Computer Security and Privacy

Lecture Slides

• Lecture 1: Fuzzing/BitBlaze overview
• Lecture 2: Security applications of binary analysis
• Lecture 3: Malware analysis and defense
• Lecture 4: Webblaze overview
• Lecture 5: Botnet reverse engineering

Course Description

1. Malicious Code Defense: Malicious code such as worms, botnets, spyware, rootkits is wreaking havoc on the Internet. What are the technical reasons causing the prevalence of malicious code on the Internet today? What techniques can we design and develop to defend against it?
2. Web Security: The Web has become the most successful platform for developing widely-used applications. It is constantly evolving to accommodate new demands: new features are added to browsers, new server-side programming paradigms emerge, and new networking protocols are deployed. The interactions between these features present increasingly complex security challenges. What techniques and tools can we design and develop to enhance the security of the web?
3. Privacy Enhancing Technologies: Huge volumes of data containing sensitive/private information are being collected and stored by various sensors/monitoring systems, auditing systems, storage in the cloud, social networks, etc. Examples include electronic records in health care systems and location information in ubiquitous computing applications. How can we protect users' privacy and at the same time enable effective sharing and utilization of the distributed data? And how can we provide desirable services to users and protect their privacy even when the servers are untrusted?

These are among the most pressing security and privacy questions to be addressed today. This class aims to cover state-of-the-art research discoveries and results in these areas and prepares graduate students interested in computer security and privacy to conduct research in related areas. Besides lectures, students will study recommended readings, as well as conduct lab assignments and projects to gain hands-on experience. 

Tentative Syllabus

• Techniques and tools for vulnerability discovery and diagnosis
• Taint analysis, quantitative taint analysis
• Taint-based fuzzing and diagnosis
• Dynamic symbolic execution
• Dynamic symbolic execution for vulnerability discovery
• Grammar-based symbolic execution
• Loop-extended symbolic execution
  
  
• Binary analysis and its applications to computer security
• Automatic patch-based exploit generation
• Automatic deviation detection
• Automatic vulnerability signature generation
• Binary similarity analysis
  
  
• Malware analysis and defense
• Botnet study
• Botnet C&C reverse engineering
• Automatic in-depth malware analysis
• Web-based malware
• Mobile malware
  
  
• Web security
• XSS vulnerability analysis and defense
• JavaScript analysis
• Formal foundations to web protocol security and analysis
  
  
• Privacy
• De-anonymization
• Differential privacy
• Systems implementing differential privacy and applications

Readings

1. Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. James Newsome and Dawn Song. In Proceedings of the Network and Distributed System Security Symposium (NDSS 2005), 2005.
2. Loop-Extended Symbolic Execution on Binary Programs. Prateek Saxena, Pongsin Poosankam, Stephen McCamant, and Dawn Song. In the Proceedings of the ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), July 2009.
3. DART: Directed Automated Random Testing. P. Godefroid, N. Klarlund, and K. Sen. In ACM SIGPLAN Notices, vol. 40, no. 6, pp. 213-223, June 2005.
4. Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications. David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng. In Proceedings of the IEEE Symposium on Security and Privacy, May 2008.
5. BitScope: Automatically Dissecting Malicious Binaries. David Brumley, Cody Hartwig, Min Gyung Kang, Zhenkai Liang James Newsome, Pongsin Poosankam, Dawn Song, and Heng Yin. CS-07-133, School of Computer Science, Carnegie Mellon University, March 18, 2007.
6. Automatically Identifying Trigger-based Behavior in Malware. David Brumley, Cody Hartwig, Zhenkai Liang James Newsome, Dawn Song, and Heng Yin. Book chapter in "Botnet Analysis and Defense", Editors Wenke Lee et. al., 2007.