Courses/Computer Science/CPSC 525.W2016/Lecture Notes
Contents
- 1 Course Outline
- 2 Principles of Security (January)
- 2.1 Introduction (01/11)
- 2.2 Security Mindset and Terms (01/13)
- 2.3 Principles of Computer Security (01/15)
- 2.4 Ethics & Security Practices (01/18)
- 2.5 The History of Attacks (01/20)
- 2.6 The History of Attacks pt. 2 (01/22)
- 2.7 Intrusion Detection (01/25)
- 2.8 Overview of C and its security issues (01/27)
- 2.9 More about C and its security vulnerabilities (01/29)
- 3 Security Models and Access Control (February)
- 3.1 Dynamic Instrumentation of Programs and Code Injection (02/01)
- 3.2 More about ELF, DWARF, and code injection (02/03)
- 3.3 Vulnerability Assessment (02/05)
- 3.4 Identity-Based Access Control (02/08)
- 3.5 Mandatory and Discretionary Access Control (02/10)
- 3.6 Role-Based Access Control (02/12)
- 3.7 READING WEEK (15/02 - 19/02)
- 3.8 Security attributes in Access Control Models (02/22)
- 3.9 Bell-LaPadula Model (02/24)
- 3.10 The Biba Model (02/26)
- 3.11 Security Models (02/22)
- 3.12 Other Security Models (02/24)
- 3.13 Key Establishment (02/26)
- 3.14 Guest Lecture #1 (Jonathan Gallagher) (02/29)
- 4 Communications Security (March)
- 4.1 Guest Lecture #2 (Jonathan Gallagher) (03/02)
- 4.2 Midterm Examination (03/04)
- 4.3 Introduction to Frama-C (03/07)
- 4.4 Database Security (03/09)
- 4.5 Midterm handout and solutions (03/11)
- 4.6 SQL Injection (03/14)
- 4.7 DoS and DDoS (03/16)
- 4.8 Infosec Job Position Requirements and Analysis (03/18)
- 4.9 Password Authentication (03/21)
- 4.10 Multiple Ownership in Access Control (Guest Lecture by Dr. Pooya Mehregan) (03/23)
- 4.11 No classes (Good Friday) (03/25)
- 4.12 Digital Identity Exercise (03/28)
- 4.13 Security Evaluation (03/30)
- 5 A Word on Privacy
Course Outline
There's a typo in my email address, it should be gonzalre@ucalgary.ca or prof.gonzalre@gmail.com
Principles of Security (January)
Introduction (01/11)
About the instructor and the course.
What do students expect to learn in the class?
Introductory quiz about student's background and experiences.
Slides: [1]
Security Mindset and Terms (01/13)
(Gollman Ch. 3)
Confidentiality, integrity, and availability
A definition of security
Dilemmas in security
How to keep a systems secure
Complexity and how it kills security
Slides: [2]
Principles of Computer Security (01/15)
Define the term "hacker"
What are exploits and vulnerabilities?
What is access control?
What are the best practices for secure passwords?
What's the purpose of cryptography?
What are rootkits?
How does censorship influence security?
What is penetration testing? Is it ethical?
What is the Common Vulnerability Scoring System?
Famous people in security
Famous security conferences
Slides: [3]
Ethics & Security Practices (01/18)
Video Presentation:
Reading Material:
- "Pretending Systems Are Secure" by Sean W. Smith PDF
- UofC Statement of Intellectual Honesty
- Towards an Ethical Code for Information Security
- Ethics: Stanford prison experiment http://www.prisonexp.org/
- http://sunnyday.mit.edu/papers/therac.pdf
- http://www.acm.org/about/code-of-ethics
- Privacy/Ethics: Should we let children on Facebook: http://www.economist.com/node/21556578?fsrc=scn/tw/te/ar/letthenippersnetwork
- J. Aycock, E. Buchanan, S. Dexter, and D. Dittrich. Human Subjects, Agents, or Bots: Current Issues in Ethics and Computer Security Research. Panel paper, 2nd Workshop on Ethics in Computer Security Research (LNCS 7126), 2012, pp. 138-145.
