Computer security foundations
1 / 25

Computer Security Foundations - PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Computer Security Foundations. COS 597B Prof David Walker. Welcome!. Computer Security Foundations is for students interested in programming languages and how to apply them to solving systems security problems

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Computer Security Foundations

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Computer Security Foundations

COS 597B

Prof David Walker


  • Computer Security Foundations is for

    • students interested in programming languages and how to apply them to solving systems security problems

    • students interested in systems security problems and how to use programming languages to solve them

Class Style

  • Some lectures given by me on technical topics

  • Some discussions of papers on security

    • class participation is important

  • Occasional 1-page writing assignment summarizing or critiquing a paper

  • You can take this course for software systems competency


  • It will be useful to have some background in logic or language semantics

    • Appel’s theorem proving class

    • Programming languages (COS 510 or 441)

  • If you have never taken such courses I recommend

    • Benjamin Pierce “types and programming languages”

    • Chapters 1-9 (approx 100 pages of fairly easy reading)

  • I will try to fill in background as I go

    • Next Monday, we will have a tutorial on this background material

Topics of Interest: Foundations

  • what is security?

    • safety, liveness, secrecy, authenticity, integrity

  • what principles are available that help us build secure systems?

    • open design, economy of mechanism, minimal trusted computing base, etc

Topics of Interest: Language Mechanisms

  • dynamic program monitoring

    • theory: what kind of properties can we enforce?

    • practice: languages for writing program monitors

  • static program analysis

    • type systems for safe virtual machines

    • enforcing information flow properties

Topics of Interest: Logic and Security

  • specifying security properties logically

    • authentication logics

    • proof-carrying authorization

    • security for distributed logic programs

Topics of Interest:Cryptographic Protocols

  • Specification of cryptographic protocols

    • make assumptions about the power of cryptographic primitives

    • nothing about cryptography itself (see Ed’s course if you are interested in how cryptography works)

    • reasoning about cryptographic protocols using types

Topics of Interest:Current Techniques

  • Java security

    • class loaders, security managers, security policies for Java

    • stack inspection: what is it? How does it work? What kind of security does it really provide?

  • Program analysis and security

    • model checkers: how to analyze one million lines of code for security flaws!

    • language designs: CQual, Vault


  • Taking the course for a grade:

    • course project, final report: approx 50%

    • assignments, project progress reports, pop quizzes, class participation, class presentation: approx 50%

  • Not taking the course for grade:

    • reading and class participation

    • a presentation on a topic of interest

Course Project

  • A substantial project involving programming languages and security in some fashion

    • work in pairs

    • once you get started: work steadily every week of the term (5-10 hours/week, perhaps more)

      • note: I deleted the journal idea

Course Project: Milestones

  • Sept 24: Form groups & pick area

  • Oct 8: analysis of related work

    • ~ 5-page analysis of related work

    • minimum 2 papers/person (hand-in a joint summary)

  • Nov 1: Progress Report I

    • ~ 5-page description of one component of the project

    • idea summary and justification, a partial formalization, a proof, a tool description and performance evaluation, a language design and justification, a software design and explanation etc

  • Nov 22: Progress Report II

    • ~ 5-page description of a second element of the work

  • Last month of class: Presentation on research in your area

    • assign 1 or 2 papers to the class to read; give a lecture and discuss

  • Jan 11, Deans date: Final submission

    • submit final report which includes introduction, problem description, technical accomplishments, any code, performance evaluation, related work, and summary

Project Ideas

  • The course web site contains a list of project ideas and some papers you can read as starting points;

  • Feel free to choose an idea from the web site or try an idea of your own, possibly connected with other research in the department

  • Some of the projects mentioned on the web site are very open-ended.

    • identify small subgoals that can be accomplished each week or every two weeks

    • be sure to have multiple fall-back positions

    • plan realistically

Example Project

  • Cryptographic programming in Jif:

    • Jif is a programming language based on Java equipped with a type system for detecting information-flow.

    • Learn about how Jif works, its features and semantics

    • Use Jif:

      • Design an interface to a cryptographic library using Jif's decentralized label model.

      • Use the resulting library to implement the cryptographic protocols used in a secure client-server setting.

    • Evaluate: What did you learn? Jif pros and cons?

