CEG 4420/6420: Host Computer Security Syllabus

Catalog Description: Introduces security hardening of a single system, and how to protect it when connected to a network. It explains how malware can compromise security and privacy from the moment a machine is powered on until shut down. Topics include Privilege Escalation, Buffer Overruns, Network Packet Mangling, Session Hijacking, Firewalls, and ethics. Lab work uses tools such as Kali Linux, and AWS. Prerequisites: CEG 2350 OS Concepts and Usage.

Laptop/Desktop

1. WSU will provide you with an AWS virtual machine. Get ahead and study https://aws.amazon.com/getting-started/launch-a-virtual-machine-B-0/
2. [Even so] It is highly recommended that you have a real desktop/laptop Linux setup [exclusively] for lab experiments of this course. Read Lab on Getting Started, a required lab in this course.
3. Become prepared to install a Linux distro of your choice. Recommended: Kali Linux.

Source Material

There is no required text book this term. The course home page leads to lecture notes on every topic of this course.

Home Page

https://www.cecs.wright.edu/~pmateti/Courses/4420 Includes weekly schedule. Please visit often this page for announcements, and info on notes.

Simson Garfinkel, Gene Spafford, and Alan Schwartz

Practical Unix and Internet Security, 3rd edition (2003), O'Reilly & Associates; ISBN: 0596003234. A recommended text book. Search for Errata.

Charles P. Pfleeger, Shari Lawrence Pfleeger,

Security in Computing, Fourth Edition, Prentice Hall, 2015, ISBN-10: 0-13-239077-9. A recommended text book. http://proquest.safaribooksonline.com. ezproxy.libraries.wright.edu/ book/networking/security/9780134085074

Relevance to Windows and Other OS

Even though we use Linux, the content is relevant to all OS. Focusing on one open source OS, gives us depth.

QAs and Discussion

on Pilot.

Objectives

1. Recognize lax practices in software development that cause vulnerabilities can be fixed by adopting static and dynamic analysis tools.
2. Have a technical understanding of existing malware techniques.
3. Be able to separate Proper Configuration immediately after an install, continuous Fortification through patching and upgrades and Hardening of Linux by special rebuilds and pruning.

Learning Outcomes

1. Apply static source code analysis tools.
2. Demonstrate existing malware, and distinguish Detection, Prevention, Mitigation and Repair.
3. Improve security and privacy by Proper Configuration, Fortification and Hardening of Linux.

Attendance

Be aware of https://www.wright.edu/coronavirus website content. Our lectures are asynchronous. Per week, you are expected to watch two lecture videos (75 min each) and study the associated lecture notes. Visit the Course Home Page at least once a week.

Course Content

Lab work is a significant part of this course. The ordering of lectures, in contrast to the course content topics listed below, is largely due to this influence.

The topics are described at some length because they may be too unfamiliar to you. The numbers in parens are a rough estimate of the number of (75-minute) lectures on each topic.

Intro (1)

Well Known Security Breaches. Current security events. Terminology: E.g., Intruder v. Hacker v. attacker v. cracker. Course overview. Escalation of privileges. Denial of Service (DoS). Virus, Worms, and Trojans. Virtual machines.

System Administration (2)

Linux setup. Configuring properly. The initial boot can be a significant source of insecurity. The sequence of events from initial power-on cold booting to shut down of a computer system. Standard processes: init etc.

Applied Cryptography (1)

Understanding computational infeasibility. Message digests. Digital certificates. Man-in-the-Middle attacks.

Authentication (3)

User Authentication: /etc/passwd, /etc/shadow files. Salting. One time passwords. Two-factor authentication. Cracking of passwords.

System Hardening and Update (8)

Hardening an OS kernel and system programs. Patching of binaries and source code. Use of diff and patch. Patching for known kernel exploits. Linux kernel modules. Linux security modules. Re-design/ Hardening of OS for security. NSA's Security Enhanced Linux.

Secure Software Development (6)

Buffer Overflow Exploitation. Software development techniques that are resistant to bug exploits. At the high-level, code structure, least privilege, and narrow interfaces, and at the low-level, checking for buffer overruns, being ultra careful in writing setuid programs, untrusted paths, race conditions, environment, etc. Prevention and detection of race conditions. Type-safety, static source code analysis, assertions and invariants.

System Audit (2)

Detection and Documentation of (possible) Intrusions. Penetration testing. Logging facilities. Absense of Rootkits, unauthorized services, Backdoors. Prevention, detection and mitigation of malware. Intrusion Detection Systems (IDS). Intrusion Prevention Systems (IPS). Forensics.

Ethical and Legal Issues (2)

We will discuss topics such as: Why Hackers Do The Things They Do? Is it OK to harden the PC of a neighbor without permission? It is required that you sign our statement of ethics.

Exams 30 + 30%

The mid term is scheduled around the seventh/eighth week, and the final during the exam week as set by the Registrar.

Laboratory Experiments 40%

I expect to give 8 labs, each worth 5%. Lab reports must be submitted by midnight on the due date posted. I will accept up to two lab reports late but each within 48 hours. The subject matter of these experiments is included in the exams.

In this course, a lab rarely involves writing your own programs. It generally will require you to build an executable, on Linux, after suitable reconfiguration using tools such as make. The source code tree will be given to you -- in C/C++, or in ASM.

Experiments are to be performed by the student individually. These labs must be work done solely by you, except for the parts I provided you with.

Discussion 5% Bonus

Active participation in the group discussions is expected.

Homework Assignments

Homework is suggested. But, there are no homework assignments to be turned in.

CEG 6420

Students enrolled in CEG 6420 are required to do additional tasks at a graduate student level. Undergraduate students and graduate students will be graded separately. This semester the tasks are to (i) learn and write a technical summary in a few pages on one of the topics below, (ii) sketch a new lab experiment based on that topic, and (iii) carry out that experiment and submit a lab report as usual. Your article and lab experiment should match the quality of those already included in the course.

1. Recent Vulnerabilities. E.g., StackClash, Spectre, MeltDown, ShellShock.
2. Secure Re-coding of well-known system programs (e.g., sudo, fusermount) using static analysis tools, such as Splint, LLVM CodeChecker.
3. Hardening a Well-Known Linux Distribution (e.g., Kali or Knoppix)
4. Devious Boot of Linux
5. Survey of Current Ransomware
6. Code Injection and ROP
7. If a topic beyond this list interests you, I am happy to consider it.