Difference between revisions of "Courses/Computer Science/CPSC 601.29.ISSA.W2014"

From wiki.ucalgary.ca
Jump to: navigation, search
m (Session List and Schedule)
m (Papers (raw))
Line 180: Line 180:
 
== Papers (raw) ==
 
== Papers (raw) ==
  
* Protection. Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp 18-24 [http://research.microsoft.com/en-us/um/people/blampson/08-Protection/Acrobat.pdf PDF]
+
=== Protection, Classic Work in Systems and Access Control ===
* "Protection in Operating Systems" by Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman ([http://portal.acm.org/citation.cfm?id=360303.360333 ACM Digital Library], available via U of C with appropriate network address)
+
 
 +
# Protection. Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp 18-24 [http://research.microsoft.com/en-us/um/people/blampson/08-Protection/Acrobat.pdf PDF]
 +
# "Protection in Operating Systems" by Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman ([http://portal.acm.org/citation.cfm?id=360303.360333 ACM Digital Library], available via U of C with appropriate network address)
 +
# "Protection in an information processing utility" http://www.multicians.org/graham-pipu.pdf
 +
# "A hardware architecture for implementing protection rings" http://www.multicians.org/protection.html
 +
# http://nob.cs.ucdavis.edu/history/papers/bell76.pdf (Sections 1 and 2)
 +
# http://nob.cs.ucdavis.edu/history/CD/biba75.pdf (Abstract, Section 1 and 2)
 +
# "[http://www.cs.virginia.edu/~evans/cs551/saltzer/ The Protection of Information in Computer Systems]" by Jerome H. Saltzer and Michael D. Schroeder
 +
 
 +
 
  
* "Protection in an information processing utility" http://www.multicians.org/graham-pipu.pdf
 
* "A hardware architecture for implementing protection rings" http://www.multicians.org/protection.html
 
* TCSS: 4.1, 4.2 (this should be review -- skip if you have a good handle on this material from your OS and architecture courses)
 
* "[http://www.cs.virginia.edu/~evans/cs551/saltzer/ The Protection of Information in Computer Systems]" by Jerome H. Saltzer and Michael D. Schroeder
 
  
 
* http://geer.tinho.net/geer.nro.6xi13.txt
 
* http://geer.tinho.net/geer.nro.6xi13.txt
  
    http://nob.cs.ucdavis.edu/history/papers/bell76.pdf (Sections 1 and 2)
 
    http://nob.cs.ucdavis.edu/history/CD/biba75.pdf (Abstract, Section 1 and 2)
 
  
Thomas Dullien and Halvar Flake "Exploitation and State Machines" [http://immunityinc.com/infiltrate/archives/Fundamentals_of_exploitation_revisited.pdf PDF]
+
 
 +
* Thomas Dullien and Halvar Flake "Exploitation and State Machines" [http://immunityinc.com/infiltrate/archives/Fundamentals_of_exploitation_revisited.pdf PDF]
 
* F. B. Schneider. Enforceable Security Policies. ACM Transactions on Information and System Security, 2(4), Mar. 2000.
 
* F. B. Schneider. Enforceable Security Policies. ACM Transactions on Information and System Security, 2(4), Mar. 2000.
 
* [http://www.cs.cmu.edu/~rwh/papers/langsec/dagstuhl.pdf A Language-Based Approach to Security]. Fred B. Schneider, Greg Morrisett, and Robert Harper2
 
* [http://www.cs.cmu.edu/~rwh/papers/langsec/dagstuhl.pdf A Language-Based Approach to Security]. Fred B. Schneider, Greg Morrisett, and Robert Harper2
Line 199: Line 203:
 
* LKM signing by bx: http://cs.dartmouth.edu/~bx/code-signing/talks/shmoocon-2014.pdf
 
* LKM signing by bx: http://cs.dartmouth.edu/~bx/code-signing/talks/shmoocon-2014.pdf
  
http://www.hpl.hp.com/techreports/2012/HPL-2012-63R1.html
 
  
 
Bugs in Open Source Software:
 
Bugs in Open Source Software:
 +
 
* http://research.microsoft.com/apps/pubs/default.aspx?id=66830
 
* http://research.microsoft.com/apps/pubs/default.aspx?id=66830
 
* "Secure open source collaboration: an empirical study of Linus' law" http://dl.acm.org/citation.cfm?doid=1653662.1653717
 
