CS 576 Secure Systems

Fall 2014

InstructorGeorgios Portokalidis
Teaching assistantDimitrios Damopoulos
Mailing listcs576@lists.stevens....
MeetingsTuesdays 06:15pm-08:45pm (room BC640)
Office hoursMondays 5:00-6:00pm (L213)

Overview | Prerequisites | Course material | Grading | Schedule


Attacks on computer systems have become part of everyday life. It is the goal of this class to teach a thorough understanding of the possible security failures, as well as the protection mechanism. The class will cover network and host security concepts and mechanisms; basic cryptographic algorithms and protocols; authentication and authorization protocols; access control models; common network (wired and wireless) attacks; typical protection approaches, including firewalls and intrusion detection systems; and operating systems and application vulnerabilities, exploits, and countermeasures; distributed denial of service attacks and botnets. The class will not only cover the subjects in theory but instead also provide the students with an extensive hands-on experience. The class will involve a fair amount of programming. Those who take the class are expected to be able to program in C/C++, have some basic knowledge of assembly language, and be familiar with network basics and programming, as well as Unix-like operating systems.


The course requires good programming skills (C, C++), including some knowledge of x86 assembly. Also, a basic background in operating systems (mainly UNIX) and networking.

Course prereqs:

  • CS 506 Introduction to IT Security
  • CS 577 (co-requisite)
  • CS 590 Algorithms (for grads) or CS 385 Algorithms (undergrads) or CS 182 Introduction to Computer Science Honors II (undergrads)

If you feel that you possess the skills to follow this course but have not taken the prerequisite courses, contact me to establish whether I can waive the requirements for the course.

Course material


Additional reading


Your final grade will be determined by your performance in the following:

Midterm Exam 20%
Class participation 10%
Unannounced quizzes 20%
Final Exam 30%
Assignments 20%

Assignments must be done individually. You can discuss the problems with your classmates, but you must not share details of the solutions.

Honor system

Stevens honor system: "The Honor System at Stevens [..] insures that work submitted by students can be trusted as their own and was performed in an atmosphere of honesty and fair play."

Week-by-week schedule

Subjects covered in lectures are tentative and may change (last update 8/25/14). Refer to moodle for up-to-date information.

Week Subjects Readings Assignments


Course logistics. Overview. Legal and ethical aspects. The human factor.

Chapters 1, 19, 17.

Your answers to the specified problem numbers from the end of each chapter.


Basic crypto. Message authentication. Hashing. Random number generation.

Chapters 2, 20, 21, 22.3-22.4.
Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG

1.4-1.6, 19.5, 19.7


Authentication. Access control, authorization. PKI. Certificate authorities. Biometrics.

Chapters 3, 4, 23.
SAuth: Protecting User Accounts from Password Database Leaks

2.1, 2.3, 2.4, 2.6. 2.7, 20.6, 20.7.


Buffer overflows. Format string attacks. Code injection. Return-to-libc attacks.

Chapters 10, 11.
Smashing the stack for fun and profit
w00w00 on heap overflows
Advances in format string exploitation
Advanced return-into-lib(c) exploits

3.3, 3.6, 3.8, 3.11, 4.6, 4.7, 23.3, 23.4


Address-space layout randomization (ASLR). Heap-spraying. Return-oriented programming. Use-after-free.

Heap Spraying: Attackers' Latest Weapon Of Choice
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls
Cling: A Memory Allocator to Mitigate Dangling Pointers

On the effectiveness of address-space randomization
ASLR Smack & Laugh Reference

10.1, 10.2, 10.3, 10.4, 10.10, 10.11, 11.3


Control-flow integrity.

Control-flow Integrity
Transparent ROP Exploit Mitigation using Indirect Branch Tracing
Practical Control Flow Integrity & Randomization for Binary Executables
Out Of Control: Overcoming Control-Flow Integrity

Size Does Matter - Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard
Modular Control-Flow Integrity

Free ride?


Web and database security. SQL injection. Cross-site scripting (XSS). Cross-site request forgery (CSRF).

Chapter 5.

Free ride?


No class. Monday class schedule.


5.2, 5.3, 5.5, 5.8, 5.12, 5.15


Midterm exam.

Mobile security.

Flexible and Fine-Grained Mandatory Access Control on Android for Diverse Security and Privacy Policies
Securing Embedded User Interfaces: Android and Beyond
Jekyll on iOS: When Benign Apps Become Evil
Mobile Malware Detection Based on Energy Fingerprints — A Dead End?



Malware. Drive-by downloads. Sandboxing. Denial-of-service (DoS) attacks.

Chapters 6, 7.

Revolver: An Automated Approach to the Detection of Evasive Web-based Malware
Practical and Effective Sandboxing for Non-root Users
SOS: An Architecture For Mitigating DDoS Attacks
Exit from Hell? Reducing the Impact of Amplification DDoS Attacks

Free ride?


Firewalls. Network intrusion detection. Honeypots.

Chapters 8, 9.

Snort - Lightweight Intrusion Detection for Networks
A Virtual Honeypot Framework
SweetBait: Zero-hour worm detection and containment using low- and high-interaction honeypots
Data Mining Approaches for Intrusion Detection

Free ride?


Multilevel security. Information flow. Taint analysis.

Chapter 13.

Raksha: A Flexible Information Flow Architecture for Software Security
Minos: Control Data Attack Prevention Orthogonal to Memory Model
Argos: an Emulator for Fingerprinting Zero-Day Attacks
Taint-Exchange: a Generic System for Cross-process and Cross-host Taint Tracking

8.2, 8.3, 8.6, 9.1, 9.5, 9.6


OS security. Null-pointer dereferences. Code integrity.

Chapter 12.

kGuard: Lightweight Kernel Protection against Return-to-user Attacks
SecVisor: A Tiny Hypervisor to Provide Lifetime Kernel Code Integrity for Commodity OSes

13.1, 13.6, 13.9, 13.10


Physical and infrastructure security. Hardware security.

Chapter 16.
Security Analysis of Integrated Circuit Camouflaging
Low-Fat Pointers: Compact Encoding and Efficient Gate-Level Implementation of Fat Pointers for Spatial Safety and Capability-based Security
FANCI: identification of stealthy malicious logic using boolean functional analysis

12.1, 12.2, 12.4, 12.6, 12.10


Other subjects, case studies.



15. 12/9/14

Final exam.