CSE 409 Fall 2015. System Security

Lecturer: Rob Johnson
Time: TuTh 10:00-11:20am
Classroom: 2311 Old Computer Science Building
Office Hours: Tu 11:30am-2pm, 368 New Computer Science Building
Home page: http://www.cs.sunysb.edu/~rob/teaching/cse409-fa15/



This class will cover the major concepts in computer security. We will focus primarily on securing a single host, although network security issues will be covered whenever they are relevant. The course material will be loosely organized around the central idea that new security mechanisms are developed to support finer-grained sharing.


Requirements and Grading

Subject to tweaks throughout the semester.


There is no course textbook. You may review notes taken by students in previous years by visiting the course webpages linked from my home page. The following books may also serve as useful references:

Lecture Schedule

Topic/Reading assignment
8/25 Security basics: goals, threat models, transitive trust
8/27 Hardware foundations: privileged mode, virtual memory
9/1 No class: Labor Day
9/3 Hardware foundations, continued
Access control: Access Control Matrices, MAC vs. DAC,
9/8 Access control, continued: HRU model, Bell-Lapadula, Biba
9/10 OS security models: Unix, Windows, setuid programs
9/15 OS security models: Android, OS-level capabilities
9/17 Language-level capabilities
9/22 Software security: classic stack buffer overflows
9/24 Software security: return-to-libc and return-oriented programming
9/29 Software security: format-string bugs
10/1 Software security: format-string bugs
10/6 Software security: annotation-less compiler defenses
10/8 Software security: annotation-based compiler defenses
10/13 Software security: Heap-based attacks
10/15 Intrusion detection systems and mimicry attacks
10/20 Privilege separation
10/22 Untrusted programs and sandboxing
10/27 Untrusted plugins and Google Native Client
10/29 Midterm exam
11/3 TBD
11/5 TBD
11/10 Trustworthy computing
11/12 When applications don't trust the environment (e.g. OS)
11/17 Authentication
11/19 Usability and Security
11/24 Data remanence
11/26 No classes. Thanksgiving break.
12/1 Side channel attacks
12/3 Economics and Security
12/11 Final Exam: 11:15-1:45

Note: If you have a physical, psychological, medical or learning disability that may impact on your ability to carry out assigned course work, please contact the staff in the Disabled Student Services office (DSS), Room 133, Humanities, 632-6748v/TDD. DSS will review your concerns and determine with you what accommodations are necessary and appropriate. All information and documentation of disability are confidential.

Note: Each student must pursue his or her academic goals honestly and be personally accountable for all submitted work. Representing another person's work as your own is always wrong. Any suspected instance of academic dishonesty will be reported to the Academic Judiciary. For more comprehensive information on academic integrity, including categories of academic dishonesty, please refer to the academic judiciary website at http://www.stonybrook.edu/uaa/academicjudiciary/.