System security notes (CSE409, Fall 2011)

Lecture notes from CSE409 System Security, taught by Prof. Rob Johnson.

• Security basics: goals, threat models, the attacker, design principles, transitive trust
• Hardware foundations of security: privileged mode, interrupts, virtual memory, stack overflow
• Access control: UNIX permissions, Windows permissions
• More access control: Windows ACLs, access control matrices, discretionary access control (DAC), mandatory access control (MAC), Bell-LaPadula, Biba model for integrity, role-based access control (RBAC)
• Android security: Android architecture / IPC / permissions / activities / capabilities
• Low level programming bugs: buffer overflow, return-to-libc attacks, return-oriented programming (ROP)
• Format string attacks
• Preventing buffer overflows: example of attacks, address space layout randomization (ASLR), non-executable stack, canary stack protector
• More low level programming bugs: format string attack example, integer overflow, double free
• OS level bugs: user-id management, setuid programs, file system races,
• Web security: goals, SQL injections, cross-side scripting bugs (XSS), cookies, same-origin policy
• More web security: cross-side scripting bugs (XSS), content-sniffing attacks
• Cross-site request forgeries (CSRF): forced browsing, mashups
• Mashup security:same-origini policy, iframes, HTML5 postMessage
• Principles of secure system design: economy of mechanism, failsafe defaults, least privilege, least shared mechanism, complete mediation
• More principles of secure design, sandboxing and intrusion detection: separation of privilege, open design, psychological acceptability, mimicry attacks
• Google's Native Client: sandboxing browser plugins
• Model checking: static analysis, fuzzing, fault injection
• Type qualifiers for security: taint checking, runtime integer overflow checker (RICH), safe typed pointers with CCured, fat pointers
• Buffer overflow defenses: fat pointers, Deputy
• Compiler based defenses for buffer overflows: Jones and Kelly bounds checking, CQual, run-time taint tracking
• High-level security design flaws: more on runtime taint tracking, side-channels (timing, power, light, heat, cache state), RSA timing attacks, data remanance attacks,
• Authentication: factors of authentication, passwords, biometrics, iris biometrics, error-correcting codes (ECC), bluetooth proximity based authentication
• Trusted computing: digital signatures, Trusted Platform Module (TPM) chip, Flicker / SKINIT
• More trusted computing and security usability issues: sealed storage, security usability, phishing, sitekey, condition safe ceremonies
• Phorcefield
• Incentives in security: egress-filtering