**CSE 127: Computer Security**
[*Deian Stefan*](https://cseweb.ucsd.edu/~dstefan/)
**The online, bad-haircut version**
About
==============================================================
This course focuses on computer security, covering a wide range of topics on
both the _defensive_ and _offensive_ side of this field. Among these will be
systems security and exploitation (e.g., buffer overflows and return-oriented
programming), sandboxing and isolation, covert channels, network security,
language-based security, cryptography, privacy and anonymity. The goal of the
course is to provide an appreciation of how to think adversarially with respect
to computer systems as well as an appreciation of how to reason about attacks
and defenses.
To complete the projects in this course, you will need to be able to write code
in C and (some) C++, and have some understanding of x86 assembly, JavaScript,
PHP and SQL. We will not teach these in lecture; you are expected to learn them
on your own or ask for help in section or office hours. If you don't know C,
K&R's [The C Programming
Language](https://en.wikipedia.org/wiki/The_C_Programming_Language) is a go to,
but the [Hacking](https://nostarch.com/hacking2.htm) book is probably enough
and covers x86 assembly and many of the topics in this class.
Class details
==============================================================
Lectures:
: Monday and Wednesday, 5:00--6:20 PM PDT
Staff:
: **Instructor**: Deian Stefan
: **Teaching Assistants**: Sunjay Cauligi, Evan Johnson, Sam Liu, and Kevin Yu
Section:
: Monday, 11:00-11:50 AM PDT
Office hours:
: **Evan**: Monday, 7:00-8:00 PM PDT
: **Sam**: Tuesday, 1:00-2:00 PM PDT
: **Kevin**: Wednesday, 10:00-11 AM PDT
: **Sunjay**: Thursday, 7:00-8:00 PM PDT
: **Deian**: Friday, 9:00-10:00 AM PDT
Web tools:
: [Piazza](https://piazza.com/ucsd/fall2020/cse127) for all communication.
([Configure your piazza privacy settings](https://piazza.com/myprofile).)
: [Gradescope](https://www.gradescope.com/courses/195955) (entry code: KY5K8Z) for assignments and exam.
: [Zoom (via Canvas)](https://canvas.ucsd.edu/courses/18853) for lecture, section, and all office hours.
Calendar and readings
==============================================================
Mon Oct 5 2020: Introduction
- [*Slides*](slides/1-introduction.pdf)
- *Read*: [This World of Ours](https://www.usenix.org/system/files/1401_08-12_mickens.pdf) by James Mickens
- *Watch*: [USENIX Security 2018 Keynote](https://www.usenix.org/conference/usenixsecurity18/presentation/mickens) by James Mickens
Tue Oct 6 2020: [PA1: GDB + x86](pa/pa1.html)
- *Early turn-in:* Monday, October 12, 2020 by 23:59:59 PDT (10% bonus)
- *Hard deadline:* Wednesday, October 14, 2020 by 23:59:59 PDT
Wed Oct 7 2020: Buffer overflow attacks
- [*Slides*](slides/2-bufferoverflows.pdf)
- [*GDB buffer overflow notes*](notes/bufferoverflow.html)
- *Read*: [Smashing the Stack for Fun and Profit](http://phrack.org/issues/49/14.html#article) by Aleph One
- *Optional:* 0x300-0x320 from [Hacking](https://nostarch.com/hacking2.htm). 0x200-0x270 if you don't have a strong C background.
- *Resources mentioned in class:* [Project Zero exploits](https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-1-introduction-to-qmage.html), [finger daemon](https://minnie.tuhs.org/cgi-bin/utree.pl?file=4.3BSD/usr/src/etc/fingerd.c), [GEF](https://gef.readthedocs.io/en/master/), [Compiler explorer](https://godbolt.org/z/3iFhjy)
Mon Oct 12 2020: Buffer overflow defenses
- [*Slides*](slides/3-lowlevelmitigations.pdf)
- *Read*: [ASLR](https://pax.grsecurity.net/docs/aslr.txt) and [NOEXEC](https://pax.grsecurity.net/docs/noexec.txt)
Tue Oct 13 2020: [PA2: Buffer overflows](pa/pa2.html)
Wed Oct 14 2020: Memory (un)safety
- [*Slides*](slides/4-ropcfi.pdf)
- *Read*: [Low-Level Software Security by Example](papers/erlingsson:low.pdf) by Ulfar Erlingsson et al.
- *Optional*: [The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](papers/shacham:rop.pdf) by Hovav Shacham, [Hacking Blind](papers/bittau:brop.pdf) by Andrea Bittau et al., and [Control-Flow Integrity](papers/abadi:cfi.pdf) by Martin Abadi et al.
