CE 40-815: Secure Software Systems

Saturday/Monday 1500-1700
Room: VClass

Quick Links: Description Acknowledgment Policies Announcements Homeworks CourseMaterial

Description:

This is a graduate level course on secure software systems. The course covers topics such as Classical Attacks (Buffer Overflow, Format String, ROP, etc), Run-time Protection (i.e. Taint tracking, CFI, etc), Code Analysis (i.e. Static analysis, Symbolic execution, fuzzing), Secure Architectures (i.e. Sandboxing, VMs, Isolation, Trusted computing), Web (i.e. Native client, App isolation, and Languages (Type systems, WebAssembly). The syllabus for this course is inspired from the Secure Software Systems course taught at CMU.

This course was previously taught by the following course number [40-874]

Policies:

Grading policy is as follows. This is tentative.
- 15% Class Participation
- 50% Homework
- 35% Final
There will be no exceptions to the following rules:
- If you turn in your assignments one day late you will loose 25% of the grade, two days will cost you 50% and three days 75% of the grade. No submissions will be accepted after the third day. Penlaty may be calculted continusly and per hour of delay.
- There will be a zero tolerance policy for cheating/copying HWs. The first time you are caught, you will receive a zero for the task at hand. If you are caught for a second time, you will fail the course. Providing your assignment to someone else is considered cheating on your behalf.
- Each of you has a 3 day extension you could use over the individual assignments. The minimum you could use at each instance is a 1 day extension. So you can not extend HW1 by 12 hours and then HW2 by 60 hours. You could use the 3 days with one HW, or 1 day for each HW, or 2 days for hW1 and 1 day for HW2, or 1 day for HW1 and 2 days for HW2, or ... (I hope you get the idea!)
- The 3 day extension will be applied to HW0 and what ever remains would be carried over to HW1 and so on.
- There is a good probability that things go south (i.e. you get sick, network fails, your computer crashes, there is a bug in the HW, server fails, etc.) as the deadline approaches. Such issues will not result in an extension to the deadline. So keep that in mind and plan for Murphy's law in advance, don't leave things for the last minute.
- There will be a zero tolerance policy for any misuse of the course infrastructure (i.e. Judge, Tarasht, etc.), regardless of the intent
- If any of the class policies are unclear, they should be brought up and discussed in the first week of the semester at hand.

Announcements:

Homeworks:

HW 0: Available: 1400/8/16, Deadline: 1400/9/2, 11:59PM
HW 1: Available: 1400/9/6, Deadline: 1400/9/23, 11:59PM.
HW 2: Available: 1400/9/27, Deadline: 1400/10/12 11:59PM.

Course Material:

-8/8

Lecture 0- Pre-Introduction [PDF]
- Reflections on Trusting Trust, Ken Thompson, Turing Award Lecture ,1984
- Measuring Pay-per-Install: The Commoditization of Malware Distribution, J. Caballero, C. Grier, C. Kreibich, V. Paxson, 2011

-8/10

Lecture 1- Introduction [PDF]
- Measuring Pay-per-Install: The Commoditization of Malware Distribution, J. Caballero, C. Grier, C. Kreibich, V. Paxson, 2011

-8/15

Lecture 2- Control hijacking attacks: exploits and defenses [PDF]
- Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade, Cowan, C., Wagle, F., Pu, C., Beattie, S., & Walpole, J., 2000
- Basic Integer Overflows, blexim, 2002
- Exploiting format string vulnerabilities, teso, Phrack, September 2001.

-8/17

Lecture 2- Control hijacking attacks: exploits and defenses [PDF]

-8/22

Lecture 2- Control hijacking attacks: exploits and defenses (con't)

-8/24

Lecture 3- Taint Analysis [PDF]
- Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, James Newsome and Dawn Song, NDSS 2005
- All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask), Edward J. Schwartz, Thanassis Avgerinos, David Brumley, IEEE S&P 2011

-8/29

Lecture 4- Reassembly [PDF]
- Binary Stirring: Self-randomizing Instruction Addresses of Legacy x86 Binary Code, R. Wartell, V. Mohan, K. W. Hamlen, and Z. Lin, CCS 2012
- Reassembleable Disassembling, Shuai Wang, Pei Wang, and Dinghao Wu, Usenix Security 2015
- Ramblr: Making Reassembly Great Again, Ruoyu “Fish” Wang, Yan Shoshitaishvili, Antonio Bianchi,  Aravind Machiry, John Grosen, Paul Grosen, Christopher Kruegel, Giovanni Vigna, NDSS 2017
- Position Independent Code (PIC) in shared libraries, Eli Benderskly, 2011.

