Computer Security and Privacy
Lecture Slides
Course Description
- Malicious Code Defense: Malicious
code such as worms, botnets, spyware, rootkits is wreaking havoc on the
Internet. What are the technical reasons causing the prevalence of
malicious code on the Internet today? What techniques can we design and
develop to defend against it?
- Web Security: The Web
has become the most successful platform for developing widely-used
applications. It is constantly evolving to accommodate new demands: new
features are added to browsers, new server-side programming paradigms
emerge, and new networking protocols are deployed. The interactions
between these features present increasingly complex security
challenges. What techniques and tools can we design and develop to
enhance the security of the web?
- Privacy Enhancing Technologies: Huge
volumes of data containing sensitive/private information are being
collected and stored by various sensors/monitoring systems, auditing
systems, storage in the cloud, social networks, etc. Examples include
electronic records in health care systems and location information in
ubiquitous computing applications. How can we protect users' privacy
and at the same time enable effective sharing and utilization of the
distributed data? And how can we provide desirable services to users
and protect their privacy even when the servers are untrusted?
These
are among the most pressing security and privacy questions to be
addressed today. This class aims to cover state-of-the-art research
discoveries and results in these areas and prepares graduate students
interested in computer security and privacy to conduct research in
related areas. Besides lectures, students will study recommended
readings, as well as conduct lab assignments and projects to gain
hands-on experience. Tentative Syllabus
- Techniques and tools for vulnerability discovery and diagnosis
- Taint analysis, quantitative taint analysis
- Taint-based fuzzing and diagnosis
- Dynamic symbolic execution
- Dynamic symbolic execution for vulnerability discovery
- Grammar-based symbolic execution
- Loop-extended symbolic execution
- Binary analysis and its applications to computer security
- Automatic patch-based exploit generation
- Automatic deviation detection
- Automatic vulnerability signature generation
- Binary similarity analysis
- Malware analysis and defense
- Botnet study
- Botnet C&C reverse engineering
- Automatic in-depth malware analysis
- Web-based malware
- Mobile malware
- Web security
- XSS vulnerability analysis and defense
- JavaScript analysis
- Formal foundations to web protocol security and analysis
- Privacy
- De-anonymization
- Differential privacy
- Systems implementing differential privacy and applications
Readings
- Dynamic Taint Analysis for Automatic Detection, Analysis,
and Signature Generation of Exploits on Commodity Software. James Newsome and Dawn Song. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005.
- Loop-Extended Symbolic Execution on Binary Programs. Prateek Saxena, Pongsin Poosankam, Stephen McCamant, and Dawn Song. In the Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), July 2009.
- DART: Directed Automated Random Testing. P. Godefroid, N. Klarlund, and K. Sen. In ACM SIGPLAN Notices, vol. 40, no. 6, pp. 213-223, June 2005.
- Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications. David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng. In Proceedings of the IEEE Symposium on Security and Privacy, May 2008.
- BitScope: Automatically Dissecting Malicious Binaries. David Brumley, Cody Hartwig, Min Gyung Kang, Zhenkai Liang James Newsome, Pongsin Poosankam, Dawn Song, and Heng Yin. CS-07-133, School of Computer Science, Carnegie Mellon University, March 18, 2007.
- Automatically Identifying Trigger-based Behavior in Malware. David Brumley, Cody Hartwig, Zhenkai Liang James Newsome, Dawn Song, and Heng Yin. Book chapter in "Botnet Analysis and Defense", Editors Wenke Lee et. al., 2007.