CS 261, Fall 2008 ComputerSecurityInstruct or: David Wagner (daw@cs, 629 Soda Hall, 642-2758)Lect ures: Tu-Th, 11:00-12:30, 310 SodaCourse DescriptionCS261: Security in Computer Systems. Prerequisite: CS162. Graduate survey ofmodern topics in computer security, including: protection, access control,distributed access control, Unix security, applied cryptography, networksecurity, firewalls, secure coding practices, safe languages, mobile code, andcase studies from real-world systems. May also cover cryptographic protocols,privacy and anonymity, and/or other topics as time permits. Term paper orproject required. Three hours of lecture per week. (3 units)Prerequisites: CS 162 or equivalent. Familiarity with basic concepts in operatingsystems and networking.Course topicsAn approximate list of course topics (subject to change; as time permits):Basic conceptsTrust, trusted computing base, trusted path, transitive trust. Referencemonitors. Policy vs. mechanism. Assurance. Lessons from the OrangeBook.Access controlAuthorization, policy, access matrix. Subjects and objects. ACLs,capabilities. Rings, lattices. Revocation. Groups. The role of crypto.Distributed access control. Mandatory vs. discretionary access control,compartmentalization, covert channels.ProtectionTraditional OS centralized protection: address spaces, uids, resourcemanagement. The Unix security model: file permissions, the super-user,setuid programs, system calls, password security. How networks changethe problem space.CS 261: Computer Security file:///tmp/handout.html1 of 4 08/28/2008 01:27 AMSecure codingDesign principles: code structure, least privilege, small security kernels,small interfaces. Tools: language support, type-safe languages, staticchecking. Common vulnerabilities: buffer overruns, setuid programs, theconfused deputy, race conditions, improper canonicalization. Objectcapabilities.CryptographySymmetric key, public key, certificates. Choosing an algorithm. Protocols.Integrity, authenticity confidentiality, availability. Non-repudiation.Intro to Network securityTCP/IP. Attacks on network protocols: address spoofing, hijacking, DNSattacks, routing vulnerabilities. Firewalls: packet filtering, applicationproxying.Confining untrusted codeMotivation: the mobile code problem, implementing least privilege.Mechanisms: signed code, interpreted code, software fault isolation,proof-carrying code, virtualization, extensible reference monitors.Practical experience: ActiveX, Java, Javascript.Case studiesKerberos. PGP and the web of trust. SSL and centralized certificationauthorities. SSH. IPSEC. Cellphones. Therac-25. Phishing and cybercrime.Practical issues: risk management, key management, smartcards, copyprotection systems, social engineering.Extra topicsPrivacy: Anonymity and traffic analysis; remailers and rewebbers; practicalexperience. Cryptographic protocols: protocol failures, design principles;logics of authentication; Formal methods. Others as time permits andaccording to student interest.GradingClass project: 40%Problem sets: 35%Scribe notes: 15%Paper summaries and class discussion: 10%ProjectsThere will be a term project. You will do independent research in small groups(e.g., teams of 2--3). Projects may cover any topic of interest in systemssecurity, interpreted broadly (it need not be a topic discussed in class); tieswith current research are encouraged. You will present your work at a posterCS 261: Computer Security file:///tmp/handout.html2 of 4 08/28/2008 01:27 AMsession and prepare a conference-style paper describing your work.You are encouraged to start thinking of topics of interest early. Be ambitious! Iexpect that the best papers will probably lead to publication (with some extrawork).Problem SetsThere will be approximately two to four homework assignments throughout thesemester, to appear on the course webpage as they are assigned.Turn in your homeworks on paper at the beginning of class on the day they aredue. Due dates will be enforced strictly. Late homeworks will not be accepted.Work on your own when doing homeworks. You may use any source you like(including other papers or textbooks), but if you use any source not discussedin class, you must cite it.Scribe notesYou will be expected to write scribe notes for one lecture. Email me an PDF filewith your scribe notes within one week after the lecture you are assigned toscribe.ReadingsThere is no required textbook. All reading will be from papers. Wheneverpossible, handouts and papers will be placed online on the web page; papersnot available online will be handed out in class. A schedule of assignedreadings is available below.You will be required to write a brief summary of each paper you read. Submityour summary, on paper, before the beginning of the class when the reading isdue. Your summary should list:the one or two or three most significant new insights you took away fromthe paper; and,the paper's two or three most significant flaws or weaknesses (e.g.,methodology, vulnerabilities, relevance), or how the paper could beimproved; and,the topics you would most like to see discussed in class, if any.CS 261: Computer Security file:///tmp/handout.html3 of 4 08/28/2008 01:27 AMYour summary does not need to be formal (you may use bullet lists, incompletesentences, etc.), and it may be brief, but it should reflect a thoughtful criticalassessment of the paper.EthicsFrom time to time, we may discuss vulnerabilities in widely-deployed computersystems. This is not intended as an invitation to go exploit those vulnerabilitieswithout informed consent of all involved parties. If it is not clear where to drawthe line, please talk to me first.David Wagner, [email protected], http://www.cs.berkeley.edu/~daw/.CS 261: Computer Security file:///tmp/handout.html4 of 4 08/28/2008 01:27