CSc 620 Language-based Approaches to System and Software Security

CSc 620

Language-based Approaches to
System and Software Security



Due to the advent of the Web, computer security is a hot topic right now. Many new start-ups are investing heavily in E-commerce, where security is a major concern. In this class, we're interested in three types of security issues:

  1. Protection against violation of the integrity of computer systems.
  2. Protection of intellectual property rights.
  3. Protection against violation of privacy rights.

In particular, we will be interested in language-based approaches to addressing these issues, i.e. any security technique that uses ideas from compiler and programming language design. For example, we will be looking at ways to protect a computer system from potential adverse effects of down-loading code, a problem that's familiar to anyone who has ever down-loaded an applet. We will also look at ways of protecting programs from illegal re-distribution and intellectual property theft. Finally, we will touch on the use of steganographic techniques for embedding secret messages in code.

Students will read and present 2 papers from the literature (conference/journal papers and software patents), work a programming assignment, and participate in a final team project.

Prerequisites: A compiler class such as 453.

Schedule

Lecture When Who What Handout

August

1 Mon 23 CC Administrivia PS PS.gz PDF
CC Java VM PS PS.gz PDF
2 Wed 25 CC Java PS PS.gz PDF
3 Mon 30 CC Compilers PS PS.gz PDF
CC Program representations PS PS.gz PDF

September

4 Wed 1 CC Program Analysis I PS PS.gz PDF
CC Program Analysis II PS PS.gz PDF
- Mon 6 Labor Day
5 Wed 8 CC Alias Analysis PS PS.gz PDF
6 Mon 13 CC Obfuscation I PS PS.gz PDF
7 Wed 15 CC Obfuscation II
CC Projects PS PS.gz PDF
8 Mon 20 CC Watermarking I PS PS.gz PDF
9 Wed 22 CC Watermarking II
10 Mon 27 CC Software-Based Fault Isolation PS PS.gz PDF
11 Wed 29 Lagisetty Venkata Raghavendra Kumar Todd A. Proebsting and Scott A. Watterson. Krakatoa: Decompilation in Java (Does bytecode reveal source?), In Third USENIX Conference on Object-Oriented Technologies and Systems (COOTS), June 1997. PS PS.gz PDF
Robert M Meadows Cristina Cifuentes and John Gough. Decompilation of Binary Programs. Software - Practice and Experience. Vol 25(7), July 1995. 811-829. PS PS.gz PDF

October

12 Mon 4 Dengfeng Gao Luis Sarmenta, Protecting Programs from Hostile Environments: Encrypted Computation, Obfuscation, and Other Techniques. PS PS.gz PDF
Jun He Josh MacDonald. On Program Security and Obfuscation. PS PS.gz PDF
13 Wed 6 Hua Li Neil F. Johnson and Sushil Jajodia. Computing practices: Exploring steganography: Seeing the unseen. Computer, 31(2):26--34, February 1998. PS PS.gz PDF
Vinodh H. Jayaram Mark Chapman, George Davida. Hiding the Hidden: A Software System for Conceiling Ciphertext as Innocuous Text. Financial Cryptography, First International Conference, FC'97, Anguilla, British West Indies, February 1997. Springer Verlag, LNCS 1318. PS PS.gz PDF
14 Mon 11 Chen, Wen-Ke Smashing the Stack for For Fun and Profit PS PS.gz PDF
Ian Murdock George Necula and Peter Lee, Safe Kernel Extensions Without Run-Time Checking. In Proceedings of the Second Symposium on Operating Systems Design and Implementation (OSDI '96), Oct. 1996. PS PS.gz PDF
15 Wed 13 Baogang Song Li Gong, Roland Schemers, Signing, Sealing, and Guarding Java Objects. In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 206-216, 1998. PS PS.gz PDF
Mohan Rajagopalan Uwe G. Wilhelm. Cryptographically protected objects. In RenPar'9, May 1997. PS PS.gz PDF
16 Mon 18 Jacob Bailly G. Qu, Watermarking graph partitioning solutions. PS PS.gz PDF
Zhang Yeliang Peter R. Samson. Apparatus and method for serializing and validating copies of computer software. US Patent 5,287,408, February 1994. Assignee: Autodesk, Inc. PS PS.gz PDF
17 Wed 20 Sean William Davey David M. Chess, Jeffrey O. Kephart and Gregory B. Sorkin. Automatic Analysis of a Computer Virus Structure and Means of Attachment to its Hosts US Patent 5,485,575, February 1994. Assignee: IBM. PS PS.gz PDF
Nadeem Ilkal Sander, T. and Tschudin, Chr. Towards Mobile Cryptography In the Proceedings of the 1998 IEEE Symposium on Security and Privacy. PS PS.gz PDF
18 Mon 25 Li Wei Hawblitzel, Chang, Czajkowski, Hu, von Eicken. Implementing Multiple Protection Domains in ]ava PS PS.gz PDF
Mausam Bhatt Fritz Hohl, Time Limited Blackbox Security: Protecting Mobile Agents from Malicious Hosts, In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 92-113, 1998. PS PS.gz PDF
19 Wed 27 Quanzhong Li Ralf C. Hauser. Using the Internet to decrease Software Piracy - on Anonymous Receipts, Anonymous ID Cards, and Anonymous Vouchers. In INET'95 The 5th Annual Conference of the Internet Society The Internet: Towards Global Information Infrastructure, volume 1, pages 199--204, Honolulu, Hawaii, USA, June 1995. PS PS.gz PDF
Ashwin Kashyap Brenda S. Baker, Udi Manber, Deducing Similarities in Java Sources from Bytecodes PS PS.gz PDF

