ISA 862, Models for Computer Security - Fall 2010

[Class Schedule] [Available Projects]

Instructor: Angelos Stavrou
Lecture: Thursday 4:30 - 7:10pm
Engineering Building Room 4201
Office Hours: Thursday 2:00 - 4:00pm and by appointment
Office: Research I, Rm 437
Email: astavrou(_)gmu.edu

Teaching Assistant: Chen Liang
Research I, Rm 438
Office Hours: Tuesday 4:00 – 6:00pm
Email: cliang1(_)gmu.edu

Course Description:

This class will be focused on current research in Security with emphasis in Network and Software
Security including:

  • Anonymity and Privacy
  • Security Models for Mobile and Hand-held devices
  • Attacks against networks and machines
  • Content-based Attacks and Advanced Persistent Threats (APTs)
  • Operating System Security
  • Analysis of Security protocols
  • Forensics and diagnostics for security
  • Botnets, Malicious code analysis, anti-virus, anti-spyware
Class Objectives

The students will be exposed to research methodology including reading research papers,
identifying research problems, gathering and analysing the related work, and designing both
the experimental and analytical sections of a paper. The goal is to familiarize the students
with current research topics and enable them to identify interesting problems or gain deeper
knowledge on a research area. Students will be assigned to projects in research areas of
their choice.


CS571 and ISA 562; or permission of instructor. The coursework will include substantial programming projects; in order to be able to complete the projects, the students must be comfortable with C/C++.


Understanding the Linux Kernel, Third Edition Daniel P. Bovet Marco Cesati ISBN-10: 0596005652 ISBN-13: 978-0596005658 O'Reilly Media Available by: [Online for GMU] [O' Reilly] [Amazon]

Modern Operating Systems 3/E, Andrew S. Tanenbaum. ISBN-10: 0136006639 ISBN-13: 9780136006633 Prentice Hall Available by: [GMU Bookstore] [Prentice Hall] [Amazon]

Operating System Concepts, 8th Edition (or 7th Edition), Abraham Silberschatz, Yale University Peter Baer Galvin, Corporate Technologies Greg Gagne, Westminster College, ISBN: 978-0-470-12872-5 ©2009 Willey
Available by: [GMU Bookstore] [Willey] [Amazon] [Author's site]

  • Class Projects: 80%
  • Class Presentations: 15%
  • Class Participation: 5%
  • No Midterm or Final

The students must achieve a total score of at least 90 (out of 100) to be considered for an A. This class is an upper-level class and is geared towards understanding the fundamental concepts behind Security for Computer systems. The students will be expected to participate in large projects under the guidance of the instructor.

Computer Accounts:

All students should have accounts on the central Mason Unix system mason.gmu.edu (also known as osf1.gmu.edu)
and on IT&E Unix cluster zeus.ite.gmu.edu (Instructions and related links are here). Please read the FAQ if you have any questions. Students can work in IT&E computer labs for programming projects during the specified hours.

Please read the University's Academic Honesty Page and GMU Honor Code.

Disability Statement
If you have a documented learning disability or other condition that may affect academic performance you should:
1) Make sure this documentation is on file with the Office of Disability Services.
All academic accommodations must be arranged through the ODS. http://ods.gmu.edu
2) Talk with me to discuss your accommodation needs.

Other Usefull Resources
Writing Center: A114 Robinson Hall; (703) 993-1200; http://writingcenter.gmu.edu
University Libraries: “Ask a Librarian” http://library.gmu.edu/mudge/IM/IMRef.html
Counseling and Phychological Services (CAPS): (703) 993-2380; http://caps.gmu.edu
University Policies: The University Catalog, http://catalog.gmu.edu, is the central resource
for university policies affecting student, faculty, and staff conduct in university affairs.

Class Schedule

Week & Date
Course Lectures & Readings (Tentative)

Week 1, Sept 2

Introduction and Class Mechanics [PDF]

Week 2, Sept 9

Anonymity and Privacy Systems

Anonymous Network Connectivity: [TOR] [Onion Routing]
*Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, and Paul Syverson, Proceedings of the 13th USENIX Security Symposium, August 2004.

