CS 576

CS 576: Advanced Security Seminar (Spring 2005)

This course is an advanced research seminar course covering contemporary security papers.

Instructor:

Wu-chang Feng (wuchang at cs dot pdx dot edu)
Office hours: Mondays and Wednesdays 11:15am-12:15pm
Office location: Fourth Avenue Building (PDC tower) Suite 310, Room 14 (map)
Web site: http://www.thefengs.com/wuchang/work/courses/cs576_spring2005

Location and Time:

Mondays and Wednesdays, 10:00am-11:15am
Fourth Avenue Building (FAB), Room 150 (map)

Format:

One person in the class will be responsible for each primary paper. Papers will be assigned during the first day of class. The person who is assigned a paper will...

Read the paper
Do a short 30 minute slide presentation in class summarizing the paper (20 slide maximum!!!)

What were the main contributions of the work?

What were the advantages and disadvantages of the approach?
How does it compare to the work described in the related papers?
What are potential avenues for further work and improvements?

E-mail the instructor

copy of your slide presentation
a local copy of the paper(s) covered

Grading:

Grades will be based on class presentations and attendance only.

Paper schedule:

The paper schedule will be filled out based on selections made in class from the following paper list. Primary papers which everyone in the class is required to read are in bold

3/28 Introduction

Course information

Review format and syllabus
Paper selection
Reading assignment.... paper

3/30 Host vulnerabilities
Paper #1 (Wu): Aleph One, "Smashing the Stack for Fun and Profit", paper | slides
Paper #2 (Wu): C. Cowan, C. Pu, D. Maier, H. Hinton, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, "StackGuard: Automatic Detection and Prevention of Buffer-Overflow Attacks", USENIX Security Symposium 1998. paper
Paper #3 (Josh): Solar Designer, "Getting around non-executable stack (and fix)", Aug. 1997. link | slides
Paper #4 (Jeff): C. Cowan, M. Barringer, S. Beattie, G. Kroah-Hartman, "FormatGuard: Automatic Protection from printf Format String Vulnerabilities", USENIX Security Symposium 2001. paper | slides | examples

4/6 Class cancelled

4/13 Host and network vulnerabilities
Paper #5 (Wu) : M. Bishop and M. Dilger, "Checking for Race Conditions in File Accesses," Computing Systems 9 (2) pp. 131-152 (Spring 1996). paper | slides
Paper #6 (Wu) : C. Cowan, S. Beattie, C. Wright, G. Kroah-Hartman "RaceGuard: Kernel Protection From Temporary File Race Vulnerabilities", USENIX Security Symposium 2001. paper | slides
Paper #7 : (Josh) K. Fu, E. Sit, K. Smith, and N. Feamster. Dos and don'ts of client authentication on the web. In Proceedings of the 10th USENIX Security Symposium 2001. paper | slides
Paper #8 (Jeff) : J. Walker, "IEEE 802.11 Wireless LANs Unsafe at any key size; An analysis of the WEP encapsulation", paper | slides

4/20 Network vulnerabilities
Paper #9 (Jeff) : C. Cowan, S. Arnold, S. Beattie, C. Wright, J. Viega, "Defcon Capture the Flag: Defending Vulnerable Code from Intense Attack". DARPA DISCEX III Conference 2003. paper | slides

Paper #10 (Wu) : C. Schuba, I. Krsul, M. Kuhn, E. Spafford, A. Sundaram, D. Zamboni, "Analysis of a Denial of Service Attack on TCP", IEEE Symposium on Security and Privacy 1997. paper | slides #1 | slides #2

D. Bernstein, "SYN cookies", link
D. Kaminsky, "scanrand: Paketto 1.0", 2002. link #1 | link #2

Paper #11 (Josh) : S. Bellovin, "Security Problems in the TCP/IP Protocol Suite" paper | slides

R. Morris, "A Weakness in the 4.2BSD Unix TCP/IP Software" paper

4/27 Network vulnerabilities
Paper #12 (Wu) : Michal Zalewski, "Strange Attractors and TCP/IP Sequence Number Analysis", link #1 | link #2 | slides

