ECS 289M. Software Security. Fall 2004

ECS 289M. Software Security

Fall 2004 CRN: 63557

Lectures: Tuesday and Thursday, 6:10pm-7:30pm, 105 Olson.

Office hours: Thursday 12-1pm, 3063 Kemper, or by appointment.

Instructor:

Hao Chen <hchen AT cs.ucdavis.edu>

TA:

Jeff Wu <jtzwu AT ucdavis.edu>

Mailing list: ecs289m-f04@ucdavis.edu https://listproc.ucdavis.edu/class-secure/200410/ecs289m-f04 (secure web archive)

Announcements

Dec 7. Project report is due by 11:59pm on Saturday, December 18. Email me an electronic copy in PDF or PS.
Dec 7. Poster session will be held at 12:30-2:30pm on Thursday, December 16 at 1131 Kemper.
Oct 24. Jeff Wu has compiled a list of hints on Cqual.
Oct 18. Web pages of student projects are available.

Goals

This graduate course covers common software vulnerabilities and major techniques for improving software security. It emphasizes how to apply practical programming language techniques and tools to improving the security of real-world programs. It also prepares the students for research on language-based security.

Topics

Background in security and programming languages.
Software vulnerabilities
- Buffer overruns, format string vulnerability, file descriptor vulnerability, user/kernel pointer vulnerability.
- Race conditions, privilege elevation.
Techniques and tools
- Language support: Java security architecture, CCured, proof-carrying code.
- Static analysis: software model checking, type qualifiers.
- Runtime analysis: sandboxing, intrusion detection.
Other topics as time permits and according to student interest.

Requirements and Grading

Readings and reviews
We will discuss a few research papers in each class. I will post the papers on this web page. You should submit (on paper) a brief review of each paper at the beginning of the class when we discuss the paper. Your review should list a few most significant contributions of the paper, and its most significant flaws or weaknesses and how it could be improved, if any.
Project
You will do a team (2-3 people) research project. You are welcome to choose any topic on software security -- I will interpret the topic broadly. I encourage you to tie your project with your current research if possible. You will give a conference-style presentation in class and submit a report in the form of a conference paper. Be ambitious! Strive for real publications from your project.
There is NO exam.
Grading: project: 70%; paper reviews: 15%; class participation: 15%

Readings

Note: readings are subject to change.

Week	Date	Topic	Readings
1	9/30	Overview Slides
2	10/5	Overview	(cache) Shifting the odds: Writing (more) secure software. Bellovin. (cache) Improving Security Using Extensible Lightweight Static Analysis Evans, Larochelle.
2	10/7	Type qualifier	(cache) Detecting Format String Vulnerabilities With Type Qualifiers Shankar, Talwar, Foster, Wagner. (The next paper is optional: it provides detailed background on type qualifiers.) (cache) Flow-Sensitive Type Qualifiers Foster, Terauchi, Aiken.
3	10/12	Type qualifier Slides Speaker: Robert Johnson	(cache) Finding User/Kernel Pointer Bugs With Type Inference Johnson, Wagner.
3	10/14	Software model checking	(cache) MOPS: an infrastructure for examining security properties of software Chen, Wagner (cache) Model checking one million lines of C code Chen, Dean, Wagner
4	10/19	Software model checking	(cache) The SLAM Project: Debugging System Software via Static Analysis Ball, Rajamani. (cache) Automatically Validating Temporal Safety Properties of Interfaces Ball, Rajamani. (The next paper is optional.) (cache) Lazy Abstraction. Henzinger, Jhala, Majumdar, Sutre.
4	10/21	Metacompilation	(cache) A System and Language for Building System-Specific, Static Analyses Hallem, Chelf, Xie, Engler. (cache) Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code Engler, Chen, Hallem, Chou, Chelf.
5	10/26	No class. Work on your project
5	10/28	No class. Work on your project
6	11/2	Intrusion detection	(cache) Intrusion Detection via Static Analysis Wagner, Dean.
6	11/4	Intrusion detection	(cache) Efficient Context-Sensitive Intrusion Detection Giffin, Jha, Miller.
7	11/9	Buffer overrun	(cache) StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks Cowan, Pu, Maier, Hinton, Bakke, Beattie, Grier, Wagle, Zhang. (The next article explains buffer overruns in detail. It is an optional reading.) (cache) Smashing The Stack For Fun And Profit Aleph One.
7	11/11	No class. Veterans Day holiday
8	11/16	Memory safety	(cache) CCured: Type-Safe Retrofitting of Legacy Code Necula, McPeak, Weimer.
8	11/18	Java security	(cache) Extensible security architectures for Java Wallach, Balfanz, Dean, Felten (The next paper is optional) (cache) Java security: from HotJava to Netscape Dean, Felten, Wallach.
9	11/23	Java security	(cache) IRM enforcement of Java stack inspection Erlingsson, Schneider.
9	11/25	No class. Thanksgiving holiday
10	11/30	Mobile code security	(cache) A secure environment for untrusted helper applications: confining the wily hacker Goldberg, Wagner.
10	12/2	Mobile code security	(cache) Safe Kernel Extensions Without Run-Time Checking Necula and Lee.
11	12/7	Privilege separation in the real world	(cache) Preventing Privilege Escalation Provos, Friedl, and Honeyman. Project home
11	12/9	Discussion	None

Feedback

I always welcome any feedback on what I could be doing better. You are also welcome to send me feedback anonymously.

Hao Chen <hchen AT cs.ucdavis.edu>

Last modified December 7, 2004.