November

20 Mon 1 Chen, Wen-Ke "Extensible Security Architectures for Java" by D Wallach, D Balfanz, D Dean and E Felten PS PS.gz PDF
Ian Murdock A Tool for Constructing Safe Extensible C++ Systems. PS PS.gz PDF
21 Wed 3 Sean Davey "Language Issues in Mobile Program Security" by Dennis Volpano and Geoffrey Smith. PS PS.gz PDF
Ashwin Kashyap Steganalysis of Images Created Using Current Steganography Software, Neil F. Johnson and Sushil Jajodia PS PS.gz PDF
22 Mon 8 * Project presentations
Quanzhong Li Peter Wayner, Mimic Functions and Tractability PS PS.gz PDF
23 Wed 10 Jacob Bailly Fabien Peticolas, Ross Anderson, Markus Kuhn. Attacks on copyright marking systems. Second workshop on information hiding, Portland, Oregon, April 15-17, 1998. PS PS.gz PDF
Jun He Lujo Bauer, Andrew W. Appel and Edward W. Felten Mechanisms for Secure Modular Programming in Java Tech Report TR-603-99, Princeton University. PS PS.gz PDF
24 Mon 15 Dengfeng Gao Ross J. Anderson and Fabien A.P. Peticolas. On the limits of steganography. IEEE J-SAC, 16(4), May 1998. PS PS.gz PDF
Li Wei Todd M. Austin, Efficient Detection of All Pointer and Array Access Error, ,SIGPLAN '94 Conference on Programming Language Design and Implementation PS PS.gz PDF
25 Wed 17 Mausam P. Bhatt David M. Chess, Security Issues in Mobile Code Systems, In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 1-14, 1998. PS PS.gz PDF
Mohan Rajagopalan
  • David Aucsmith and Gary Graunke. Tamper resistant methods and apparatus US patent 5,892,899.
  • David Aucsmith, Tamper Resistant Software: An Implementation, Information Hiding, First International Workshop, Lecture Notes in Computer Science, Vol. 1174, 1996
PS PS.gz PDF
26 Mon 22 Baogang Song Sander, T. and Tschudin, Chr. On Software Protection via Function Hiding In Proceedings of the Second Workshop on Information Hiding, Springer Lecture Notes in Computer Science PS PS.gz PDF
Hua Li Resolving rightful ownerships with invisible watermarking techniques: limitations, attacks, and implications Craver, S.; Memon, N.; Yeo, B.-L.; Yeung, M.M. Selected Areas in Communications, IEEE Journal on Volume: 16 4 , May 1998 , Page(s): 573 -586 PS PS.gz PDF
27 Wed 24 Zhang Yeliang Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations PS PS.gz PDF
Nadeem Ilkal Web Spoofing : An Internet Con Game, Technical Report 540-96 (revised Feb. 1997) PS PS.gz PDF
28 Mon 29 Robert M Meadows Robust Mesh Watermarking, Emil Praun, Hugues Hoppe, Adam Finkelstein PS PS.gz PDF
Lagisetty Venkata Raghavendra Kumar Software Authorization Systems, Paul A. Suhler, Nader, Miroslaw and Neil Iscoe. PS PS.gz PDF

December

29 Wed 1 Vinodh H. Jayaram Some general methods of tampering with watermarks, Ingemar J Cox and Jean-Paul M G Linnartz. PS PS.gz PDF
30 Mon 6 ? ? ?
31 Wed 8 ? ? ?

Topics:

Back to Collberg's Home Page