P. Watson, "Slipping in the Window: TCP Reset Attacks", paper | slides
S. Bellovin, "Defending against sequence number attacks", RFC 1948 link
A. Heffernan, "Protection of BGP Sessions via the TCP MD5 Signature Option", RFC 2385, Aug. 1998. link

Paper #13 (Josh): J. Stewart, "DNS Cache Poisoning - The Next Generation", SecurityFocus Jan. 2003 paper | slides

C. Schuba, "Addressing Weaknesses in the Domain Name System Protocol", MS Thesis, Aug. 1993 paper

Paper #14 (Jeff): V. Paxson, "An Analysis of Using Reflectors for Distributed Denial-of-Service Attacks", CCR vol. 31, no. 3, July 2001. paper | slides

5/4 Applying Biology to Security
Paper #15 (Wu) : F. Cohen, ``Operating Systems Protection Through Program Evolution'', IFIP-TC11 `Computers and Security' (1994), paper | slides
Paper #16 (Jeff) : S. Forrest, A. Somayaji, and D. Ackley. "Building Diverse Computer Systems", HotOS (1997). paper | slides
Paper #17 (Josh): P. Szor, P. Ferrie, "Hunting for Metamorphic", Virus Bulletin Conference 2001, p. 123. paper | slides

5/11 DDoS
Paper #18 (Wu) : S. Savage, D. Wetherall, A. Karlin, T. Anderson, "Practical Network Support for IP Traceback" SIGCOMM 2000 paper | slides

A. Snoeren, C. Partridge, L. Sanchez, C. Jones, F. Tchakountio, S. Kent, W. Strayer, "Hash-Based IP Traceback" SIGCOMM 2001 paper

Paper #19 (Jeff) : A. Mankin, D. Massey, C. Wu, S. Wu, L. Zhang, "On Design and Evaluation of "Intention-Driven" ICMP Traceback" paper | slides

S. Bellovin, M. Leech, T. Taylor, "ICMP Traceback Messages" paper

Paper #20 (Josh) : R. Stone, "CenterTrack: An IP Overlay Network for Tracking DoS Floods" USENIX Security Symposium 2000 paper | slides

5/18 DDoS (class will move to Shattuck Room 211 at 4pm with CS 410/510 Distributed Computing Systems)
Paper #21 (Josh) : M. Smart, G. Malan, F. Jahanian, "Defeating TCP/IP Stack Fingerprinting", USENIX Security 2000. paper | slides

Fyodor, "Remote OS detection via TCP/IP Stack Fingerprinting", Oct. 1998. link

Paper #22 (Jeff) : D. Moore, C. Shannon, k. claffy, "Code-Red: A Case Study on the Spread and Victims of an Internet Worm", IMW 2002, paper | slides
Paper #23 (Wu) W. Feng, E. Kaiser, W. Feng, A. Luu, "The Design and Implementation of Network Puzzles", INFOCOM 2005, paper | slides

5/25 DDoS
Paper #24 (Wu) : D. Adkins, K. Lakshminarayanan, A. Perrig, I. Stoica, "Taming IP Packet Flooding Attacks", HotNets II, paper | slides

M. Handley, A. Greenhalgh, "Steps Towards a DoS-resistant Internet Architecture", ACM SIGCOMM FDNA 2004 paper

Paper #25 (Jeff) : H. Jamjoom, K. Shin, "Persistent Dropping: An Efficient Control of Traffic Aggregates", ACM SIGCOMM 2003 paper | slides
Paper #26 (Josh) : C. Kreibich, J. Crowcroft, "Honeycomb - Creating Intrusion Detection Signatures Using Honeypots" paper | slides

6/1 Fingerprinting
Paper #27 (Wu) : A. Goel, K. Po, K. Farhadi, W. Feng, "Reconstructing System State for Intrusion Analysis", (see files section of pdx-cs576 for paper and slides)
Paper #28 (Jeff) : V. Pai, L. Wang, K. Park, R. Pang, L. Peterson, "The Dark Side of the Web: An Open Proxy's View" paper | slides
Paper #29 (Josh) : N. Weaver, S. Staniford, V. Paxson. Very Fast Containment of Scanning Worms. USENIX Security 2004. paper | slides