18-732 Spring 2015 Schedule
(Subject to change)
date topic inst. reading notes
13 Jan Introduction [pdf]   CMU Computing Policy
CMU Policy on Cheating
15 Jan System model: Source code to execution [pdf]      
20 Jan Attacks: Buffer overflows, format-string vulnerabilities, and other attacks [pdf]   [Cowan+03, blexim02, teso01]
Optional: [AlephOne, Erlingsson07]
assignment 1 out
22 Jan Basic building blocks: separation, memory protection [pdf]   [Saltzer+75]
Optional: [Wahbe+94]
27 Jan Basic building blocks: VMs, Java sandboxing [pdf] LBSV [MR99] Optional: [GM03]  
29 Jan Isolation and confinement in Android      
3 Feb Control-flow integrity   [Abadi+09]  
5 Feb Run-time enforcement: enforceable properties YM [Schneider00] assignment 1 due
10 Feb exam 1      
12 Feb Web attacks LBSV [Jim+07] assignment 2 out
17 Feb Web defenses: Native client, app isolation   [Ansel+11, Chen+11, Yee+09]  
19 Feb Crypto overview; software security architectures: Trusted Computing   [Parno+10, Sailer+04]  
24 Feb Software security architectures: Trusted Computing + policy   [McCun+08]
Optional: [McCun+10]
assignment 2 due
26 Feb Static analysis: C programs   [Bessey+10, Engler+00]  
3 Mar Dynamic analysis   [Godef+05, Cadar+06] assignment 3 out
5 Mar Software model checking   [Clarke+04, Vasudevan+13]  
10 Mar spring break      
12 Mar spring break      
17 Mar Software model checking BU   assignment 3 due
19 Mar Software analysis in practice   [BGM13]  
24 Mar exam 2      
26 Mar Building verifiable systems: seL4, browsers   [K+09, JTL12] assignment 4 out
31 Mar Usability in software security      
2 Apr Security and usability      
7 Apr Language-based security: type systems     assignment 4 due
9 Apr Language-based security: noninterference   [Ryan01, Volpano+96, Denning+77]  
14 Apr Dynamic taint analysis   Optional: [Enck+10] assignment 5 out
16 Apr no class; spring carnival weekend      
21 Apr Language-based security: security-typed languages      
23 Apr Language-based security: typed assembly language   [M+99]  
28 Apr wrap up + review     assignment 5 due
30 Apr exam 3      
Unless otherwise marked, lectures will be delivered by Lujo Bauer and will be taught from Pittsburgh.
LBSV = Lujo @ SV campus; YM = Yannis Mallios; BU = Blase Ur
[AlephOne] Aleph One. Smashing the stack for fun and profit. Phrack, Vol. 7 Issue 49.
[blexim02] blexim. Basic integer overflows. Phrack, Num. 60, Dec. 2002 (Sections 1-3)
[Cowan+03] C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. Buffer overflows: Attacks and defenses for the vulnerability of the decade. In Proc. Foundations of Intrusion Tolerant Systems, 2003.
[Erling07] . Erlingsson. Low-Level software security: Attacks and defenses. FOSAD 2007: 92-134
[GR03] T. Garfinkel and M. Rosenblum. A virtual machine introspection based architecture for intrusion detection. In Proc. NDSS, 2003.
[MF99] G. McGraw and E. W. Felten. Securing Java. John Whiley and Sons, 1999. (Chapter 3)
[Saltz+75] J. H. Saltzer and M. D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE. Vol. 63, Issue 9, 1975.
[teso01] team teso. Exploiting format string vulnerabilities. Sept. 2001. (Sections 1-3)
[Wahbe+94] R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. Efficent software-based fault isolation. In Proc. SOSP, 1994.