CIS-5930: Applied Security

• Main
• News
• Syllabus
• Schedule
• Grading
• Slides
• Assignments

Reading Assignments

• Use of a Taxonomy of Security Faults, by T. Aslam, I. Krsul, and E. H. Spafford.
  http://www.princeton.edu/~rblee/ELE572Papers/Fall04Readings/UseTaxonomySecurityFaults.pdf
  
  
• M. Bishop and D. Klein, Improving System Security Through Proactive Password Checking,Computers and Security 14(3) pp. 233-249 (May/June 1995) http://nob.cs.ucdavis.edu/~bishop/papers/1995-c+s/proact.pdf
  
  
• Making a Faster Cryptanalytic Time-Memory Trade-off, by P. Oechslin. Proc. of Advances in Cryptology, CRYPTO 2003.  http://lasecwww.epfl.ch/pub/lasec/doc/Oech03.pdf
  
  
• Fixing Races for Fun and Profit: How to abuse atime. by N. Borisov, R. Johnson, N. Sastry, and D. Wagner. Proc. of USENIX Security Symposium, 2005. http://www.usenix.org/publications/library/proceedings/sec05/tech/full_papers/borisov/borisov_html/
  
  
• Analysis of the Windows Vista Security Model. M. Conover, Principal Security Researcher, Symantec Corp. http://www.symantec.com/avcenter/reference/Windows_Vista_Security_Model_Analysis.pdf
  
  
• Midterm review
  
  
• S. M. Bellovin.  Security problems in the TCP/IP protocol suite.  ACM SIGCOMM Computer Communication Review, 1989,  v. 19,  issue 2, pp. 32-48. Available at http://doi.acm.org/10.1145/378444.378449
  
  
• D. J. Bernstein. SYN cookies. http://www.cr.yp.to/syncookies.html
  
  
• Chapman, D.B. Network (In)Security Through IP Packet Filtering, Proceedings of the Third UNIX Security Symposium, 1992, http://www.deter.com/unix/papers/packet_filt_chapman.pdf
  
  
• Vigna, Robertson, and Balzarotti, Testing Network-based Intrusion Detection Signatures Using Mutant Expoits.  ACM CCS 2004. http://www.cs.ucsb.edu/~wkr/publications/ccs04sploit.pdf
  
  
• C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole.
  Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade. Foundations of Intrusion Tolerant Systems, 2003.
  
  
• A. K. Ghosh, Tom O'Connor, and G. McGraw. An Automated Approach for Identifying Potential Vulnerabilities in Software. Proc. of IEEE Security and Privacy Symposium, 1998.
  
  
• D.E. Denning, P. J., Denning, and M. D. Schwartz. The tracker: a threat to statistical database security. ACM Transactions on Database Systems (TODS) , 1979.

Further reading

• A Taxonomy of UNIX System and Network Vulnerabilities, by M. Bishop. Technical Report, Dept. of Computer Science, University of California at Davis. http://nob.cs.ucdavis.edu/~bishop/notes/1995-cse-8/index.html
  
  
• Assessment of Windows Vista Kernel-Mode Security. M. Conover, Principal Security Researcher, Symantec Corp. http://www.symantec.com/avcenter/reference/Windows_Vista_Kernel_Mode_Security.pdf
  
  
• S. Bhatkar, R. Sekar and D. C. DuVarney. Efficient Techniques for Comprehensive Protection from Memory Error Exploits. 14th USENIX Security Symposium, 2005.
  

Programming Assignments

Programming assignment due dates  (all assignments due at 11:59pm of due date)
Links to assignments will become valid on the announced posting date.

• assignment 1:  Due on 02/07/07 at 11:59pm.
  Posting date:  01/25.
  
  
• assignment 2:  Due on 02/28/07 at 11:59pm.
  Posting date:  02/09.
  
  
• assignment 3:  Due on 04/03/07 at 11:59pm.
  Posting date:  03/14.
  See also Winsnort.com and in particular the installation guides for MySQL+Apache (or MSSQL + Apache).
  
  
• assignment 4:  Due on 04/20/07 at 11:59pm.
  Posting date:  04/05.