Course pages 2018–19
Security
Principal lecturer: Dr Markus Kuhn
Taken by: Part IB CST 50%, Part IB CST 75%
Past exam questions
No. of lectures: 12
Suggested hours of supervisions: 3
Prerequisite courses: Operating Systems; Computer Networking;
Programming in C; Unix Tools (recommended)
Aims
This course provides an overview of technical measures commonly used to enforce security policies, to protect networked and multi-user information systems against malicious user activity, mainly at the level of operating systems and network protocols. It also discusses common security concepts and pitfalls for application programmers and system architects, and strategies for exploiting and mitigating the resulting vulnerabilities.
Lectures
- Introduction. Malicious intent: safety vs. security
engineering. Security policies, targets, mechanisms. Aspects of
confidentiality, integrity, availability, privacy. Requirements
across different applications.
- Operating-system security overview. Access-control matrix,
trusted computing base, domain separation, CPU modes, system calls,
residual information protection, virtual machines. [0.5 lecture]
- POSIX discretionary access control. User and group databases
and identifiers, file permission modes, ownership rights, sticky
bit, group inheritance, set-uid, elevation of privileges, root user,
NFS root squash, chroot, POSIX.1e ACLs.
- Windows discretionary access control. NTFS access rights,
security identifiers, access-control entries and lists, inheritance,
services, auditing, NFSv4 ACLs.
- Linux-specific mechanisms. PAM, LSM, Linux capabilities,
AppArmor, seccomp, eBPF, audit, cgroups, namespaces, containers.
- Running untrusted code. Mandatory access control, covert
channels, SELinux, type enforcement, iOS/macOS/Android app-store
sandboxes, capabilities.
- Software vulnerabilities. buffer/integer
overflows, ASLR, metacharacter vulnerabilities: shell and SQL
injection, side channels, race conditions, environmental exploits,
fuzzing.
- Cryptography overview. Private/public-key encryption, MACs,
digital signatures, certificates, key revocation, secure hash
functions, key-establishment schemes, key generation. [0.5 lecture]
- Entity authentication. Password verification, guessing
user-generated secrets, biometric identification, hardware tokens,
challenge-response authentication protocols, Kerberos, ssh, TLS.
- Network access. Ethernet hubs and switches, ARP/NDP/DHCP
spoofing, 802.1q VLAN tagging/trunking/hopping, port isolation,
802.1x, RADIUS, EAP, Wifi, GSM/LTE.
- Internet protocols. TCP vs UDP, firewalls, iptables,
IPSEC/IKE, VPNs, IP options/fragmentation, DDoS.
- Email and DNS security. SMTP/RFC822 header forgery, spam,
SPF, DKIM, DNS vulnerabilities, DNSSEC.
- Web security. HTTP basics, HTTPS, SNI, HTTP authentication,
cookies, single sign-on (Ucam WebAuth, SAML), delegation (OAuth2),
JavaScript, cross-site scripting, cross-site request forgery,
same-origin policy, CORS.
Objectives
By the end of the course, students should appreciate the importance of adversarial thinking in systems design and have a good overview of the security mechanisms and attributes of some of the most commonly used operating systems, networking infrastructure and Internet applications. They should also understand commonly exploited vulnerabilities of authentication mechanisms and know how to avoid some common security pitfalls in software development.
Recommended reading
Gollmann, D. (2010). Computer security. Wiley (3rd ed.).
Dowd, M.; McDonald, J.; Schuh, J. (2007). The art of software security assessment. Addison-Wesley.