CS 510

CS 510: Advanced Security Seminar (Fall 2005)

This course is an advanced research seminar course covering contemporary security papers. The content will be driven by students based on their paper selections from the following paper list

Instructor:

Wu-chang Feng (wuchang at cs dot pdx dot edu)
Office hours: TBD
Office location: Fourth Avenue Building (PDC tower) Suite 310, Room 14 (map)
Web site: http://www.thefengs.com/wuchang/work/courses/cs510_fall2005
Course e-mail list: http://groups.yahoo.com/group/pdx-cs510
Course e-mail: pdx-cs510 at yahoogroups dot com

Location and Time:

Mondays and Wednesdays, 4:00pm-5:20pm
Neuberger Hall (NH) Room 341 (map)

Format:

One person in the class will be responsible for each paper (or paper group). Papers will be assigned during the first day of class. The person who is assigned a paper will...

Read the paper
Do a short 30 minute slide presentation in class summarizing the paper (20 slide maximum!!!)

What were the main contributions of the work?

What were the advantages and disadvantages of the approach?
How does it compare to the work described in the related papers?
What are potential avenues for further work and improvements?

Upload to the Yahoo Group Files section

copy of your slide presentation
a local copy of the paper(s) covered

Grading:

Grades will be based on class presentations and attendance only.

Paper schedule:

9/26 Introduction

Course information slides

Review format and syllabus
First paper selection
Reading assignment.... paper

9/28 NO CLASS

10/3 Host vulnerabilities
Group #1 (Wu) slides

Aleph One, "Smashing the Stack for Fun and Profit", paper
C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, "StackGuard: Automatic Detection and Prevention of Buffer-Overflow Attacks", USENIX Security Symposium 1998. paper

Group #2 (Gabe) slides

Bulba, Kill3r, "Bypassing StackGuard and StackShield", Phrack Magazine, 56(5), May 2000. link

10/5 Host vulnerabilities
Group #3 (David) slides

Scut/team teso, "Exploiting Format String Vulnerabilities", 2001. link | local copy

Group #4 (Jesus) slides

E. Chien, P. Szor, "Blended Attacks: Exploits, Vulnerabilities, and Buffer-Overflow Techniques in Computer Viruses", Virus Bulletin Conference 2002, p. 1-35. paper

10/10 NO CLASS

10/12 Host vulnerabilities
Group #5 (Steve) slides

S. Chen, J. Xu, E. Sezer, P. Gauriar, R. Iyer, "Non-Control-Data Attacks are Realistic Threats", USENIX Security 2005, paper

Group #6 (Khanh) slides

H. Chen, D. Dean and D. Wagner. "Model Checking One Million Lines of C Code". NDSS 2004. paper

10/17 Network vulnerabilities
Group #7 (Gabe) slides

J. Walker, "IEEE 802.11 Wireless LANs Unsafe at any key size; An analysis of the WEP encapsulation", paper | local copy
N. Borisov, I. Goldberg, and D. Wagner. "Intercepting mobile communications: The insecurity of 802.11", in Proceedings of MOBICOM 2001. paper

Group #8 (David) slides

J. Bellardo and S. Savage, 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions, USENIX Security Symposium 2003. paper | local copy

10/19 NO CLASS

10/24 Network vulnerabilities
Group #9 (Khanh) slides

C. Schuba, I. Krsul, M. Kuhn, E. Spafford, A. Sundaram, D. Zamboni, "Analysis of a Denial of Service Attack on TCP" paper | local copy
D. Bernstein, "SYN cookies", link

Group #10 (Steve) slides

C. Schuba, "Addressing Weaknesses in the Domain Name System Protocol", MS Thesis, Aug. 1993 paper
J. Stewart, "DNS Cache Poisoning - The Next Generation", SecurityFocus Jan. 2003 paper | local copy

10/26 Network vulnerabilities
Group #11 (Jesus) slides

K. Fu, E. Sit, K. Smith, and N. Feamster. Dos and don'ts of client authentication on the web. In Proceedings of the 10th USENIX Security Symposium 2001. paper | local copy

