CSC591S - Operating Systems Security - Fall 2008

Instructor		Xuxian Jiang ()
Classroom		EB2-1226 (5:20-6:35pm, Mon/Wed)
Date Range		August 20, 2008 - December 17, 2008
Office		2254 EB II (Phone: 919-513-7835)
Office Hours		3:20-4:20pm, Mon/Wed or by appointment

Overview

This course covers both fundamentals and advanced topics in operating system (OS) security. It will study OS level mechanisms and policies in investigating and defending against real-world attacks on computer systems, such as self-propagating worms, stealthy rootkits and large-scale botnets. Basic OS security techniques such as authentication, system call monitoring, as well as memory protection will be discussed. Recent advanced techniques such as system-level randomization, hardware/software virtualization, and other hardware features will also be introduced.

A detailed list of course lectures, assignments, and due dates (subject to change as the semester proceeds) will be available here.

Prerequisites

CSC501, or Permission of instructor

Grading (tentative)

The course will be graded on class participation (CP), reading assignments (RA), a programming assignment (PA), a research-oriented course project (PR) and final presentation (FP), as follows: Grade = 10% * CP + 25% * RA + 15% * PA + 30% * PR + 20% * FP. There will be no midterms and no final exam.

The final grade is computed according to the following rules:

A+: >=95%; A: [90%, 95%); A-: [85%, 90%);

B+: [80%, 85%); B: [75%, 80%); B-: [70%, 75%);

C+: [66%, 70%); C: [63%, 66%); C-: [60%, 63%);

D+: [56%, 60%); D: [53%, 56%); D-: [50%, 53%);

F: < 50%.

Textbooks

No textbook is required for this course. We will mostly use research articles, technical reports, and technical specifications on the subject of operating system (OS) security. For your background knowledge on the subject, however, a list of recommended reference books is as follows:

Andrew S. Tanenbaum Modern Operating Systems, 2nd Edition, Prentice Hall PTR, 2001. ISBN 0-130-31358-0
Michael Palmer Guide to Operating Systems Security, Course Technology, 2004. ISBN: 0-619-16040-3
Matt Bishop Computer Security: Art and Science, Addison Wesley, 2003. ISBN 0-201-44099-7
Charles P. Pfleeger and Shari Lawrence Pfleeger Security in Computing, 3rd Edition, Prentice Hall PTR, 2002. ISBN 0-130-35548-8

Course Outline

The course focuses on the study of fundamentals and advanced topics in operating system (OS) security. Most topics will largely be introduced through class readings. Students are required to complete readings before the lecture, as the discussion will be directed by the paper contents.

A rough outline of the class is as follows:

Introduction
1. Operating System (OS)
2. Types of Threats
3. Basic OS Security Mechanisms
An Overview of Malware Threats
1. Malware Taxonomy
2. Viruses
3. Worms
4. Rootkits
Logging, Auditing, and Recovery
1. Log Generation
2. Log Auditing
3. Log-based Recovery
OS-level Memory Protection
1. Review of OS Memory Management
2. NX Bit
3. Randomization
Honeypot and Honeyfarm
1. Honeypot Taxonomy
2. Recent Honeypot Advances
3. Deployment and Liability
Virtualization Technology and Applications
1. Virtualization Taxonomy
2. Security Applications
Special Topic on Worms
Special Topic on Rootkits
1. Rootkit Basics
2. Advanced Rootkit Techniques
3. Rootkit Defense
Special Topic on Botnets

Last modified: Monday, July 27, 11:05:01 EDT 2008