Language-Based Security VT14
TDA602/TDA601/DIT103/DIT101 - Språkbaserad datasäkerhet
|
|
- (13/5) A list that maps group numbers to email addresses has been
sent out to the course mailing list. Go ahead and exchange project report drafts with your opposing group by email.
- (13/5) Project presentation schedule is now available (see
below). Note that the presentation time is 10 minutes +
3 minutes for questions.
If your
group is not mentioned below, then you do not need to present the
project. Groups that present one after the other are each
others' "opponents".
- (12/5) Notes
from the course evaluation meeting with student representatives are
now available.
- (6/5) Lecture by Niklas Broberg announced:
Paragon: practical programming with Information Flow Control,
Wednesday, May 14,
1:15pm, ED.
- (15/4) Registration for the OWASP Gothenburg event on Privacy by
Design on Apr 24 is
open.
- (7/4) Slides for lecture 5 have been updated.
- (19/3) Slides for lecture 2 have been updated.
- (18/3) Slides for lecture 1 have been updated.
- (17/3) The student representatives for course evaluation are:
Filip Hesslund (filiphe AT student.chalmers.se),
MPALG: Stefania Crotti (crotti AT student.chalmers.se),
MPCSN: Benjamin Liebe (liebe AT student.chalmers.se),
MPCSN: Shailaja Mallick (shailaja AT student.chalmers.se), and
MPCSN: Boel Nelson (boeln AT student.chalmers.se).
- (17/3)
For the labs and the project, you need to work in
groups of two.
There will be an opportunity for group matching at the break of the
first lecture. If you have difficulties finding a
partner, please
use the discussion
group.
- (17/3)
Course discussion group
is up and running. Discussion of general questions, labs, and
projects is welcome. Helping each other to find answers is
encouraged, but of course without giving away solutions.
- (17/3) For GU students: you need to register on the date of the
course start at GU's course portal.
- (13/3/2014) First lecture: Mon, Mar 17, 10am, EF. For the
schedule of the course, please refer to the plan below
(and not the TimeEdit schedule).
|
General
Lectures, exercises, and deadlines
Assignments (Labs)
Examinations
|
Security specialization (NEW!)
This course is a part of the
Chalmers and
GU Security
Specialization, a package of four courses in computer security.
Why language-based security?
Traditionally, computer security
has been largely enforced at the level of operating systems. However,
operating-system security policies are
low-level (such as access control policies, protecting particular
files), while many attacks are high-level, or application-level (such as
email worms that pass by access controls pretending to be executed on
behalf of a mailer application).
The key to defending against application-level attacks is
application-level security. Because applications are typically
specified and implemented in programming languages, this area is
generally known as language-based security. A direct benefit of
language-based security is the ability to naturally express security
policies and enforcement mechanisms using the developed techniques of
programming languages.
Who should study language-based security?
You should have previously studied a course in programming languages
(and of course basic programming skills are assumed) and basics of
computer security. It is an advantage if you have studied courses
such as semantics of programming languages and compiler construction.
You should be interested in some of the following:
- Obtaining a deeper understanding of programming language-based
concepts for computer security.
- The design and implementation of security mechanisms.
- Computer science research in the area of programming languages
and security.
What will you learn?
After the course, you should be able to apply practical knowledge of security for modern programming languages. This includes the ability to identify application- and language-level security threats, design and argue for application- and language-level security policies, and design and argue for the security, clarity, usability, and efficiency of solutions, as well as implement such solutions in expressive programming languages.
You should be able to demonstrate the critical knowledge of principles behind such application-level attacks as race conditions, buffer overruns, and code injections. You should be able to master the principles behind such language-based protection mechanisms as static security analysis, program transformation, and reference monitoring.
Content
This course combines practical and cutting-edge research material.
For the practical part, the dual perspective of attack vs. protection is threaded through the lectures, laboratory assignments, and projects.
For the cutting-edge research part, the course's particular emphasis is on the use of formal, or semantic, models of program behaviour for specifying and enforcing security properties.
Prerequisites
Knowledge of the material covered in the courses Programming Languages and Computer Security is recommended although not required as a prerequisite.
Instructor and TAs
Instructor: Andrei Sabelfeld, office 5476, voice 1018
(Chalmers).
Teaching
assistants:
Luciano Bello, office 5483, voice 1791; and
Daniel Hausknecht, office 5447, voice 1757.
Course literature
No specific book is used as a course book. The material consists of
hand-outs, papers, etc. However, I recommend the following book
for complimentary reading on the subject:
Lecture schedule and deadlines
The schedule is subject to change. Stay tuned!
Lectures are once or twice a week. They take place at EF at
10am on Mondays, and sometimes at ED at 1:15pm on Wednesdays.
Last year's lecture slides are already on the web, but changes and
updates may be done before the actual lecture. If these updates are
substantial then it will be indicated in the latest news section.
In order to view the slides, you need to be under the .se
domain. Otherwise, let us know your domain - we will include it in
the permission set.
All deadlines are firm.
Date
| Topic
| Reading
|
Mon, Mar 17
| Introduction to language-based security. Overview of the
course.
