CprE 440: Operating System Security

OS is the core for all of todays increasingly diverse and complex computing ecosystem, which extends from smart things, personal devices, enterprise-level systems, to (micro-)service-oriented applications, with many processing increasingly carried in the cloud. Securing OS has become the most critical task for everyone and business sectors, in a variety of application contexts.

Iowa State University
Ames, IA

 



 

Course Objectives and Description

The course will focus on both the fundamentals and advanced topics in operating system security, and teach the students the design issues, principles, mechanisms, and good engineering practice for design and implementation of secure computer/OS systems. Lectures cover threat models, vulnerabilities, attacks compromise security, and advanced OS-level techniques for achieving security. Topics include OS security concepts and principles, seminal security in Multics, vulnerabilities in ordinary systems, secure capability systems, information flow control, mandatory access control, security kernels, memory protection, file system, virtual machine systems, hardware/architecture support (e.g., Intel SGX) for OS security, secure microkernel OSes (e.g., seL4, QNX, Fuchsia), modern mobile operating systems (e.g., Android and iOS), and security from end-user perspective. Assignments include labs exploring and implementing the technologies in the context of the Linux, Android, seL4/QNX/Fuchsia systems (some involving kernel programming). One of this year’s theme is on secure microkernel OSes (seL4, QNX, and Google Fuchsia). Through the course, you will get a chance to learn and work with the latest developments around them.

Upon completing this course, the students are expected to understand the principles and defensive mechanisms of operating systems security and learn hands-on experience (kernel-level programming and system skills), and to be prepared for active research at the forefront of these areas.

News and Events

Please keep an eye on this news box for the latest.

Spring 2020

1.     Kick-off meeting held in Carver 0294.

2.     More to be added.

Course Outline

Please check the lecture topics and schedule on Canvas.

Course Prerequisite

CPR E 308 OR COM S 352. Familiarity with operating system concepts, and assume the knowledge of C programming.

Course Assignments

The course will consist of two challenging programming projects (i.e., machine problems), two exams (mid-term and final exams), case study on seL4/QNX/Fuchsia, and one term paper. We will have a small number of homework, demonstrations (on your course projects), and presentations (on your term papers and code/design analysis of seL4/Fuchsia/QNX). Both undergraduate and graduate students should finish the required programming projects.

For short-survey term paper, a list of selected topics/problems will be given. You can also propose your own one. Write a 6-pages literature survey on a specific topic based on the reading of at least 10 papers published within the past 10 years. The paper format will be double column and single space and should conform to the standard format for IEEE transactions. You can use either Latex or WORD. More information please refer: https://journals.ieeeauthorcenter.ieee.org/create-your-ieee-journal-article/authoring-tools-and-templates/ieee-article-templates/.

For each topic covered in the lecture, I will provide you a suggested reading list including a number of selected classical papers and some recent papers published on the top distributed systems conferences/journals. Please see the suggested reading list on Canvas.

Course Materials

Required Textbook:

Operating System Security (Synthesis Lectures on Information Security, Privacy, and Trust), by Trent Jaeger. ISBN: 9781598292121, 1598292129. Link

Reference Books:

1.      Modern Operating Systems, by Andrew S. Tanenbaum, 4th Edition, ISBN 9780133591620.

2.     W. Richard Stevens, Advanced Programming in the UNIX Environment, First Edition, Addison-Wesley Pub Co., 1992, ISBN 0201563177.

3.     Operating Systems: Principles and Practice, by Thomas Anderson and Michael Dahlin. ISBN 0985673524

4.     Fundamentals of Secure Computer Systems, by Brett Tjaden. ISBN 188790266X

In addition, for each topic covered in the class, I will select a number of papers (most were published in recent years). Please see the suggested reading list on Canvas

Lecture slides will be available before class on Canvas.

Grading and Acad. Policy

Grading will be on the absolute scale. The cutoff for an `A' will be at most 90% of total score, 80% for a `B', 70% for a `C', and 60% for a `D'. However, these cutoffs might be lowered at the end of the semester to accommodate the actual distribution of grades.

  1. Mid-term and optional Final Take-home Exam: 25%

  2. Course projects: 30%

  3. Presentations, demos, investigative analysis on seL4/QNX/Fuchsia: 25%

  4. Online quizzes: 5%

  5. Short surveys on selected OS security topics: 10%

  6. Attendance and participation in class discussions: 5%

Academic Policy:

  • All incidents of academic dishonesty will be dealt with according to the university policy. No exceptions.
    1. All references must be properly cited, including internet web pages (URL must be provided). If plagiarism is detected, i.e. without proper citation and quotation, you will automatically receive an F. When in doubt, please ask the instructor if it is reasonable to include other's work in your assignments.
  • Due date for term papers and course projects is hard (no late hand-in will be accepted.) except that you have reasonable reason. However, for the whole semester, you can have at most one time no-reason three-day extension.
  • If you have a disability and require accommodations, please contact the instructor early in the semester so that your learning needs may be appropriately met. You will need to provide documentation of your disability to the Disability Resources (DR) office, located on the main floor of the Student Services Building, Room 1076, 515-294-7220

Lecture and Office Hours

Dr. Yong Guan, Department of Electrical and Computer Engineering, Iowa State University, Ames, IA 50011. Office: Durham 309. Email: yguan@iastate.edu. Phone: (515) 294-8378. Fax: (515) 294-8432.

Lecture: Tuesday & Thursday, 4:10-5:25pm, Carver 0294.

Office Hours: Tuesday, 11:00-11:59am, Durham 309. You are welcome to drop by or email me to schedule a longer time to meet after class.

Further Information

For further information, please contact Yong Guan (yguan@iastate.edu) by email or drop by office Durham 309.