Course description

Lecture notes







CS 380S - Theory and Practice of Secure Systems (54910)

Fall 2009


Proposals. Project proposals are due September 29. A proposal should be 2-3 pages long, and include the following:

  • Names of team members (no more than 2 members per team).
  • Description of the system or network protocol that you are planning to analyze or implement, or the tool that you intend to build or extend.
  • Description of security properties you intend to investigate.
  • Tools and/or analysis techniques you are planning to use.
  • Clear description of project deliverables. Possible deliverables are a software prototype, a substantial case study, or, in the case of a purely theoretical study, proofs (manual or machine-assisted).

Evaluation. At the end of the project, each team should produce a workshop-quality 10-page paper with novel research results.

Project ideas. Some ideas are suggested below, but you may propose your own topic.

Sample projects from past years

  • Static analysis tool for finding cross-site scripting vulnerabilities in Web applications implemented using the Django framework.
  • Formal study of authentication in Bluetooth device pairing.
  • Virtual environment for safely extracting shellcodes from malware and determining their function.
  • Privacy-preserving graph algorithms.
  • Secure checking of mobile devices' locations.
  • Formal analysis of network denial of service.
  • Authentication system based on semantic features of images.
  • New kernel rootkit for FreeBSD.
  • Security analysis of an open-source Voice-over-IP PBX (private branch exchange).
  • Modeling and verification of the Internet Key Exchange protocol with ACL2.
  • Security analysis of an open-source game engine.

Analyze a software system

Analyze a substantial program or suite of programs. Your objective is to verify the presence of known vulnerabilities, or try to find new ones. Look for both design and implementation vulnerabilities. I suggest choosing a popular open-source program from, for example, SourceForge. Pick a program that you find interesting and would like to learn more about.

I recommend using an analysis tool to start. Sample tools include Pixy, MOPS, Cqual, flawfinder, and Splint. Feel free to use a tool not from the list, or even develop your own tool. If you use an existing tool, your report should include a detailed evaluation of its strengths and weaknesses.

Implement a software protection method

Design and implement a prototype of a new tool for preventing or containing execution of malicious code. Evaluate its usefulness against various attacks. Examples:
  • Implement a novel containment mechanism and/or reference monitor for untrusted applications. Possibilities include virtual machines, system transactions, privilege separation, run-time sandboxes that restrict usage of system resources, etc.
    • For example, use system transactions to efficiently implement reference monitors around untrusted processes.
  • Build a tool for detecting when a Web application's behavior deviates from "normal."
  • Create a tool for verifying whether the observed behavior of a program or a network protocol complies with its specification.

Design a secure software system

You have a lot of freedom choosing your system, but your proposal must be very specific about the project's goals and deliverables.
  • Design a defense against distributed denial of service attacks staged by zombie "botnets" that does not require any modifications to the existing TCP/IP clients and servers.
  • Analyze security requirements of attached network storage and propose a practical method for achieving these requirements.
  • Design a practical logging system to support secure audit and forensic analysis.
  • Design a new distributed application that takes advantage of tamper-proof "trusted computing" hardware.
  • Add security and privacy protections to a realistic RFID application.
  • Define what HTTP security means, and implement a network filter for securing HTTP communications.
  • Implement a tool for inferring the global "security perimeter" of the network from the local policies of firewalls, intrusion detection systems, and so on.

Design and/or investigate a privacy protection system

Choose an existing or proposed privacy-enhancing system, and rigorously analyze its strengths and/or weaknesses. You may also propose and implement a new tool for protecting privacy. Examples:
  • Develop an enforcement mechanism for enterprise privacy policies based on decentralized information flow control.
  • Investigate privacy aspects of a popular networking protocol, and design a new, privacy-preserving version.
  • Investigate algorithmic aspects (decidability, complexity, etc.) of some legally mandated privacy policy. For example, what does it take to enforce HIPAA for medical data, or Gramm-Leach-Bliley for financial data?
  • Develop a method for enforcing user accountability in an existing anonymity network such as Tor or JAP.
  • Implement a prototype of a privacy-preserving data mining system, or propose a new privacy-preserving data mining algorithm.

Perform formal analysis of a network protocol

Using a formal verification method to analyze a network protocol for the presence of security flaws.
Examples of protocols (ask instructor for specific references):
  • Secure voice-over-IP protocols (for example, Skype)
  • 802.11i wireless security
  • Secure multicast and group key management
  • Authentication in Bluetooth
  • Secure location verification for mobile devices
  • Secure routing in ad-hoc networks

Examples of protocol analysis tools: ProVerif; Murphi; AVISPA; Constraint solver (see also CoProVe); MOCHA.

Do a theoretical study

  • Develop a cryptographic proof of security for a network protocol such as TLS, IKE, or Kerberos.
  • Apply algorithmic techniques for efficient analysis of large datastreams to the detection of distributed botnet activity.
  • Design and analyze a privacy-preserving version of some common distributed protocol.
Talk to the instructor if you are interested in a more theoretical project.