* "Secure open source collaboration: an empirical study of Linus' law" http://dl.acm.org/citation.cfm?doid=1653662.1653717
 +
* http://www.hpl.hp.com/techreports/2012/HPL-2012-63R1.html
 +
  
 
* Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection by Thomas H Ptacek and Timothy M. Newsham
 
* Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection by Thomas H Ptacek and Timothy M. Newsham
 
* Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. Mark Handley and Vern Paxson and Christian Kreibich [http://static.usenix.org/publications/library/proceedings/sec01/handley.html USENIX paper][http://www.icir.org/vern/papers/norm-usenix-sec-01-html/ html]
 
* Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. Mark Handley and Vern Paxson and Christian Kreibich [http://static.usenix.org/publications/library/proceedings/sec01/handley.html USENIX paper][http://www.icir.org/vern/papers/norm-usenix-sec-01-html/ html]
  
seL4: http://www.ssrg.nicta.com.au/publications/papers/Klein_EHACDEEKNSTW_09.pdf
+
=== Isolation ===
  
 
* Steven M. Bellovin. Virtual machines, virtual security. Communications of the ACM, 49(10), October 2006. “Inside RISKS” column. [http://www.csl.sri.com/users/neumann/insiderisks06.html#196 html]
 
* Steven M. Bellovin. Virtual machines, virtual security. Communications of the ACM, 49(10), October 2006. “Inside RISKS” column. [http://www.csl.sri.com/users/neumann/insiderisks06.html#196 html]
 +
* VM-based Security Overkill: A Lament for Applied Systems Security Research. Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. Proceedings of the 19th New Security Paradigms Workshop (NSPW 2010). September 2010. Concord, MA, USA. [http://pages.cpsc.ucalgary.ca/~locasto/papers/nspw1038-bratus.pdf PDF]
 +
* seL4: http://www.ssrg.nicta.com.au/publications/papers/Klein_EHACDEEKNSTW_09.pdf
 +
  
* VM-based Security Overkill: A Lament for Applied Systems Security Research. Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. Proceedings of the 19th New Security Paradigms Workshop (NSPW 2010). September 2010. Concord, MA, USA. [http://pages.cpsc.ucalgary.ca/~locasto/papers/nspw1038-bratus.pdf PDF]
 
  
Jedidiah R. Crandall, Zhendong Su, S. Felix Wu, and Frederic T. Chong. On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits. In the proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005). Alexandria, Virginia. November 2005 http://www.cs.unm.edu/~crandall/ccsdacoda.pdf
+
* Jedidiah R. Crandall, Zhendong Su, S. Felix Wu, and Frederic T. Chong. On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits. In the proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005). Alexandria, Virginia. November 2005 http://www.cs.unm.edu/~crandall/ccsdacoda.pdf
  
 
* traditional return-to-libc: "Getting around non-executable stack (and fix)" Solar Designer http://www.clip.dia.fi.upm.es/~alopez/bugs/bugtraq2/0287.html
 
* traditional return-to-libc: "Getting around non-executable stack (and fix)" Solar Designer http://www.clip.dia.fi.upm.es/~alopez/bugs/bugtraq2/0287.html
Line 220: Line 228:
 
* Return-oriented programming: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) Hovav Shacham. In Proceedings of CCS 2007, pages 552–561. ACM Press, Oct. 2007.  http://cseweb.ucsd.edu/~hovav/papers/s07.html
 
* Return-oriented programming: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) Hovav Shacham. In Proceedings of CCS 2007, pages 552–561. ACM Press, Oct. 2007.  http://cseweb.ucsd.edu/~hovav/papers/s07.html
  
English Shellcode http://www.cs.jhu.edu/~sam/ccs243-mason.pdf
 
  
[[http://www.multicians.org/graham-pipu.pdf|Protection in an information processing utility]]
+
 
[[http://www.multicians.org/protection.html|A hardware architecture for implementing protection rings]]
+
* http://pages.cpsc.ucalgary.ca/~locasto/papers/model-polymorphic-decoders.pdf On the Infeasibility of Modeling Polymorphic Shellcode. Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo. In the Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007). pp. 541--551. October 2007, Alexandria, VA.
[[http://pages.cpsc.ucalgary.ca/~locasto/readings/Harrison-Ruzzo-Ullman76.pdf|Protection in Operating Systems]]
+
 
[[http://pages.cpsc.ucalgary.ca/~locasto/papers/model-polymorphic-decoders.pdf|On the Infeasibility of Modeling Polymorphic Shellcode]]. Yingbo Song, Michael E. Locasto, Angelos Stavrou, Angelos D. Keromytis, and Salvatore J. Stolfo. In the Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS 2007). pp. 541--551. October 2007, Alexandria, VA.
 
