab 3 out |
| 23 | 11/17 | [Basics] Predicting Web Spam With HTTP Session Information , Countering Web Spam with Credibility-Based Link Analysis. | Guest lecture by Dr. Caverlee | ||
| 24 | 11/19 | Privacy | [Required] Quantifying
Information Leaks in Outbound Web
Traffic. Kevin Borders, Atul Prakash. Oakland'09 [Further readings] Robust De-Anonymization of Large Datasets.(How to Break Anonymity of the Netflix Prize Dataset) Arvind Narayanan, Vitaly Shmatikov. Oakland'08 |
Jillian Weise | |
| 25 | 11/24 | [Required] Vanish:
Increasing Data Privacy with Self-Destructing Data. Roxana
Geambasu,
Tadayoshi Kohno, Amit A. Levy, and Henry M. Levy. Security'09
|
Pu Duan | ||
| 11/26 | Thanksgiving holiday. No class. | ||||
| 12/1 | Mini-workshop: student project presentation | - Pu Duan & Sanmin Liu - Ayan Mandal & Ashwath Reddy - Shardul Vikram - Mike George - Wen Yuan - Chao Yang |
Lab 3 due | ||
| 12/3 | Mini-workshop: student project presentation | - Jillian Weise - Yuxian Zhu & Xiaoxi Zhang - Bobby Harkreader & Zhaoyan Xu - Solairaja Ramasamy & Jyotsna Priyadarshini - Seungwon Shin |
|||
| |
12/8 | Work
on your final report. No class. Final report is due on 12/12 |
|||