Mon Oct 19 2020: More memory (un)safety
- [*Slides*](slides/5-heapint.pdf), [*Example code*](notes/heap)
- *Read*: [Understanding glibc malloc](https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/) by sploitfun
- *Optional*: [Advanced Doug lea's malloc exploits](http://phrack.org/issues/61/6.html) by jp, [Automatic Techniques to Systematically Discover New Heap Exploitation Primitives](https://www.usenix.org/conference/usenixsecurity20/presentation/yun) by Insu Yun et al.
Wed Oct 21 2020: Bugfinding
- Co-instructor: [Fraser Brown](https://web.stanford.edu/~mlfbrown/)
- *Read*: [A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World](papers/bessey:a-few.pdf) by Al Bessey et al.
Mon Oct 26 2020: Sandboxing and isolation
- [*Slides*](slides/7-isolation.pdf)
- [*Watch*](https://www.usenix.org/conference/usenixsecurity20/presentation/narayan)
- *Read*: [The Road to Less Trusted Code: Lowering the Barrier to In-process Sandboxing](https://cseweb.ucsd.edu/~dstefan/noindex/login2020/) by Garfinkel et al.
- *Optional*: [Retrofitting Fine Grain Isolation in the Firefox Renderer](https://cseweb.ucsd.edu/~dstefan/pubs/narayan:2020:rlbox.pdf) by Narayan et al.
Tue Oct 27 2020: [PA3: Library sandboxing](pa/pa3.html)
Wed Oct 28 2020: Side channels
- [*Slides*](slides/8-sidechannels.pdf)
- *Read*: [Efficient Cache Attacks on AES, and Countermeasures](papers/tromer:cache.pdf) by Eram Tromer et al.
- *Optional*: [Chapter 19](https://www.cl.cam.ac.uk/~rja14/Papers/SEv3-ch19-7sep.pdf) of Security Engineering
Mon Nov 2 2020: Web intro
- [*Slides*](slides/9-webmodel.pdf)
- *Read*: [CSRF, XSS, SQLi notes](https://cseweb.ucsd.edu/~dstefan/cse127-winter19/notes/lecture13/), php's [SQL Injection](https://www.php.net/manual/en/security.database.sql-injection.php)
Tue Nov 3 2020: [PA4: Side channels](pa/pa4.html)
- Vote (if you can and haven't voted already)
- *Watch*: [USENIX Security 2020 Panel on Voting](https://www.usenix.org/conference/usenixsecurity20/presentation/panel-voting)
Wed Nov 4 2020: Web attacks and defenses
- [*Slides*](slides/10-webattacks.pdf)
- *Read*: [Robust defenses for cross-site request forgery](papers/csrf.pdf) by Adam Barth, Collin Jackson, and John C. Mitchell
Mon Nov 9 2020: Modern client-side web defenses
- [*Slides*](slides/11-webdefenses.pdf)
Tue Nov 10 2020: [PA5: Web security](pa/pa5.html)
Wed Nov 11 2020: No class
Mon Nov 16 2020: Network intro
- [*Slides*](slides/12-networkintro.pdf)
- *Read*: [Security problems in the TCP/IP protocol suite](https://www.cs.columbia.edu/~smb/papers/ipext.pdf) by Steven Bellovin. And [a look back](https://www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf) at this paper.
Tue Nov 17 2020: [PA6: Networking](pa/pa6.html)
Wed Nov 18 2020: Network attacks
- [*Slides*](slides/13-networkattacks.pdf)
- *Read*: [Security problems in the TCP/IP protocol suite](https://www.cs.columbia.edu/~smb/papers/ipext.pdf) by Steven Bellovin. And [a look back](https://www.cs.columbia.edu/~smb/papers/acsac-ipext.pdf) at this paper.
