Computer Laboratory

Course pages 2017–18

Security

Principal lecturer: Dr Markus Kuhn
Taken by: Part IB CST 75%
Past exam questions

No. of lectures: 12
Suggested hours of supervisions: 3
Prerequisite courses: Operating Systems; Computer Networking; Programming in C; Unix Tools (recommended)

Aims

This course provides an overview of technical measures commonly used to enforce security policies, to protect networked and multi-user information systems against malicious user activity, mainly at the level of operating systems and network protocols. It also discusses common security concepts and pitfalls for application programmers and system architects, and strategies for exploiting and mitigating the resulting vulnerabilities.

Lectures

  • Introduction. Malicious intent: safety vs. security engineering. Security policies, targets, mechanisms. Aspects of confidentiality, integrity, availability, privacy. Requirements across different applications.

  • Operating-system security overview. Access-control matrix, trusted computing base, domain separation, CPU modes, system calls, residual information protection, virtual machines. [0.5 lecture]

  • POSIX discretionary access control. User and group databases and identifiers, file permission modes, ownership rights, sticky bit, group inheritance, set-uid, elevation of privileges, root user, NFS root squash, chroot, POSIX.1e ACLs.

  • Windows discretionary access control. NTFS access rights, security identifiers, access-control entries and lists, inheritance, services, auditing, NFSv4 ACLs.

  • Linux-specific mechanisms. PAM, LSM, Linux capabilities, AppArmor, seccomp, eBPF, audit, cgroups, namespaces, containers.

  • Running untrusted code. Mandatory access control, covert channels, SELinux, type enforcement, iOS/macOS/Android app-store sandboxes, capabilities.

  • Software vulnerabilities. buffer/integer overflows, ASLR, metacharacter vulnerabilities: shell and SQL injection, side channels, race conditions, environmental exploits, fuzzing.

  • Cryptography overview. Private/public-key encryption, MACs, digital signatures, certificates, key revocation, secure hash functions, key-establishment schemes, key generation. [0.5 lecture]

  • Entity authentication. Password verification, guessing user-generated secrets, biometric identification, hardware tokens, challenge-response authentication protocols, Kerberos, ssh, TLS.

  • Network access. Ethernet hubs and switches, ARP/NDP/DHCP spoofing, 802.1q VLAN tagging/trunking/hopping, port isolation, 802.1x, RADIUS, EAP, Wifi, GSM/LTE.

  • Internet protocols. TCP vs UDP, firewalls, iptables, IPSEC/IKE, VPNs, IP options/fragmentation, DDoS.

  • Email and DNS security. SMTP/RFC822 header forgery, spam, SPF, DKIM, DNS vulnerabilities, DNSSEC.

  • Web security. HTTP basics, HTTPS, SNI, HTTP authentication, cookies, single sign-on (Ucam WebAuth, SAML), delegation (OAuth2), JavaScript, cross-site scripting, cross-site request forgery, same-origin policy, CORS.

Objectives

By the end of the course, students should appreciate the importance of adversarial thinking in systems design and have a good overview of the security mechanisms and attributes of some of the most commonly used operating systems, networking infrastructure and Internet applications. They should also understand commonly exploited vulnerabilities of authentication mechanisms and know how to avoid some common security pitfalls in software development.

Recommended reading

Gollmann, D. (2010). Computer security. Wiley (3rd ed.).
Dowd, M.; McDonald, J.; Schuh, J. (2007). The art of software security assessment. Addison-Wesley.