Computer Security, VV 19533, SS 2014
General information on the place and time where the course takes place
can be found in the
Vorlesungsverzeichnis. Beware that the Vorlesungsverzeichnis does not
allow timely updates of information and may be out of date.
The lecturer is Prof. Volker Roth and the teaching assistant is Jan-Ole
Malchow, see also the web pages of the Secure
Identity Research Group.
This course motivates the need for computer security and introduces central
concepts of computer security such as security objectives, threats, threat
analysis, security policy and mechanism, assumptions and trust, and
assurance. We discuss authentication mechanisms, followed by various
security models and show which security related questions can be answered in
these models. The models we discussed include the Access Control Matrix
Model, the Take-Grant Protection Model, the Bell-LaPadula and related
models, the Chinese Wall Model, the Lattice Model of Information
Flow. Subsequently, we cover principles of security architectures and go
through design approaches for secure systems e.g., capability based systems
and hardware protection mechanism concepts such as protection rings. Based
on the learned, we may look at selected case studies of existing systems. In
the remainder of the course, we cover exploitation techniques for specific
implementation vulnerabilities such as race conditions, stack and heap
overflows, integer overflows, and return oriented programming. Optional
topics include a discussion of insider threats, insider recruitment and
social engineering attacks. If time permits, we continue to look at the
problems that arise when humans interface with security e.g., password
habits and password entry mechanisms, human responses to security prompts,
incentives and distractors for better security, or reverse Turing tests.
Knowledge in compiler construction, C, assembler, computer architecture
is a plus. It is expected that particiants do extensive literature research
and read primary sources. Essential reading is ch. 1-11 in  and
ch. 4-5 in  and all cited literature on hacking and
The grade for the course is the grade of the exam. Active participation
requires successful completion of homework assignments and projects and is
graded on a pass / no pass basis. At least 50% of the cumulative score is
required to pass.
Homework assignments and their due dates will be posted below.
The exam will take place on
in Hörsaal 001, Arnimallee 3.
- Thursday July 24, 2014, from 12h - 14h
- Overview, ch. 1-3 of 
- Password use, management and cracking, , ,
, , 
- Password meters, security questions, , 
Access control theory
- State transition security model, ch. 9 of 
- Access control matrix model, ch. 4.7.1-4.7.3 of ,
- Take-grant protection model, ch. 4.7.4 of , ,
- Mandatory access control models, , , ,
- Trojan Horses and Covert Channels, , ,
Introduction to information flow control
- Lattice model of information flow, ch.5.1 of ,
- Execution-based information flow control mechanisms, ch.5.3 of
- Compiler-based information flow control mechanisms, ch.5.4 of
- Program verification with security requirements, ch.5.5-5.6 of
- Hardware protection mechanisms
- Inline reference monitors
Hacking, exploitation and mitigation
- Buffer overflows, 
- Format string vulnerabilities, 
- Heap and integer overflows, , , ,
- Return oriented programming, , 
- TOCTOU attacks, , 
Attacks on humans
- Insider recruitment and coersion
- Social engineering
Morrie Gasser. Building a Secure Computer System. Van Nostrand Reinhold, 1988.
Robling Denning, D. E. 1982, Cryptography and Data Security. Addison-Wesley Longman Publishing Co., Inc.
Oechslin, P. Making a Faster Cryptanalytic Time-Memory Trade-Off. In Proc. CRYPTO 2003.
A. Narayanan, V. Shmatikov. Fast dictionary attacks on passwords using time-space tradeoff. In Proc. CCS 2005.
M.~Weir, S.~Aggarwal, B.~de~Medeiros, and B.~Glodek. Password cracking using probabilistic context-free grammars. In Proc. IEEE Symposium on Security and Privacy, pages 391--405, 2009.
H. Bojinov, E. Bursztein, X. Boyen, and D. Boneh. Kamouflage: Loss-resistant password management. In Proc. ESORICS, pages 286--302, 2010.
