Security at the Hardware Software Interface
Computer systems today are eminently hack-worthy. We will begin this course
with how systems in cars, medical devices, phones, and datacenters can be
compromised, and then study the principles and mechanisms for building secure
systems. By the end of the course, you should be able to analyze real-world
requirements and build a system whose security properties are well understood
and well argued.
Course work comprises of a) critically reviewing classic and recent papers (30 points),
b) completing three well-defined programming assignments (30 points), and c) a self-defined
course project (40 points).
We will review and discuss one research paper per class. (Sample review template).
The assignments will include a mix of analytical and programming tasks.
The project starts after the third assignment.
You will write a proposal describing related work, experimental setup, and results to be collected,
and present an intermediate demo (or results) every 2 weeks until the end of semester.
Optional Research Track (70 points).
If you have worked on research/security extensively, there is an optional research
track with the goal of producing top-tier research papers. The Fall 2013 course
led to 2 MICRO conference submissions in the Spring semester with one more paper
under construction. However, I do not recommend this path unless you meet
stringent requirements.
Reading Plan
Examples: how security breaks in systems [2 weeks]
- The underground economy
- Cars
- Android
- Cloud
Defining Security Properties [2 weeks]
- Access control policies
- Information flow policies
- Anonymity (e.g. based on quasi-identifiers, differential privacy)
Building blocks for Secure Systems [8 weeks]
- Encryption, Hashing, Identity, and Randomness
- Isolated containers for code and data: Keeping mutually distrustful applications separate.
- Memory Vulnerabilities: an access control problem.
- Commercial systems today: VTx/VTd, TrustZone.
- Fine-grained access control: Mondriaan Memory Protection, Capabilities.
- Information flow control: Raksha, Glift.
- Attestation: Check whether a remote machine executed
the right program. Flicker, Private Core.
- Secure Processors.
- Physical access (cold-boot) attacks.
- Aegis, Intel-SGX. Aegis-PUFs.
- Obliviousness: hiding memory access patterns.
- Power Analysis and Defenses.
- Determinism + Randomness: Network Processors.
- Intrusion detection:
Signatures and time-series analysis. Bitsplit String Matching.
- Network routing: Onion routing in Tor.
Review
- Apply lessons to medical device security
- Review of syllabus and final homework
Other Security Topics and Resources (not covered in class)
- Defenses against malicious hardware.
- Voting Machines.
- Multi-party computation.
- Network security.
- Social networks and Privacy.
- Distributed (e.g., Byzantine, N-version) systems.
- SEED labs: security exploit/defense exercises.
Books
Security Engineering, by Ross Anderson. Lots of practical tips and examples. http://www.cl.cam.ac.uk/~rja14/musicfiles/ manuscripts/SEv1.pdf