-9/1

Lecture 5- Control Flow Integrity [PDF]
- Control-Flow IntegrityMartin Abadi, Mihai Budiu, Ulfar Erlingsson, Jay Ligatti, CCS 2005
- Code-Pointer Integrity, Volodymyr Kuznetsov, Laszlo Szekeres, Mathias Payer, George Candea, R. Sekar, Dawn Song, OSDI 2014

-9/6

Lecture 6- Program Analysis [PDF]
- Checking system rules using system-specific, programmer-written compiler extensions, Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem, OSDI 2000
- A few billion lines of code later: using static analysis to find bugs in the real world, Al Bessey, Ken Block, Ben Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles Henri-Gros, Asya Kamsky, Scott McPeak, Dawson Engler. Communications of the ACM, 2010

-9/13

Lecture 7- Symbolic Execution [PDF]
- EXE: Automatically Generating Inputs of Death, Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill, Dawson R. Engler, 13th ACM Conference on Computer and Communications Security, 2006.
- KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, Cristian Cadar, Daniel Dunbar, Dawson Engler, OSDI 2008.
- Under-Constrained Symbolic Execution: Correctness Checking for Real Code, David A. Ramos, Dawson Engler, Usenix Security 2015.

-9/15

Lecture 8- Fuzzing [PDF]
- VUzzer: Application-aware Evolutionary Fuzzing, Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giuffrida, Herbert Bos, NDSS’17.
- KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, Cristian Cadar, Daniel Dunbar, Dawson Engler, OSDI 2008.
- Under-Constrained Symbolic Execution: Correctness Checking for Real Code, David A. Ramos, Dawson Engler, Usenix Security 2015.

-9/20

Lecture 9- Secure Architecture I [PDF]
- The Protection of Information in Computer Systems, Jerome H. Saltzer, Michael D. Schroeder, Proceedings of the IEEE, 1975.
- Securing Java, G. McGraw and E. W. Felten, Chapter 3, John Whiley and Sons, 1999.
- KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, Cristian Cadar, Daniel Dunbar, Dawson Engler, OSDI 2008.
- Under-Constrained Symbolic Execution: Correctness Checking for Real Code, David A. Ramos, Dawson Engler, Usenix Security 2015.

-9/22

Lecture 10- Secure Architecture II [PDF]
- A virtual machine introspection based architecture for intrusion detection, Tal Garfinkel and Mendel Rosenblum, NDSS 2003.
- SubVirt: Implementing malware with virtual machines, Samuel T. King, Peter M. Chen, Yi-Min Wang, Chad Verbowski,Helen J. Wang and Jacob R. Lorch, IEEE S&P, 2006.
- KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, Cristian Cadar, Daniel Dunbar, Dawson Engler, OSDI 2008.
- Under-Constrained Symbolic Execution: Correctness Checking for Real Code, David A. Ramos, Dawson Engler, Usenix Security 2015.

-9/29

Lecture 11- Secure Architecture III [PDF]
- Bootstrapping Trust in Commodity Computers, Bryan Parno, Jonathan McCune, Adrian Perrig, IEEE S&P, 2010
- A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping, Seunghun Han, Wook Shin, Jun-Hyeok Park, and HyoungChun Kim, Usenix Security 2018
- KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, Cristian Cadar, Daniel Dunbar, Dawson Engler, OSDI 2008.
- Under-Constrained Symbolic Execution: Correctness Checking for Real Code, David A. Ramos, Dawson Engler, Usenix Security 2015.

-10/4

Lecture 12- Web Security [PDF]
- Security Challenges in an Increasingly Tangled Web, Kumar, D., Ma, Z., Durumeric, Z., Mirian, A., Mason, J., Halderman, J. A., & Bailey, M., WWW 2017
- Native Client: A Sandbox for Portable, Untrusted x86 Native Code, Yee B, Sehr D, Dardyk G, Chen JB, Muth R, Ormandy T, Okasaka S, Narula N, Fullagar N., IEEE S&P, 2009
- KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, Cristian Cadar, Daniel Dunbar, Dawson Engler, OSDI 2008.
- Under-Constrained Symbolic Execution: Correctness Checking for Real Code, David A. Ramos, Dawson Engler, Usenix Security 2015.

-10/6

Lecture 13- Usability [PDF]
- Security Challenges in an Increasingly Tangled Web, Kumar, D., Ma, Z., Durumeric, Z., Mirian, A., Mason, J., Halderman, J. A., & Bailey, M., WWW 2017
- Native Client: A Sandbox for Portable, Untrusted x86 Native Code, Yee B, Sehr D, Dardyk G, Chen JB, Muth R, Ormandy T, Okasaka S, Narula N, Fullagar N., IEEE S&P, 2009
- KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs, Cristian Cadar, Daniel Dunbar, Dawson Engler, OSDI 2008.
- Under-Constrained Symbolic Execution: Correctness Checking for Real Code, David A. Ramos, Dawson Engler, Usenix Security 2015.