A. Juels and R.L. Rivest. Honeywords: Making password-cracking detectable. In Proc. CCS, pages 145--160, 2013.
S. Schechter, A. J. B. Brush, and S. Egelman. It's no secret. measuring the security and reliability of authentication via ``secret'' questions. In Proc. IEEE Symposium on Security and Privacy, pages 375--390, 2009.
B. Ur, P. G. Kelley, S. Komanduri, J. Lee, M. Maass, M. L. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin, and L. F. Cranor. How does your password measure up? the effect of strength meters on password creation. In Proc. USENIX Security Symposium, 2012.
B. Lampson. Protection. Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971. Reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), pp 18-24.
Harrison, M. A., Ruzzo, W. L., and Ullman, J. D. 1976. Protection in operating systems. Commun. ACM 19, 8 (Aug. 1976), 461-471.
Snyder, L. 1981. Formal Models of Capability-Based Protection Systems. IEEE Trans. Comput. 30, 3 (Mar. 1981), 172-181.
Snyder, L. 1977. On the synthesis and analysis of protection systems. Proc. ACM Symposium on Operating Systems Principles (SOSP). pp. 141-150.
David E. Bell and Leonard J. LaPadula, Secure Computer System: Unified Exposition and MULTICS Interpretation, MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA 01730 (Mar. 1976); also ESD-TR-75-306, rev. 1, Electronic Systems Division, Air Force Systems Command, Hanscom Field, Bedford, MA 01731.
David Elliott Bell, Looking Back at the Bell-La Padula Model, Proc. ACSAC, pp.337-351, 2005
Biba, K., Integrity Considerations for Secure Computer Systems, ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA (Apr. 1977) [NTIS ADA039324]
Brewer, D., Nash, M., The Chinese Wall security policy. IEEE Symposium on Security and Privacy, pp. 206-214, Oakland, May 1989
Thompson, K. 1984. Reflections on trusting trust. Commun. ACM 27, 8 (Aug. 1984), 761-763.
Lampson, B. W. 1973. A note on the confinement problem. Commun. ACM 16, 10 (Oct. 1973), 613-615.
Lipner, S. B. 1975. A Comment on the Confinement Problem. ACM Operating Systems Review 9(5):192-196
Denning, D. E. 1976. A lattice model of secure information flow. Commun. ACM 19, 5 (May. 1976), 236-243.
Jones, A. K. and Lipton, R. J. 1975. The enforcement of security policies for computation. In Proceedings of the Fifth ACM Symposium on Operating Systems Principles (Austin, Texas, United States, November 19 - 21, 1975). SOSP '75. ACM, New York, NY, 197-206.
Myers, A. C. 1999. JFlow: practical mostly-static information flow control. Proc. Symposium on Principles of Programming Languages. 1999, 228-241.
Aleph One, 1996. Smashing the stack for fun and profit. Phrack Magazine No. 49, Nov. 1996.
Scut, 2001. Exploiting Format String Vulnerabilities.
Anonymous, 2001. Once upon a free().... Phrack Magazine 57, 9.
Blexim, 2002. Basic Integer Overflows. Phrack Magazine 11, 60.
Mark Dowd, 2008. Application-Specific Attacks: Leveraging the Action Script Virtual Machine. IBM Global Technology Services Whitepaper, April 2008.
Eric Chien, Peter Szor, 2002. Blended Attacks: Exploits, Vulnerabilities and Buffer-Overflow Techniques in Computer Viruses. Virus Bulletin Conference Sep. 2002, New Orleans, USA, 1-35.
Ryan Roemer, Erik Buchanan, Hovav Shacham and Stefan Savage, 2009. Return-Oriented Programming: Systems, Languages, and Applications. In review.
Ralf Hund, Thorsten Holz, Felix C. Freiling, 2009. Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms. Proc. USENIX Security Symposium, 2009.
Dan Tsafrir, Tomer Hertz, David Wagner, Dilma Da Silva, 2008. Portably Solving File TOCTTOU Races with Hardness Amplification. FAST, pp. 189-206.
Xiang Cai, Yuwei Gui, Rob Johnson, 2009. Exploiting Unix File-System Races via Algorithmic Complexity Attacks. IEEE S&P, Oakland, CA, pp.27-41.