- *Read*: [SAD DNS Explained](https://blog.cloudflare.com/sad-dns-explained/) by Marek VavruĊĦa and Nick Sullivan
Mon Nov 23 2020: Network defenses
- [*Slides*](slides/14-networkdefenses.pdf)
- *Read*: [NAT Slipstreaming](https://samy.pl/slipstream/) by Samy Kamkar
Wed Nov 25 2020: No class
Mon Nov 30 2020: Symmetric-key crypto
- [*Slides*](slides/15-symmetriccrypto.pdf)
- *Read*: [Chapter 5](https://www.cl.cam.ac.uk/~rja14/Papers/SEv3-ch5-7sep.pdf) (skip 5.2.3, 5.2.5, 5.3.4, 5.3.5, 5.4, 5.7, 5.8) of Security Engineering
Tue Dec 1 2020: [PA7: Crypto](pa/pa7.html)
Wed Dec 2 2020: Public-key crypto
- [*Slides*](slides/16-pubkeycrypto.pdf)
- *Read*: Sections 5.2.5, 5.3.4, 5.3.5, 5.7, 5.8 of Security Engineering
- *Read*: [Bleichenbacher's RSA signature forgery based on implementation error](https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/) by Hal Finney
Mon Dec 7 2020: TLS, PKI, and CT
- [*Slides*](slides/17-tls.pdf)
- *Read*: [The Illustrated TLS 1.2 Connection](https://tls.ulfheim.net/) and [TLS 1.3 edition](https://tls13.ulfheim.net/)
Wed Dec 9 2020: Privacy, anonymity, and ethics
- [*Slides*](slides/18-privacy.pdf)
- *Watch*: [Crypto 2020 Invited talk](https://www.youtube.com/watch?v=Ygq9ci0GFhA) by Seny Kamara
- *Read*: [Chapter 26](https://www.cl.cam.ac.uk/~rja14/Papers/SEv3-ch26-7sep.pdf) of Security Engineering
- *Optional*: [Chapter 20](https://www.cl.cam.ac.uk/~rja14/Papers/SEv3-ch20-7sep.pdf) (skip 20.5-20.7) of Security Engineering
Thu Dec 10 2020: [PA8: MicroTLS](pa/pa8.html)
Mon Dec 17 2020: Final exam
Textbook
==============================================================
We will occasionally be assigning readings from Ross Anderson's [Security
Engineering](https://www.cl.cam.ac.uk/~rja14/book.html) and various other
online resources and research papers. We may also assign optional reading from
Jon Erickson's [Hacking: The Art of
Exploitation](https://nostarch.com/hacking2.htm).
Evaluation and grading
==============================================================
Beyond lectures, we will reinforce concepts and explore new ones via
programming assignments, a final exam, and online discussions. Each of these
will be used towards your final grade, as further described below.
Programming assignments (80%)
-----------------------
We will have eight programming assignments. These assignments are meant to both
reinforce your knowledge of the concepts covered in lecture and get you to
think about security in more depth, beyond what is covered lecture.
You are expected to work on the assignments by yourself. You may discuss the
assignments with students from the course---in general--but not any specific
solution. There are no late days, but you will receive an additional 10% if you
turn in your assignment by the early date.
If you consult anything (books, academic papers, internet resources, people)
when working on the assignments, note this in your submission. We encourage
outside learning but expect you to not seek out specific details about a
solution---anything submitted should be considered your own work. Similarly,
you are expected to not publish or otherwise share your solutions at any point
(even after the class is over). If you are unsure about what is allowed,
please ask the course staff.
Exam (15%)
-----------------------
The final exam will be used (1) to revisit core concepts at the end of the
quarter and (2) apply your knowledge in new settings. The final exam will be
open for 24 hours (though it should only take you 1-3 hours). The exam is open
notes and open book. You are allowed to use the web, but not permitted to
collaborate.
Participation (5% + 10% bonus)
-----------------------
We will assign readings with most lectures. You are expected to have a vague
understanding of the concepts that will be discussed in class. This will allow
us to spend the lecture time to solidify your understanding. But we recommend
re-reading after class as well.
Asking and answering questions in lecture, on Piazza, or during office hours
counts towards your class participation. Starting discussions (e.g., around the
readings) online also counts is encouraged!
**Bonus: Lecture notes** We hope to develop written notes that can be used in
future versions of this class. If you summarize lectures into self-contained,
well-written notes you can earn up to 10% extra credit. If you do a very good
job, we will try to hire you after this quarter to continue working on these
notes.
Academic integrity and student conduct
==============================================================
By taking this course, you implicitly agree to abide by the UCSD policies on
[Integrity of
Scholarship](https://senate.ucsd.edu/Operating-Procedures/Senate-Manual/appendices/2)
and [Student Conduct](https://students.ucsd.edu/sponsor/student-conduct/). See
the [Academic Integrity Support for Remote
Learning](https://academicintegrity.ucsd.edu/take-action/covid-19-students.html).
University rules on integrity of scholarship and code of conduct are taken
seriously and will be enforced.
Acknowledgements
==============================================================
The course structure and many of the ideas and slides are influenced or directly from
other courses taught at
Berkeley ([David Wagner](https://people.eecs.berkeley.edu/~daw/) and [Raluca Popa](https://people.eecs.berkeley.edu/~raluca/)),
Oberlin ([Stephen Checkoway](https://checkoway.net/)),
Stanford ([Dan Boneh](https://crypto.stanford.edu/~dabo/), [John Mitchell](https://theory.stanford.edu/people/jcm/), and [Zakir Durumeric](https://zakird.com)),
UT Austin ([Hovav Shacham](https://www.cs.utexas.edu/directory/hovav-shacham)),
UCSD ([Stefan Savage](https://cseweb.ucsd.edu/~savage/), [Nadia Heninger](https://cseweb.ucsd.edu/~nadiah/)) and
UIUC ([Kirill Levchenko](https://klevchen.ece.illinois.edu/)).
If we missed anybody please let us know!