Slides: here.
|
McGraw and Morrisett, Attacking
Malicious Code: A Report to the Infosec Research
Council, 2000. Sect. I of Saltzer and Schroeder, Protection
of Information in Computer Systems, 1975.
|
Wed, Mar 19
| Information flow security
Slides: here.
| Sabelfeld and Myers, Language-Based
Information-Flow Security, 2003.
Try this
information flow
exercise. See below for exercise supervision time.
Bonus: JSFlow challenge.
|
Mon, Mar 24
| Data races, randomness, and determinism
Slides:
here.
| Savage, Burrows, Nelson, Sobalvarro, and Anderson, Eraser:
A Dynamic Data Race Detector for Multithreaded Programs, 1997.
Rafnsson and Sabelfeld, Secure Multi-Execution: Fine-grained,
Declassification-aware, and Transparent, 2013.
Clark and Hunt, Noninterference
for Deterministic Interactive Programs, 2008.
|
Fri, Mar 28
| Project proposal deadline
|
Mon, Mar 31
| Buffer overruns; Database security; Privacy-violating information
flow in web applications
Slides:
here.
| Aleph One, Smashing
the Stack for Fun and Profit.
Claes Nyberg's slides and tutorial with exercises.
Jang et al, An Empirical Study of Privacy-Violating Information Flows
in JavaScript Web Applications, 2010.
|
Fri, Apr 4
| Eraser lab deadline
|
Mon, Apr 7
| Web-application security
Slides:
here.
|
OWASP
Excess XSS, tutorial by Jakob
Kallin and Irene Lobo Valbuena, from their course project
in 2013
|
Fri, Apr 11
| r00tshell lab deadline
|
Thu, Apr 24
| OWASP
Gothenburg event: Privacy by
Design, 5:30pm, prior signup required: register here.
Venue: TeliaSonera, Johan Willins gata 6.
|
Mon, Apr 28
|
Toward a Science of Security
Invited lecture by Fred Schneider, Cornell University
|
Fri, May 2
| WebAppSec lab deadline
|
Mon, May 5
| Java security, Stack inspection and access
control Certifying compilation; Typed Assembly
Languages, Proof-Carrying Code; Copyright protection and code obfuscation
Slides:
here.
| Wallach, Felten, Understanding
Java Stack Inspection, 1998.
Morrisett, Walker, Crary, Glew,
From System F to Typed Assembly Language, 1999.
|
Mon, May 12
| Design principles for security protocols
| Abadi and Needham, Prudent
Engineering Practice for Cryptographic Protocols, 1995.
|
Wed, Mar 14
| Paragon: practical programming with Information Flow Control
Lecture by Niklas Broberg
|
Paragon tutorial
|
Wed, May 14
| Project draft to opponents
|
Mon, May 19
| Project presentations
Presentation time: 10 minutes + 3 minutes for questions, following the
presentation guidelines. If you are unable to use your laptop
for the presentation, just email your
powerpoint/pdf presentation to me in advance.
The schedule of groups (as in Fire) to present projects is below. If your
group is not mentioned below, then you do not need to present the
project. Groups that present one after the other are each
others' "opponents". For example, groups 1 and 2 oppose each other and
so on.
22: Tools for race detection
13: Security analysis of SystemC
1: Android App Permissions
2: Location Tracking Without Permission in Android
4: Defending against advanced browser scripting attacks using language-based security
32: Detecting web code injection through HTML DOM inspection.
|
Wed, May 21
| Project presentations continued
27: HTML5 and new attack vectors
12: Safe Datastorage/Cryptostorage
3: Secure multi-execution in Python
19: A research paper review in the subjects Inline Reference Monitors, SoftwareFault Isolation, and Program Shepherding
15: Security evaluation of JavaScript
26: Security Evaluation of Fire
|
Fri, May 23
| Project report deadline
|
In order to get up to speed on information flow,
try this information flow challenge.
There
will be a supervision slot for working on this exercise on Wed,
Mar 26, 10am -11:45am, room 3507.
Bonus: JSFlow challenge.
You are expected to find a lab partner, with whom you will do the
assignments (laborations).
If you have difficulties finding a
partner, please
use the
discussion group.
No one-person or three-person groups are allowed unless
there is a well-justified reason and permission from the instructor.
There are three assignments ("laborations") and a project. The lab are
about specific problems whereas projects can be more open-ended (some
ideas for projects are supplied below).
Further information on the lab and project:
As common for advanced courses, there are only a few supervision
times for the labs. The supervision takes place in
room 3507 according to the following schedule:
Eraser:
Wed, Apr 2, 10am - 11:45am;
r00tshell:
Wed, Apr 9, 10am - 11:45am,
and
WebAppSec:
Wed, Apr 30, 10am - 11:45am.
Watch out the latest news for booking a slot during the office hours to
discuss project proposals and projects, respectively.
In case you have passed some of the labs and/or project in previous
years, no need to resumbit the solutions. However, you still need to
submit a short text file for each passed lab/project saying when
(what year) you passed it.
Course requirement and examinations
To pass the course, you must pass the labs and the
exam. In order to pass the exam, you need to make a presentation of
the project in class and pass the requirements on a written
report that documents your project.
Academic integrity and honesty
Students are expected to be familiar with the
Chalmers
policy on academic integrity and honesty, which we strictly
follow. Cheating includes
collaboration between groups and not citing your sources.
URL: http://www.cse.chalmers.se/edu/course/TDA602/