 
[[http://www.cs.jhu.edu/~sam/ccs243-mason.pdf|English Shellcode]] Mason, Small, Monrose, MacManus. CCS 2009.  
 
[[http://www.cs.jhu.edu/~sam/ccs243-mason.pdf|English Shellcode]] Mason, Small, Monrose, MacManus. CCS 2009.  
 +
 
[[http://static.usenix.org/events/osdi06/tech/full_papers/erlingsson/erlingsson.pdf|XFI: Software Guards for System Address Spaces]]  
 
[[http://static.usenix.org/events/osdi06/tech/full_papers/erlingsson/erlingsson.pdf|XFI: Software Guards for System Address Spaces]]  
 +
 
[[http://www.usenix.org/event/usenix2000/general/baratloo.html|"Transparent Runtime Defense Against Stack Smashing Attacks"]]  
 
[[http://www.usenix.org/event/usenix2000/general/baratloo.html|"Transparent Runtime Defense Against Stack Smashing Attacks"]]  
 +
 
[[http://www.usenix.org/publications/library/proceedings/sec98/full_papers/cowan/cowan.pdf|"StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks"]]
 
[[http://www.usenix.org/publications/library/proceedings/sec98/full_papers/cowan/cowan.pdf|"StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks"]]
 +
 
[[http://cseweb.ucsd.edu/~hovav/papers/sppgmb04.html|"On the Effectiveness of Address Space Randomization"]]  
 
[[http://cseweb.ucsd.edu/~hovav/papers/sppgmb04.html|"On the Effectiveness of Address Space Randomization"]]  
 +
 
[[http://www.usenix.org/events/sec09/tech/full_papers/hund.pdf|"Return Oriented Rootkits"]] by Hund, Holz, and Freiling
 
[[http://www.usenix.org/events/sec09/tech/full_papers/hund.pdf|"Return Oriented Rootkits"]] by Hund, Holz, and Freiling
 +
 
[[http://www.cs.unm.edu/~immsec/publications/hotos-97.pdf|"Building Diverse Computer Systems"]]  
 
[[http://www.cs.unm.edu/~immsec/publications/hotos-97.pdf|"Building Diverse Computer Systems"]]  
 +
 
[[http://www.cs.unm.edu/~gbarrant/p315-barrantes.pdf|"Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks"]] or [[http://www1.cs.columbia.edu/~angelos/Papers/instructionrandomization.pdf|"Countering Code-Injection Attacks with Instruction-Set Randomization"]]  
 
[[http://www.cs.unm.edu/~gbarrant/p315-barrantes.pdf|"Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks"]] or [[http://www1.cs.columbia.edu/~angelos/Papers/instructionrandomization.pdf|"Countering Code-Injection Attacks with Instruction-Set Randomization"]]  
 +
 
[[http://cseweb.ucsd.edu/~hovav/dist/geometry.pdf|"The Geometry of Innocent Flesh on the Bone"]]
 
[[http://cseweb.ucsd.edu/~hovav/dist/geometry.pdf|"The Geometry of Innocent Flesh on the Bone"]]
 +
 
[[http://users.ece.cmu.edu/~adrian/630-f04/readings/wilander-comparison.pdf|"A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention"]]
 
[[http://users.ece.cmu.edu/~adrian/630-f04/readings/wilander-comparison.pdf|"A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention"]]
 +
 
[[http://www.usenix.org/publications/library/proceedings/sec98/full_papers/cowan/cowan.pdf|StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks]]
 
[[http://www.usenix.org/publications/library/proceedings/sec98/full_papers/cowan/cowan.pdf|StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks]]
 +
 
[[http://www.usenix.org/events/sec03/tech/full_papers/cowan/cowan.pdf|PointGuard(TM): Protecting Pointers From Buffer Overflow Vulnerabilities]]
 
[[http://www.usenix.org/events/sec03/tech/full_papers/cowan/cowan.pdf|PointGuard(TM): Protecting Pointers From Buffer Overflow Vulnerabilities]]
 +
 
[[http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=60&type=2|RIPE:Runtime Intrusion Prevention Evaluator]]
 
[[http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=60&type=2|RIPE:Runtime Intrusion Prevention Evaluator]]
 +
 
