CSE466 -- Computer Systems Security, Fall  2009

Disclaimer:

This is a set of notes, that summarizes the class coverage of material. By no means is this comprehensive or is a substitute for class notes and attendance. Also, updating of this page is not guaranteed to be frequent.

 This page will be updated as class progresses....

Class 1:

• Introduction to CSE466
• [audio]

Class 2:

• Software and Network Security
• Ken Thompson Lecture
• Vulnerabilities and Trust
• [notes] [notes, PDF] [audio]  -- to view JNT files, download viewer.

Class 3:

• Computer Security
• Shared Secrets
• Social Eng.
• Requirements
• [notes] [notes, PDF] [audio]

Class 4:

• Secuirty via Obscurity
• Hacking complex systems
• Encryption vulnerabilities
• [notes] [notes, PDF] [audio]

Class 5:

• Data formats in memory and files
• Integers, charaters, strings, arrays, pointers
• Files -- text files
• Writing data to files
• [notes] [notes, PDF] [audio]

Class 6:

• Data formats and Raw I/O
• Stack format
• [notes] [notes, PDF] [audio]

Class 7:

• Stack structure
• Stack overflow
• Heap Structure
• Unix Password Storage
• [notes] [notes, PDF] [audio]

Class 8:

• Passwords and Salt
• Rootkits
• Software and web attacks
• intro to XSS
• [notes] [notes, PDF] [audio]

Class 9:

• XSS attacks
• Network Attacks
• Multifactor authentication
• [notes] [notes, PDF] [audio]

Class 10:

• Cryptography
• large numbers [slide]
• hashing [slide]
• ciphers
• [notes] [notes, PDF] [audio]

Class 11:

• Coin tossing
• Kerckhoff's principle
• Symmetric Encryption
• DES
• Asymmetric encryption
• Key exchange, authentication, digital signatures
• [notes] [notes, PDF] [audio]

Class 12:

• Steganography [example]
• Digital Signatures
• Digital Certificates
• [notes] [notes, PDF] [audio]

Class 13:

• Digital Certificates - verifying certificates
• Hierarchical Certificates and applications
• RSA
• MITM attacks
• Hybrid Communications, using certificates
• [notes] [notes, PDF] [audio]

Class 14:

• Review of material covered so far
• Birthday attack
• Resisting birthday attacks
• [notes] [] [audio]

Mid Term Exam: Wednesday,  Oct 14 (in class)

Class 15:

• Attacks on Cryptography
• Physical possession
• Remote access
• Key stealing, software diversity
• [notes] [audio]

Class 16:

• Design of Public Key Smartcard
• Applications of Smartcards
• Risks, issues and weaknesses
• [notes] [audio]

Class 17:

• Attacking Crypto -- weak encryption, weakening brute force (WEP, GSM, RFID, DVD)
• Key extraction (HD-DVD)
• Rainbow Tables
• Intro to secure coding
• [notes] [audio]

Class 18:

• Canaries, ASLR
• Memory Layout
• String functions and errors
• [notes] [audio]

Class 19:

• String function errors
• Function call, stack and base registers
• mitigations
• [notes] [audio]

Class 20:

• mitigations - contd
• pointer errors
• overflows and piointers
• function pointers
• arbitrary memory writes
• [notes] [audio]

Class 21:

• setjmp/longjmp
• pointer errors - using free memory and multiple free
• Doug Lea's memory allocator
• the unlink attack
• [notes] [audio]

Class 22:

• Unlink Attack
• Double Free Attack
• [notes] [audio]

Class 23:

• Mitigations - heap attacks
• Integer representations, ranks and conversions
• Atricle covering integer ranks: Integer Security
• Integer based attacks and errors
• [notes] [audio]

Class 24:

• string format routines - e.g. prinf
• printf vulnerabilities
• reading arbitrary memory
• writing arbitrary memory
• fun with printf
• [notes] [audio]

Class 25:

• Mitigations of printf vulnerabilities
• Operating Systems
• Application and Kernel spaces
• System calls
• Attacking the OS
• [notes] [audio]

Class 26:

• Network attacks
• Port scanning
• OS and rootkits
• Detecting rootkits
• Virtual Machines
• Detecting virtual machines
• [notes] [audio]

Class 27:

• Root of Trust, TPM, Threat Models
• Hacking Ethics
• Government standards
• Security Policies
• Access Control
• [notes] [audio]

Class 28:

• Review class
• Questions
• [notes] [audio]

Final Exam: Wednesday, Dec 16 12:10 - 2:00 PM