- Research Ethics: Cases and Materials, Indiana University Press. 1995
Slides: [4]
The History of Attacks (01/20)
Some of the terms discussed:
Virus
Worms
Trojans
DoS
DDoS
Rootkits
Backdoors
Stuxnet
Flame
Video Material:
- CIH virus in action - https://www.youtube.com/watch?v=RrnWFAx5vJg
- Defcon: The History and Evolution of Malware - https://www.youtube.com/watch?v=L8lA1pNvcz4
Reading material:
- The shutdown of the Internet (7007 Explanation and Apology) - http://www.merit.edu/mail.archives/nanog/1997-04/msg00444.html)
- The history of DoS and DDoS - http://users.atw.hu/denialofservice/ch03lev1sec3.html
- The history of DDoS protests - http://motherboard.vice.com/read/history-of-the-ddos-attack
Slides: [5]
The History of Attacks pt. 2 (01/22)
Phishing, spam, spear-phishing, context-aware attacks, inference attacks
Exercise on Inference Attacks
Reading material:
- The history of phishing - http://www.phishing.org/history-of-phishing/
- Sherlock Holmes's Evil Twin: On the Impact of Global Inference for Online Privacy - http://www.icsi.berkeley.edu/pubs/networking/sherlockholmesseviltwin11.pdf
- Modeling and Preventing Phishing Attacks - http://markus-jakobsson.com/papers/jakobsson-fc05.pdf
- On the Feasibility of Inference Attacks by Third-Party Extensions to Social Network Systems - http://pages.cpsc.ucalgary.ca/~pwlfong/Pub/asiaccs2013.pdf
Slides: [6]
Intrusion Detection (01/25)
Firewalls
Intrusion Detection Model
Audit Records
Objects/Subjects
Profiles
Statistical metrics and models
Anomaly records
Reading material:
- An Intrusion Detection Model by Dorothy E. Denning (1987) - http://users.ece.cmu.edu/~adrian/731-sp04/readings/denning-ids.pdf
Slides: [7]
Overview of C and its security issues (01/27)
Advantages of C
Disadvantages of C
Preprocessor coding practices
Declarations and initializations coding practices
Expressions coding practices
Integers coding practices
Common attacks in C
A basic notion of GDB as a debugger
Reading material:
- CERT safe coding practices -- https://www.securecoding.cert.org/confluence/display/c/INT33-C.+Ensure+that+division+and+remainder+operations+do+not+result+in+divide-by-zero+errors
- Commands in GDB -- http://www.yolinux.com/TUTORIALS/GDB-Commands.html
Slides: [8]
More about C and its security vulnerabilities (01/29)
Buffer Overflow live demonstration
Attack a program that calls strcpy()
Use GDB to smash the stack
Use exploits to: (1) execute exit(1), (2) execute mkdir in current directory, (3) execute /bin/bash, (4) cat /etc/passwd
Reading Material:
- Smashing the stack for fun and profit - http://insecure.org/stf/smashstack.html
- Stack based buffer overflow Exploitation-Tutorial - https://www.exploit-db.com/docs/28475.pdf
Slides: [9]
Security Models and Access Control (February)
Dynamic Instrumentation of Programs and Code Injection (02/01)
ELF
DWARF
Intel's Pin
GDB
Control Hijacking Attacks
Control Hijacking Defenses
XSS Attacks
SQL Injection
Aspect Oriented Programming
Just-in-time compilation
Reading material:
- Intel's Pin User's Guide - https://software.intel.com/sites/landingpage/pintool/docs/71313/Pin/html/index.html
Slides: [10]
More about ELF, DWARF, and code injection (02/03)
ELF Header
DWARF format
XSS attacks
SQL Injection attacks
ELF injection
Reading material:
- The 101 of ELF Binaries on Linux: Understanding and Analysis - http://linux-audit.com/elf-binaries-on-linux-understanding-and-analysis/
- ELF 101: A Linux Executable Walk-through - https://code.google.com/archive/p/corkami/wikis/ELF101.wiki
- DWARF Debugging Information Format - http://www.dwarfstd.org/doc/dwarf-2.0.0.pdf
Slides: [11]
Vulnerability Assessment (02/05)
Patches
CVEs
Vulnerability Discovery
Slides: [12]
Identity-Based Access Control (02/08)
(Gollman Ch. 5)
Authentication and authorization
Access Control Matrix
Access Control Lists
Multics and Unix access operations
Subjects and Principals
Mandatory and Discretionary Access Control (02/10)
Types of MAC policies
Adding privileges in DAC
The Confused-Deputy Attack
DAC in Unix
Reading:
- Discretionary Access Control - https://www.cs.cornell.edu/fbs/publications/chptr.DAC.pdf
Role-Based Access Control (02/12)
- Transactions/Procedures
- Users and sessions
- Roles and permissions
- User to role assignment relation
- Permission to role assignment relation
- The three rules of RBAC
- Constraints, role hierarchy and consolidated model
Reading Material:
- Role Based Access Controls (1992) - http://csrc.nist.gov/rbac/ferraiolo-kuhn-92.pdf
- Role Based Access Control Model (1996) - http://csrc.nist.gov/rbac/sandhu96.pdf
READING WEEK (15/02 - 19/02)
- BLP Paper
Security attributes in Access Control Models (02/22)
Security attributes
Partial ordering
Lattices
Hasse diagrams
Multi-level security
Introduction to BLP
Bell-LaPadula Model (02/24)
READ: Original paper
State machine models
The Bell-LaPadula model
Security properties
Basic security theorem
Tranquility
Debate: Against or in Favor of BLP?