  • Starting points on the projects page:

    • eg: Jif Homepage

Example Final Project Outline

  • Abstract

  • Section I: Introduction

    • Motivation (argument that makes the contributions seem inevitable!)- Information security is important.- Cryptographic primitives are crucial for network-based security.- Language-based security is practical way to increase confidence in security - Current support for cryptographic primitives in languages is not good.

    • Contributions- Design of a cryptographic library in Jif- Show how type system can encode desirable invariants- Investigation of event driven vs. threaded programs with information flow- Implementation of a (reasonably) substantial system using Jif

  • Section II: Background material

    • Jif and Decentralized Label Model- Important features (label abstraction, first-class principals, declassification, endorsement), syntax, semantics

    • Cryptographic operations

Example Final Project Outline

  • Section III: Design of the Cryptographic Library

    • Problems: Keeping keys secret; Dependency between keys and encrypted values; Authentication information encoded in the types; Integrity Constraints in Jif

    • Solutions: Dynamic Principals; Label polymorphism; Fancy programming

  • Section IV: Evaluation of the Library

    • Description of the test case- Bank/ATM simulation with interesting authentication protocols- Taken from CSE331 course implementation

    • Implementation details/examples

    • Insights learned? Design choices you would have changed?

  • Section V: Related Work

  • Section VI: Conclusion

    • Summarize introduction

    • Reiterate contributions

Other Project Topics

  • secure distributed programming & PlanetLab

    • implement a service for PlanetLab using an interesting programming model

      • tuple spaces (see Klaim for Java)

      • join calculus (see JoCaml)

      • distributed logic programming (see SD3, Sophia)

    • consider the security threats and the mechanisms necessary to compensate

    • implement a security monitoring service (as opposed to an arbitrary service)

Other Project Topics

  • security monitors

    • a security monitor watches a program, virtual machine or distributed system and interrupts the system when it detects a security violation

    • consider security monitors based on transactions

      • theory of what is enforceable in the transactional model

      • practice of implementing the system

    • consider concurrent or distributed security monitors

    • consider hardware/compiler support for parallelizing execution of security monitors with the mainline application

    • consider type-system support for making security monitors compose with one another; implement it in the context of Polymer

Other Project Topics

  • Verifying availability properties

    • recently, researchers have a great progress verifying cryptographic protocols and establishing authenticity & secrecy properties

      • Multi-set writing protocols (Cervesato et al.)

      • Types for protocols (Gordon & Jeffrey)

    • can we do the same for availability properties and developing robust distributed algorithms?

      • eg: can we developed techniques for verifying consensus and other group communication protocols? Under what failure models?

Other Project Topics

  • Study the effectiveness of security analysis tools

    • How do we evaluate security analysis tools to determine how effective they are?

    • What properties should they have?

    • What metrics can we use to analyze tools?

    • Can we develop a benchmark for testing these tools?

    • Take two or more existing tools and analyze them.

Extend a programming language

  • Polymer is a compiler framework for extending Java

    • add some form of program monitors based on automata

    • add Cryptic-like support to Java for verifying cryptographic protocols

  • Binder is a logic-programming language with built-in secuiry

    • implement a linear-logic programming version of binder

Other Project Topics

  • information flow

    • consider tracking information flow in a unique programming model

      • tuple space model

      • distributed logic programming model

      • typed assembly language

Other Project Topics

  • Survey paper option

    • choose a relatively broad area and do an in-depth analysis of the research in the area

      • come up with a creative way to classify the work in the area

      • summarize the major contributions

      • determine the most important avenues for future research

    • focus on producing a particularly well-written report by working on multiple drafts

    • eg: software program monitors; hardware support for security; security in distributed programming models

Other Project Topics

  • Come up with a own topic related to your own research

  • Good topics may bridge gaps between areas

    • Networking & distributed programming

    • Algorithms for reliable computing and cryptography & languages to support their implementation or verification

    • Architecture or compilers to improve performance of security mechanisms

Your Job

  • In the next two weeks, figure out who you want to work with and what general topic you want to work on

    • work with someone who has the same level of commitment to the course

    • cross-area partnerships can be a great idea (eg: PL person with a systems person or algorithms person)

    • visit the course web page for ideas; talk with your friends or other people in the department; skim a couple of papers

    • meet with me 22-24th of September

      • set up an appointment by e-mail

  • Login