CS 491/591 Introduction to Computer Security - Spring 2019

Instructor Contact

Dr. Charles V. Wright
Office: FAB 120-25
Phone: 503-725-4252
Email: cvwright cs pdx edu (fill in the missing punctuation)
Office Hours: Tue 2:00-4:00pm, or by appointment

Course Information

Time: Tuesdays and Thursdays, 10am-noon
Location: EB 92

For more details, see the full PDF version of the syllabus.

Course Schedule

Date Topics and Readings Homework
Apr 2 Introduction
  • Administrivia
  • Course overview
Program Layout in Memory
  • If you need a refresher on C or x86 assembly language programming, look through Chapter 0x200 in Erickson after class. Follow along with his examples using gdb.
  • Also see Gustavo Duarte's Anatomy of a Program in Memory for another view of the same topic.
Software Vulnerabilities and Exploits - Part 1
  • See also pp. 115-142 in Erickson.
Homework 1

Watch after class:
Apr 4 Software Security
  • Stack Buffer Overflows
  • Code Injection Attacks
Read after class:
Apr 9 Intro to the Virtual Lab Infrastructure
  • Logging into your VM on Google Compute Engine
  • Capturing your first flag
Stack-based Defenses
  • StackGuard and stack canaries
Read before class:
Apr 11 Software Defenses: Memory Protection
  • Virtual memory review
  • Data Execution Prevention (DEP, aka NX bit or W^X)
Apr 16 Software Defenses: ASLR
  • On the Effectiveness of Address Space Layout Randomization (paper)
Read before class:
Apr 18 More Software Attacks
  • Format string attacks
  • Heap overflow attacks
Homework 2
Homework 3
Apr 23 In-class Exercise: Format String Attacks
Review for Midterm Exam
Apr 25 Intro to Symmetric Cryptography
  • Encryption: Block ciphers and stream ciphers
  • Cryptographic Hash Functions
  • Message Authentication Codes
  • Apr 30 Exam 1: Software Security
    • Vulnerabilities (Stack buffer overflow, Heap overflow, Format string, ...)
    • Exploits (Stack smashing, code injection, return-oriented programming, format string, ...)
    • Mitigations (Stack canaries, ASLR, DEP, code audit, ...)
    May 2 Applying Crypto: Authentication
    • What NOT to do: Don't Store Passwords!
    • Password Hashing Strategies
    May 7 Applying Crypto: File and Disk Encryption
    • Full-disk encryption
    • File-based encryption
    May 9 Public Key Cryptography
    • Public key encryption
    • Digital signatures
    Applying Crypto: Remote Attestation and Verification
    • Trusted Computing
    • Intel SGX
    May 14 Special Topic: Blockchains
    • Hash-based Proof of Work
    • Wallets: Safe storage for private keys
    Practice problems on applied crypto
    May 16 Exam 2: Applied Cryptography
    • Symmetric Crypto: Ciphers, Hash functions, MACs
    • Public key crypto: Encryption and Signatures
    • Applications: Authentication, Storage, Attestation
    May 21 Access Control Basics
    • Lampson's access matrix
    • Access control lists (ACL's)
    • Capability model
    • What Not To Do: Android "Rage Against the Cage" jailbreak
    May 23 Multi-Level Security Policies Homework 4: Password Hashing due June 14th
    May 28 Malicious Self-Propagating Code
    • Viruses
    • Worms
    • Bot Nets and Modern Threat Actors
    May 30 Antivirus and Intrusion Detection
    • Blacklisting: Signature Detection
    • Anomaly Detection
    • Whitelisting
    Jun 4 Review for Exam 3 Lab Day
    • Work on Homeworks 2, 3, 4
    • Grading VM is available! Public IP is Don't worry about the grading VM. Make sure your code works on your own personal VM. Turn in your code and the ("fake") flags from your VM by pushing to your personal Git repo.
    Bonus Homework
    Jun 6 Exam 3: System-Level Security
    • Access Control (ACLs, Capabilities, Unix permissions)
    • Malicious Code (Viruses, Worms, ...)
    • Intrusion Detection & Anitvirus
    Jun 11 NO Final Exam
    • CS 591: Please upload your screencast presentation on mediaspace and share the link with me.