Fall 2012: 0x1A Great Papers in Computer Security (53135)

Lectures

Tue and Thu: 2-3:15pm
PAI 3.14

Instructor

Vitaly Shmatikov
Email: shmat AT cs
Office: CSA 1.114
Phone: 471-9530
Office hours: Tue 3:30-4:30pm

TA

Martin Georgiev
Email: georgiev AT cs
Office: PAI 5.33, desk #1
Office hours: Wed 1:30-3pm

Projects

Proposals. Project proposals are due September 20. A proposal should be 2-3 pages long and include the following:

• Names of team members (at most 2 students per team).
• Description of the system or network protocol that you are planning to analyze or implement, or the tool that you will be building or extending.
• Description of the security properties you intend to investigate.
• Tools and/or analysis techniques you are planning to use.
• Clear description of project deliverables. Possible deliverables are a software prototype, a substantial case study, or, in the case of a purely theoretical study, proofs (manual or machine-assisted).

Evaluation. At the end of the project, each team should produce a workshop-quality 10-page paper with novel research results.

Project ideas. These are only suggestions. You are encouraged to propose your own topic. Some sample projects from previous years can be found below.

Implement a software protection method

Design and implement a prototype of a new tool for (1) preventing or containing execution of malicious code, or (2) finding security vulnerabilities in existing programs. Evaluate its usefulness against various attacks. Examples:

• Develop a method for automatically finding errors in Web applications' security logic.
• Implement a novel containment mechanism and/or reference monitor for untrusted applications. Possibilities include virtual machines, privilege separation, run-time sandboxes that restrict usage of system resources, etc.
• Build a tool for verifying whether the observed behavior of a program, security library, or network protocol complies with its specification.
• Design a method for verifying whether Android APIs correctly check applications' permissions.
• Investigate whether aggressive compiler optimizations can unintentionally introduce memory corruption vulnerabilities into compiled code.

Design a secure software system

You have a lot of freedom to choose your system, but your proposal must be very specific about the project's goals and deliverables.

• Build a system for preventing uninintended information flows between guest OSes in a hypervisor.
• Analyze security requirements of attached network storage and propose a practical method for achieving these requirements.
• Design a new distributed application that takes advantage of tamper-proof "trusted computing" hardware.
• Define what HTTP security means and implement a network filter for securing HTTP communications.
• Design a practical logging system to support secure audit and forensic analysis.
• Add security and privacy protections to a realistic RFID application.
• Implement a tool for inferring the global "security perimeter" of the network from the local policies of firewalls, intrusion detection systems, and so on.
• Design a defense against distributed denial of service attacks staged by zombie "botnets" that does not require any modifications to the existing TCP/IP clients and servers.

Design and/or investigate a privacy protection system

Choose an existing or proposed privacy-enhancing system and rigorously analyze its strengths and/or weaknesses. You may also propose and implement a new tool for protecting privacy. Examples:

• Develop an enforcement mechanism for enterprise privacy policies based on decentralized information flow control.
• Study privacy aspects of some networked consumer device: for example, Kinect or Up by Jawbone.
• Build a system for privacy-preserving Web browsing that would be secure against timing attacks.
• Investigate a popular network protocol from a privacy perspective and design a new, privacy-preserving version.
• Investigate algorithmic aspects (decidability, complexity, etc.) of some legally mandated privacy policy. For example, what does it take to enforce HIPAA for medical data, or Gramm-Leach-Bliley for financial data?

Analyze a secure network protocol

Using a formal verification tool or manual analysis, either prove a network protocol secure or discover security flaws. Examples of protocols (ask the instructor for specific references):

• Dissent anonymous messaging
• Protocols for accessing cloud services such as Amazon EC2
• Cross-origin authentication in Web applications
• Secure voice-over-IP protocols (for example, Skype)
• 802.11i wireless security
• Secure multicast and group key management
• Authentication in Bluetooth
• Secure location verification for mobile devices
• Secure routing in ad-hoc networks

Examples of protocol analysis tools: ProVerif; Murphi; AVISPA; Constraint solver (see also CoProVe); MOCHA.

Analyze a software system

Analyze a substantial program or suite of programs. Your objective is to re-discover known vulnerabilities or try to find new ones. Look for both design and implementation vulnerabilities. I suggest choosing a popular open-source program from, for example, SourceForge. Pick a program that you find interesting and would like to learn more about.

I recommend using an analysis tool to start. Sample tools include MOPS, Cqual, flawfinder, and Splint. Feel free to use a tool not from the list, or even develop your own tool. If you use an existing tool, your report should include a detailed evaluation of its strengths and weaknesses.

Do a theoretical study

Examples:

• Develop a cryptographic proof of security for a network protocol such as TLS, IKE, or Kerberos.
• Apply algorithmic techniques for efficient analysis of large datastreams to the detection of distributed botnet activity.
• Design and analyze a privacy-preserving version of some common distributed protocol.

Talk to the instructor if you are interested in a more theoretical project.

Sample projects from past years

• A static analysis tool for finding cross-site scripting vulnerabilities in Django applications.
• A virtual environment for safely extracting shellcodes from malware and determining their function.
• Fine-grained security permissions for Android applications.
• Securing information flow in a concurrent programming language.
• A new linguistic model for password guessing.
• Modeling and verification of the Internet Key Exchange protocol with ACL2.
• Formal analysis of authentication in Bluetooth device pairing.
• Dynamic enforcement of control-flow integrity in Web applications.
• Sandboxing untrusted code using system transactions.
• Privacy-preserving graph algorithms.
• Secure checking of mobile devices' locations.
• Formal analysis of network denial of service.
• An authentication system based on semantic features of images.
• A new kernel rootkit for FreeBSD.
• Security analysis of an open-source voice-over-IP PBX (private branch exchange).
• A program analysis tool for finding denial-of-service vulnerabilities in Web applications.
• Security analysis of an open-source game engine.