Reading Material:
- Gollman's book Chapter 11
The Biba Model (02/26)
BLP Basic Security Theorem
The Biba Model definition
The Biba Model properties
Access control exercises
Reading material:
- Gollman's book Chapter 11
Security Models (02/22)
The BIBA Model
Chinese Wall Model
The Clark-Wilson Model
Other Security Models (02/24)
The Harrison-Ruzzo-Ullman (Ch. 12.4)
Using HRU as a programming language (Ch. 12.4)
Information-flow models (entropy, lattices)
Execution monitors (if time permits)
Key Establishment (02/26)
(Gollman Chapter 15.3)
The Diffie-Hellman Protocol
Needham-Schroeder Protocol
Password-Based Protocol
Guest Lecture #1 (Jonathan Gallagher) (02/29)
Hoare logic as the type system for an imperative language. This will be done in several stages.
- Without loops (finite branching programs).
- With loops.
- With procedure calls but no recursion.
- With procedure calls and recursion.
- There will be no functions -- all messages will be passed via global variables, and the language will be assumed to be sequential.
Communications Security (March)
Guest Lecture #2 (Jonathan Gallagher) (03/02)
Formal verification of software
Midterm Examination (03/04)
http://wiki.ucalgary.ca/page/Courses/Computer_Science/CPSC_525.W2016
Introduction to Frama-C (03/07)
Slides: [13]
Reading Material:
- Frama-C Mini Tutorial - http://frama-c.com/download/acsl-tutorial.pdf
Database Security (03/09)
Slides: [14]
Reading Material:
- Chapter 9 -Dieter Gollman's Computer Security
Midterm handout and solutions (03/11)
Slides: [15]
SQL Injection (03/14)
Slides: [16]
DoS and DDoS (03/16)
Slides: [17]
Reading Material:
- SYN Cookies - https://cr.yp.to/syncookies.html
- Defending Against DoS Attacks - https://www.w3.org/Security/faq/wwwsf6.html
Infosec Job Position Requirements and Analysis (03/18)
Password Authentication (03/21)
G Tech Password Case Study - http://www.gtri.gatech.edu/casestudy/Teraflop-Troubles-Power-Graphics-Processing-Units-GPUs-Password-Security-System
Slides: [18]
Multiple Ownership in Access Control (Guest Lecture by Dr. Pooya Mehregan) (03/23)
Abstract
Specifically, we propose an extension of Relationship-Based Access Control (ReBAC) to support multiple ownership, in which a policy negotiation protocol is in place for co-owners to come up with and give consent to an access control policy in a structured manner. During negotiation, the quality of draft policy is assessed by a set of novel and formally defined availability criteria: policy satisfiability, feasibility and resiliency, which all belong to the second level of the polynomial hierarchy. Despite computational complexities, we propose efficient decision procedures that are based on modern Boolean Satisfiability (SAT) solvers and Answer Set Programming (ASP). The empirical data shows that these algorithms are competitive for mid-sized organizations (100,000 users).
Slides: [19]
No classes (Good Friday) (03/25)
Digital Identity Exercise (03/28)
Exercises 5.3 and 6 from SISMAT.
Security Evaluation (03/30)
Slides: [20]
A Word on Privacy
Social Engineering Attacks (04/01)
Spam, phishing, spear-phishing and inference attacks.
Automatic social engineering, digital identities.
Slides: [21]
Discussion: Usable Studies, Ethics, and the Future of Security (04/04)
Manoel Costa (Guest Lecture) IBM Security Engineer (04/06)
Manoel Costa is a technology enthusiast with over fourteen years of experience in the IT industry. He has several well-recognized certifications like: CEH, GCIH, G27000, GCCC, GICSP, CRISC, CISA and CISSP. He has been working mainly as an IT Consultant and Systems Engineer, specializing in IT security. His experience includes working with clients between 300-7000+ seats. He has expertise with pre-sales, leading small teams and projects; and delivery of many different complex projects.
