|Course||CSC-705 Operating Systems Security|
|Meeting Location||1227 EB2|
|Meeting Times||Tu/Th 10:15AM - 11:30AM|
|akaprav ‘at’ ncsu.edu|
|Office Hours||By appointment|
The majority of class resources will be distributed over hotcrp. HotCRP is software for managing the conference review process, so we will be using the same platform as conference reviewers are using.
We will use the email list
csc705-s23 on Google Groups for our communication.
Prerequisite: CSC 501 - Operating Systems Principles
Informal: You need to understand (1) modern operating systems (e.g., Windows, Linux), (2) basics of systems theory and implementation (e.g., file systems, distributed systems, networking, operating systems, etc.), (3) web security. If you do not have a basic understanding of these areas, you will have difficulty with the course. If you have questions regarding these prerequisites, please contact the instructor.
In this class we will explore several aspects of security research with the goal of understanding security-relevant operating system (OS) principles. We will study OS level mechanisms and policies in investigating and defending against real-world attacks on computer systems, such as self-propagating worms, stealthy rootkits and large-scale botnets. We will explore OS security techniques such as system call monitoring and memory protection. We will analyze recent advanced techniques such as system-level randomization and hardware virtualization. Lastly, we will explore more abstract OS-level primitives applied to different systems, such as browsers.
Textbooks and Reading Material
This course has no formal textbook. The course readings will come from research papers and other informative sources.
Student Learning Outcomes
By the end of this course, students will be able to:
- Critique published research
- Understand what defense mechanisms exist in modern operating systems, how they work and why some of them fail against the latest attacks
- Leverage OS security primitives to build secure software
- Know how the same OS security primitives can be applied at different levels, like the browser architecture
- Design systems and software with security in mind
- Know the most important conferences and journals for security research
- Explain, compare, and use some of the successful defenses
Course Structure and Grading
The course will consist of paper reviews, paper presentations and weekly discussions that contribute to the final grade in the following proportions:
The final letter grade will be based on the final percentage as follows:
A+ <= 97% < A <= 93% < A- <= 90% < B+ <= 87% < B <= 83% < B- <= 80% < C+ <= 77% < C <= 73% < C- <= 70% < D+ <= 67% < D <= 63% < D- <= 60% < F
REG 02.50.03 (Grades and Grade Point Average) describes the grade point interpretation of letter grades.
This semester we will be using the following roles for guiding the discussion of papers:
- Scientific Peer Reviewer
- Academic Researcher
- Industry Practitioner
- Penetration Tester
- Private Investigator
- Threat Model Reviewer
- Reproducibility Hacker (double weight)
- Ethics Investigator
In every lecture we are going to discuss the papers from different angles and each role is expected to be ready to comment about the paper based on the role’s responsibility. No full-blown presentation is expected, but we are going to use a single presentation per paper available for edits to all students who would like to guide the discussion with additional material. It is expected from some roles (like the Illustrator) to heavily use visual guides to drive the discussion, so having some slides prepared will lead to higher quality discussion.
Students will prepare to discuss each paper from our reading list during class. The expectation is that these presentations will be high quality, informed, insightful, and interesting. Since all current conferences require pre-recorded presentations these days, we will be experimenting with presenting research work in the current circumstances.
Students are expected to read relevant papers every week. Students should submit their reviews/reports on hotcrp before the paper’s discussion. Students that have a role other than the Scientific Peer Reviewer should submit a report on hotcrp with their findings.
To do well in this course, students must actively participate in discussion and demonstrate comprehension of the reading and lecture themes. Students are required to do the assigned readings every week and provide reviews/reports for them. This will be closely monitored by the instructor, thereby making a student’s ability to demonstrate their comprehension of papers essential to a receiving a passing grade. Students are expected to be active in the discussion of every paper, answering questions that other students have and leading a constructive discussion about the papers.
No late assignments will be accepted. Reviews submitted after the a paper has been discussed will not be graded.
All meetings will be in person for this class, but they are going to be also available also via Panopto recordings. You need to inform the instructor for any absences before class, since this will affect our discussions.
The university policy on excused absences will be observed (see http://policies.ncsu.edu/regulation/reg-02-20-03).
Academic Integrity Policy
The university, college, and department policies against academic dishonesty will be strictly enforced. You may obtain copies of the NCSU Code of Student Conduct from the Office of Student Conduct, or from the following URL: http://policies.ncsu.edu/policy/pol-11-35-01
The instructor expects honesty in the completion of test and assignments. The instructor has a zero tolerance policy for violations of academic integrity. The instructor carefully monitors for instances of offenses such as plagiarism and illegal collaboration, so it is very important that students use their best possible judgement in meeting this policy. The instructor will not entertain any discussion on the discovery of an offense, and will assign the ‘F’ grade and refer the student to the appropriate University bodies for possible further action. It is the understanding and expectation of instructor that the student’s signature on any test or assignment means that the student neither gave nor received unauthorized aid. For additional information, visit http://studentconduct.ncsu.edu/
Note that students are explicitly forbidden to copy anything off the Internet (e.g., source code, text) for the purposes of completing an assignment or the final project. Also, students are forbidden from discussing or collaborating on any assignment except were explicitly allowed in writing by the instructor.
This course considers topics involving personal and public privacy and security. As part of this investigation we will cover technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.
When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.
Statement for students with disabilities
Reasonable accommodations will be made for students with verifiable disabilities. In order to take advantage of available accommodations, students must register with Disability Services for Students at 1900 Student Health Center, Campus Box 7509, 919-515-7653. For more information on NC State’s policy on working with students with disabilities, please see the Academic Accommodations for Students with Disabilities Regulation (REG 02.20.01).
Statement on Identity
I make an effort to treat all of my students with respect, and an important part of that is correctly addressing students with correct names and pronouns. If you would like to be called by a different name or pronoun other than what is in the directory, let me know (in person or email). Also, if I mispronounce your name, please let me know – it is not intentional!
Statement on transportation
Students have to provide their own transportation for any and all class related trips.
Statement on safety and risk assumption
This course does not require activities that pose physical risk to students.
N.C. State University Polices, Regulations, and Rules (PRR)
Students are responsible for reviewing the PRRs which pertain to their course rights and responsibilities. These include: http://policies.ncsu.edu/policy/pol-04-25-05 (Equal Opportunity and Non-Discrimination Policy Statement), http://oied.ncsu.edu/oied/policies.php (Office for Institutional Equity and Diversity), http://policies.ncsu.edu/policy/pol-11-35-01 (Code of Student Conduct), and http://policies.ncsu.edu/regulation/reg-02-50-03 (Grades and Grade Point Average).
Online class evaluations will be available for students to complete during the last two weeks of class. Students will receive an email message directing them to a website where they can login using their Unity ID and complete evaluations. All evaluations are confidential; instructors will never know how any one student responded to any question, and students will never know the ratings for any particular instructors.
|Student help desk:||firstname.lastname@example.org|
|Info about ClassEval:||https://oirp.ncsu.edu/surveys/classeval/for-students/how-classeval-works/|