CYB 5280: Host and Application Security

Welcome to the class website of Host and Application Security. This page links to all the slides for the current class, plus assignment information.

Syllabus

The formal syllabus for this class is available here.

In a less formal way, the goal of the class is to make you aware of security issues that impact client machines and the applications they run. We will be looking at how the host works at a fairly granular level, as well as vulnerability patterns that hosts encounter. We will spend several weeks looking at malicious code. Finally, we will look at countermeasures and best practices on the host for improving security.

Prerequisites & Administrivia

The class is rather relatively straightforward: we will take a guided tour of the malware universe and other host/application security issues. Assignments will vary between writing about malware, examining files/executables, looking at low-level system functionality, and simulating malware spread. In order to get an A in the class, all assignment must be turned in and complete. Please note, you must pass the final to obtain a passing grade in the class.

The book for the class is Peter Szor's "The Art of Computer Virus Research and Defense". It's a very good book, and should be useful to you after you have graduated. In addition, we will be using Pfleeger and Pfleeger's classic "Computer Security" book.

Unless otherwise stated, all assignments are due before class 1 week after they were assigned (e.g. if an assignment is set on Tuesday, it is due before class the following Tuesday). Assignments should be turned in through the class SVN server.

Reading List

Things you will read, at a minimum, by the final exam. In addition, make sure you have read Szor and the relevant parts of Pfleeger.

• Whitaker & Ford: How to Think about Security
• At least the beginning of Shannon's "The Mathematical Theory of Communication"
• Cormac Herley: So Long and Thanks for all the Externalities
• "The Protection of Information in Computer Systems" by Saltzer/Schroeder
• The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls
• Smashing the Stack for Fun and Profit
• That Which We Call Rose.A
• Your botnet is my botnet: Analysis of a Botnet Takeover
• Browser Security: Lessons from Google Chrome
• Intel Virtualization Technology: Hardware Support for Efficient Processor Virtualization

Slides

This deck changes as a function to time. Please check back for additional materials covered in class.

• Lesson 1: Introduction and Administrivia
• Lesson 2: What is Security?
• Lesson 3: What is Information?
• Lesson 4: The host boot sequence
• Lesson 5: OS Intro
• Lesson 6: The Role of the OS
• Lesson 7: On the Protection of Objects
• Lesson 8: Authentication
• Lesson 9: Intro to Vulns
• Lesson 10: Code Injection
• Lesson 11: Malware History
• Lesson 12: Definitions
• Lesson 13: Polymorphism
• Lesson 14: Stealth
• Lesson 15: Virus Scanners
  • "Hello World Generator" for scanner assignment from Fall 13 for your amusement only
  • "Hello World Generator" for scanner assignment for Fall 14.
  • Instructions for the scanner assignment
• Lesson 16: Memory Scanning and Generic Detection
• Lesson 17: Rootkits and botnets
• Lesson 18: The Future of Malware
• Lesson 19: How the Web Works
• Lesson 20: How the Web does not work
• Lesson 21: Virtualization Technologies
• Lesson 22: Patching and Patch Management
• Lesson 23: Attack Surface

Further lessons will be uploaded as needed.