[[http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=81&type=2|Hit 'em Where it Hurts: A Live Security Exercise on Cyber Situational Awareness]]
 
[[http://www.acsac.org/2011/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=81&type=2|Hit 'em Where it Hurts: A Live Security Exercise on Cyber Situational Awareness]]
  
  
 +
=== Ethics ===
  
 +
# http://www.cs.dartmouth.edu/~sws/pubs/pretending.pdf
 +
# http://www.prisonexp.org/
 +
# http://sunnyday.mit.edu/papers/therac.pdf
 +
# http://www.acm.org/about/code-of-ethics
 +
# http://stallman.org/articles/on-hacking.html
 +
# http://www.theatlantic.com/technology/archive/12/07/if-hackers-didnt-exist-governments-would-have-to-invent-them/259463/
  
 +
=== OPSEC ===
  
http://www.prisonexp.org/
+
# http://www.slideshare.net/grugq/opsec-for-hackers
http://sunnyday.mit.edu/papers/therac.pdf
 
http://www.acm.org/about/code-of-ethics
 
 
 
http://stallman.org/articles/on-hacking.html
 
  
http://www.theatlantic.com/technology/archive/12/07/if-hackers-didnt-exist-governments-would-have-to-invent-them/259463/
 
 
http://www.cs.dartmouth.edu/~sws/pubs/pretending.pdf
 
  
 
Mindset: http://www.nukees.com/d/20070328.html
 
Mindset: http://www.nukees.com/d/20070328.html
Line 260: Line 280:
  
 
On "The Research Value of Publishing Attacks" http://cacm.acm.org/magazines/2012/11/156578-the-research-value-of-publishing-attacks/abstract
 
On "The Research Value of Publishing Attacks" http://cacm.acm.org/magazines/2012/11/156578-the-research-value-of-publishing-attacks/abstract
 
http://www.slideshare.net/grugq/opsec-for-hackers
 
  
 
ethics of error prevention: http://www.infoq.com/presentations/error-prevention-ethics
 
ethics of error prevention: http://www.infoq.com/presentations/error-prevention-ethics

Revision as of 19:20, 20 January 2014

Information Systems Security Analysis

A graduate seminar on systems security.

Logistics

The course is held once per week from 4pm to 6:45pm in ICT 616. There will be a short break around 5:15pm.

Policies

This is a graduate seminar. Your grade is based on your ability to critically assess and present research work in the field of systems security. You will have the opportunity to make three presentations.

Session List and Schedule

This is the schedule of papers to read and presentations. Everyone is responsible for reading the "primary readings" each week. Presenters are responsible for reading both the background reading and the primary reading.

Sessions
Session Date Topic Primary Readings Background Readings Presenter
1 13 Jan. Introduction, Overview Hacking the Abacus: Chapter 2 1 2 3 Locasto
2 20 Jan. S1: History of Memory Corruption, S2: ibid 1 2 3 4 5 slides Locasto
3 27 Jan. S1: Chukuka talk, S2: Heap Feng Shui x (x, x, x) Chukuka
4 3 Feb. S1: TBD, S2: TBD x (x, x, x) Laing
5 10 Feb. S1: TBD, S2: TBD x (x, x, x) Navabisohi
6 17 Feb. no class: reading week x (x, x, x) Rougeau
7 24 Feb. class will be rescheduled x (x, x, x) Rougeau
8 3 March S1: TBD, S2: TBD x (x, x, x) Chukuka
9 10 March S1: TBD, S2: TBD x (x, x, x) Laing
10 17 March S1: TBD, S2: TBD x (x, x, x) Navabisohi
11 24 March S1: TBD, S2: TBD x (x, x, x) Rougeau
12 31 March S1: TBD, S2: TBD x (x, x, x) Chukuka
13 7 April S1: TBD, S2: TBD x (x, x, x) Laing
14 14 April S1: TBD, S2: TBD x (x, x, x) Navabisohi, Rougeau

Topics

  • Ethics
  • Code Injection (Attacks and Countermeasures)
    • stack
    • heap
    • countermeasures
  • Isolation
    • classic work / multics
    • Janus
    • systrace
    • bsd jail
    • privilege separation
  • Virtualization and Security
  • Trust Management
  • Artificial Diversity
  • ROP
  • Self--Healing
  • Filtering and Reverse Engineering Network Protocols and File Formats
    • Tupni
  • IDS
  • LangSec
  • Approaches to System Instrumentation
  • Fault tolerance

Selected Hacker Talks (to view)

  • TBD
  • TBD
  • ...