Group #12 (Wu) slides

T. Ptacek, T. Newsham, "Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection" paper

10/31 Population diversity
Group #13 (Gabe) slides

F. Cohen, ``Operating Systems Protection Through Program Evolution'', IFIP-TC11 `Computers and Security' (1994), paper

Group #14 (Wu) slides

S. Forrest, A. Somayaji, and D. Ackley. "Building Diverse Computer Systems", HotOS (1997). paper
PaX Team, "Documentation for the PaX project", link
A. van de Ven, "New Security Enhancements in Red Hat Enterprise Linux v. 3, update 3", paper

11/2 Population diversity
Group #15 (David) slides

G. Kc, A. Keromytis, and V. Prevelakis. "Countering Code-Injection Attacks With Instruction-Set Randomization" 10th ACM International Conference on Computer and Communications Security (CCS), pp. 272 - 280. October 2003. paper
E. Barrantes, D. Ackley, S. Forrest, T. Palmer, D. Stefanovic and D. Zovi. "Randomized instruction set emulation to disrupt binary code injection attacks". 10th ACM International Conference on Computer and Communications Security (CCS), pp. 272 - 280. October 2003. paper

Group #16 (Khanh) slides

S. Antonatos, P. Akritidis, E. Markatos, K. Anagnostakis, "Defending Against Hitlist Worms Using Network Address Space Randomization", WORM 2005, paper.

11/7 Population diversity, Immune systems
Group #17 (Steve) slides

P. Szor, P. Ferrie, "Hunting for Metamorphic", Virus Bulletin Conference 2001, p. 123. paper

Group #18 (Jesus) slides

A. Somayaji, S. Hofmeyr and S. Forrest. "Principles of a Computer Immune System". 1997 New Security Paradigms Workshop. paper | local copy

11/9 Epidemiology
Group #19 (Wu) slides

D. Moore, C. Shannon, k. claffy, "Code-Red: A Case Study on the Spread and Victims of an Internet Worm", IMW 2002, paper

Group #20 (Gabe) slides

Z. Chen, L. Gao, K. Kwiat, "Modeling the Spread of Active Worms", INFOCOM 2003, paper
M. Garetto, W. Gong, D. Towsley, "Modeling Malware Spreading Dynamics", INFOCOM 2003, paper

11/14 Worms
Group #21 (Steve) slides

B. Madhusudan, J. Lockwood, "Design of a System for Real-Time Worm Detection" IEEE Hot Interconnects, August, 2004, pp. 77-83. paper

Group #22 (David) slides #1 slides #2

N. Weaver, S. Staniford, V. Paxson. Very Fast Containment of Scanning Worms. USENIX Security 2004. paper
J. Mirkovic, G. Prier and P. Reiher, "Attacking DDoS at the Source", paper

11/16 Worms
Group #23 (Jesus) slides

S. Staniford, V. Paxson, N. Weaver, "How to 0wn the Internet on Your Spare Time", USENIX Security Symposium 2002. paper
N. Weaver, V. Paxson, "A Worst-Case Worm", WEIS 2004 paper

Group #24 (Khanh) slides

J. Ma, G. Voelker, S. Savage, "Self-Stopping Worms", WORM 2005, paper
Z. Chen, C. Ji, "A Self-Learning Worm Using Importance Scanning", WORM 2005, paper

11/21 DDoS prevention
Group #25 (Wu) slides

W. Feng, E. Kaiser, W. Feng, A. Luu, "The Design and Implementation of Network Puzzles", INFOCOM 2005, paper

Group #26 (Steve) slides

A. Stavrou, D. Cook, W. Morein, A. Keromytis, V. Misra, D. Rubenstein, "WebSOS: An Overlay-based System for Protecting Web Servers from Denial of Service Attacks", paper.
D. Anderson, "Mayday: Distributed Filtering for Internet Services", USITS 2003, paper

11/23
TBD

11/28
Group #27 (David) slides

S. Savage, D. Wetherall, A. Karlin, T. Anderson, "Practical Network Support for IP Traceback" SIGCOMM 2000 paper

Group #28 (Jesus) slides

D. Sterne, K. Djahandari, B. Wilson, B. Babson, D. Schnackenberg, H. Holliday, T. Reid, "Automatic Response to Distributed Denial of Service Attacks" paper

11/30
Group #29 (Khanh) slides

M. Christodorescu, S. Jha. "Testing Malware Detectors" ISTA 2004. paper

Group #30 (Gabe) slides

M. Smart, G. Malan, F. Jahanian, "Defeating TCP/IP Stack Fingerprinting", USENIX Security 2000. paper