*Providing Mobile Users' Anonymity in Hybrid Networks
Claudio Ardagna, Sushil Jajodia, Pierangela Samarati, and Angelos Stavrou.
To appear in Proceedings of the 15th European Symposium on Research in Computer Security
(ESORICS 2010). September 2010, Athens, Greece.

Universal Re-encryption for Mixnets
, Philippe Golle, Markus Jakobsson, Ari Juels, Paul Syverson, The Cryptographers' Track at the RSA Conference, 2004.

Traffic Analysis:
*Traffic Analysis Against Low-Latency Anonymity Networks Using Available Bandwidth Estimation Sambuddho Chakravarty, Angelos Stavrou, and Angelos D. Keromytis.
To appear in Proceedings of the 15th European Symposium on Research in Computer Security
(ESORICS 2010). September 2010, Athens, Greece.

*Practical Traffic Analysis: Extending and Resisting Statistical Disclosure
, Nick Mathewson and Roger Dingledine. Proceedings of Privacy Enhancing Technologies workshop (PET 2004).

Low-Cost Traffic Analysis of Tor, Steven J. Murdoch and George Danezis. Proceedings of the 2005 IEEE Symposium on Security and Privacy, May 2005.


Week 3, Sept 16

Study Network Packet Capture, Analysis tools in the Lab [Tools]
Dynamic Application-Layer Protocol Analysis for Network Intrusion Detection,
Holger Dreger et.al. Proceedings of the 15th USENIX Security Symposium, August 2006.

Hamsa : Fast Signature Generation for Zero-day Polymorphic Worms with Provable Attack Resilience. Zhichun Li et.al. Proceedings of IEEE Symposium on Security and Privacy 2006

On the Infeasibility of Modeling Polymorphic Shellcode

Yingbo Song, et.al. Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS), November 2007, Alexandria, VA

Week 4, Sept 23

Introduction to Android Programming [PDF]

Android Programming Resources

Google Android SDK [HTML]

Developer's Guide [HTML]

Google I/O 2009 [Video]

Android Emulator [HTML]

Android Debug Bridge [HTML]

Security Enforcement in Mobile Devices [PDF]

Semantically Rich Application-Centric Security in Android [PDF]
Machigar Ongtang, Stephen McLaughlin, William Enck, and Patrick McDaniel.
(ACSAC), December 2009.

Week 5, Sept 30

Project I Discussion & Assignments

Open Lab - Application Development for Android

Android Programming Model using HTML for the UI [HTML]

Android Kernel Programming How To [HTML]

IBM's Tapping into Android Sensors' Page [HTML]

Week 6, Oct 7

Wireless Security Lab

What? Why? How? The effects of Wardriving, sinkhole, and Man-in-the-middle attacks

Discussion: Passive vs Active Attacks

Understanding Wireless attacks detection SANS [PDF]

Week 7, Oct 14

Group Paper Discussion

- Identify cases where the initial security design fails when the operating environment changes

- What is the implication of a new environment for Security Design?

- Does this have any impact on design of new products?

Week 8, Oct 21

Team Paper Discussion

- Each Team has to present one paper

- Prepare a related work section for your project

Analysis of Current OS and Application Vulnerabilities

Android Application Debugging [HTML]
Android Kernel Debbugging [PDF]
Creating a keyboard logger using Common Tasks and How to Do Them in Android [HTML]

Week 9, Oct 28

USB Exploitation for Mobile Devices

Open Project Session

Focus on Team Project Discussions & Presentation

Week 10, Nov 4

Team Paper Discussion

- Each Team has to present one paper
- Prepare a related work section for your project

Week 11, Nov 11

Defenses & Collaborative Intrusion Detection

Week 12, Nov 18
Program Analysis & Malware in Mobile Devices
Week 13, Nov 25
No Lecture - Thanksgiving Recess
Week 14, Dec 2

Class Recap and Discussion

Lessons Learned - Security Science

Week 15, Dec 9

Individual Team Meetings

- Each Team has to meet with the Instructor
- Work on your Project and Class Presentation for next week

Week 16, Dec 16

Final Project Presentations (10' each team, discussion)
Home -  Publications - Teaching - CV - Contact

Last updated:
Please feel free to send your comments and suggestions to Angelos Stavrou.
© 2010 Angelos Stavrou, Computer Science Department, George Mason University.