Uncategorized and Miscellaneous Links

Papers (raw)

Protection, Classic Work in Systems and Access Control

  1. Protection. Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp 18-24 PDF
  2. "Protection in Operating Systems" by Michael A. Harrison, Walter L. Ruzzo, and Jeffrey D. Ullman (ACM Digital Library, available via U of C with appropriate network address)
  3. "Protection in an information processing utility" http://www.multicians.org/graham-pipu.pdf
  4. "A hardware architecture for implementing protection rings" http://www.multicians.org/protection.html
  5. http://nob.cs.ucdavis.edu/history/papers/bell76.pdf (Sections 1 and 2)
  6. http://nob.cs.ucdavis.edu/history/CD/biba75.pdf (Abstract, Section 1 and 2)
  7. "The Protection of Information in Computer Systems" by Jerome H. Saltzer and Michael D. Schroeder




  • Thomas Dullien and Halvar Flake "Exploitation and State Machines" PDF
  • F. B. Schneider. Enforceable Security Policies. ACM Transactions on Information and System Security, 2(4), Mar. 2000.
  • A Language-Based Approach to Security. Fred B. Schneider, Greg Morrisett, and Robert Harper2


Bugs in Open Source Software:


  • Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection by Thomas H Ptacek and Timothy M. Newsham
  • Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. Mark Handley and Vern Paxson and Christian Kreibich USENIX paperhtml

Isolation

  • Steven M. Bellovin. Virtual machines, virtual security. Communications of the ACM, 49(10), October 2006. “Inside RISKS” column. html
  • VM-based Security Overkill: A Lament for Applied Systems Security Research. Sergey Bratus, Michael E. Locasto, Ashwin Ramaswamy, and Sean W. Smith. Proceedings of the 19th New Security Paradigms Workshop (NSPW 2010). September 2010. Concord, MA, USA. PDF
  • seL4: http://www.ssrg.nicta.com.au/publications/papers/Klein_EHACDEEKNSTW_09.pdf


  • Jedidiah R. Crandall, Zhendong Su, S. Felix Wu, and Frederic T. Chong. On Deriving Unknown Vulnerabilities from Zero-Day Polymorphic and Metamorphic Worm Exploits. In the proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005). Alexandria, Virginia. November 2005 http://www.cs.unm.edu/~crandall/ccsdacoda.pdf


[Shellcode] Mason, Small, Monrose, MacManus. CCS 2009.

[Software Guards for System Address Spaces]

["Transparent Runtime Defense Against Stack Smashing Attacks"]

["StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks"]

["On the Effectiveness of Address Space Randomization"]

["Return Oriented Rootkits"] by Hund, Holz, and Freiling

["Building Diverse Computer Systems"]

["Randomized Instruction Set Emulation to Disrupt Binary Code Injection Attacks"] or ["Countering Code-Injection Attacks with Instruction-Set Randomization"]

["The Geometry of Innocent Flesh on the Bone"]

["A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention"]

[Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks]

[Protecting Pointers From Buffer Overflow Vulnerabilities]

[Intrusion Prevention Evaluator]

['em Where it Hurts: A Live Security Exercise on Cyber Situational Awareness]


Ethics

  1. http://www.cs.dartmouth.edu/~sws/pubs/pretending.pdf
  2. http://www.prisonexp.org/
  3. http://sunnyday.mit.edu/papers/therac.pdf
  4. http://www.acm.org/about/code-of-ethics
  5. http://stallman.org/articles/on-hacking.html
  6. http://www.theatlantic.com/technology/archive/12/07/if-hackers-didnt-exist-governments-would-have-to-invent-them/259463/

OPSEC

  1. http://www.slideshare.net/grugq/opsec-for-hackers


Mindset: http://www.nukees.com/d/20070328.html

It's OK to let students hack: http://geekout.blogs.cnn.com/2012/04/23/students-chow-down-on-cyber-security-weaknesses/?hpt=hp_bn10

On "The Research Value of Publishing Attacks" http://cacm.acm.org/magazines/2012/11/156578-the-research-value-of-publishing-attacks/abstract

ethics of error prevention: http://www.infoq.com/presentations/error-prevention-ethics

http://cacm.acm.org/magazines/2013/7/165490-plenty-more-hacker-motivations/fulltext

News