ISA 673 Fall 2008 Course Syllabus (Last update: Aug 20, 2008)

Course Information

Course title:

Operating Systems Security


Course number:

ISA 673, Section 001

Course discipline:

Information Security and Assurance;
See Masters in Information Security and Assurance

Course description:

2007-2008 Catalog Description

ISA 673: Operating Systems Security (3:3:0). Prerequisites: CS571 and ISA 562; or permission of instructor. This course covers both fundamentals and advanced topics in operating system (OS) security. It will study OS level mechanisms and policies in investigating and defending against real-world attacks on computer systems, such as self-propagating worms and large-scale botnets. Basic OS security techniques such as logging, system call auditing, and memory protection will be discussed. Recent advanced techniques such as honeypots and honeyfarms, system randomization, vulnerability fingerprinting, and virtualization will also be introduced.

Course Overview

The course focuses on the study of fundamentals and advanced topics in operating system (OS) security. Most topics will largely be introduced through assigned readings and classroom presentations. Students are required to complete readings before the lecture, as the instructor and student discussions will be directed by the paper contents.  We are not penguins!

A rough outline of some of the course topics that may be covered is as follows:

  1. Introduction
    1. Operating Systems (OS)
    2. Types of Threats
    3. Basic OS Security Mechanisms
  2. Understanding the Threats
    1. Malware Taxonomy
    2. Viruses
    3. Worms
    4. Rootkits
    5. Defense -- An Overview
  3. Logging, Auditing, and Recovery
    1. Log Generation
    2. Log Auditing
    3. Log-based Recovery
  4. OS-level Memory Protection
    1. Review of OS Memory Management
    2. NX Bit
    3. Randomization
  5. Honeypot and Honeyfarm
    1. Honeypot Taxonomy
    2. Recent Honeypot Advances
    3. Deployment and Liability
  6. Virtualization Technology and Applications
    1. Virtualization Taxonomy
    2. Security Applications
  7. Vulnerability Analysis
    1. Vulnerability Classification
    2. Defense against Known Vulnerabilities
    3. Defense against Unknown (0-day) Vulnerabilities
  8. Advanced Topic -- Worms
  9. Advanced Topic -- Rootkits
    1. Rootkit Basics
    2. Advanced Rootkit Techniques
    3. Rootkit Defense
  10. Advanced Topic -- Botnets


Course dates:

August 28 through December 11

Location:

Science & Tech I, Room 124

Meeting day & time:

Thursdays, 7:20pm -10:00pm; please be on time, let the instructor know ahead of time if you will be late or absent.  We will have a short break approximately midway through each class session.

Prerequisite(s):

CS571 and ISA 562; or permission of instructor


Course Web Site

http://courses.gmu.edu; all course materials and assignments will be posted here.

Instructor Information

Info:

Harry J. Foxwell, Ph.D. (GMU 2003), http://cs.gmu.edu/~hfoxwell
Sr System Engineer, Sun Microsystems Federal, Inc, and
Adjunct Professor of Computer Science, GMU/IT&E


Emails:

Please use this email for all course communications:
    hfoxwell@cox.net
and prefix the Subject: line with "ISA673: "

Office location:

Science and Tech Building 2, Room 430 (see administrator)


Office hours:

By appointment.


Phone:

703-204-4193; call any time, leave message on voicemail

Grading Policy


Student grades will be determined based on general class participation, lab exercises and paper reviews, a final project:

Component

Weight

General class participation
(in class & Web online discussion, etc)

10%

Paper Reviews (2)

25%

Lab Exercise(s)

25%

Final Project

40%
Grading Guidelines:

A   : 95-100%
A-  : 90-95%
B+ : 85-90%
B   : 80-85%
C   : 70-80%

Honor Code

Objectives and Goals:


All work performed in this course will be subject to GMU's Honor Code. Students are expected to do their own work in the course unless a group project is approved by the instructor. In papers and project reports, students are expected to write in their own words, rather than cutting-and-pasting from sources found on the Internet. If you do use material from books, journal articles, or the Web, enclose the material in quotes and provide a properly formatted reference.  See the Chicago Manual of Style for citation formatting requirements.

Textbooks

Required readings:


No specific textbook is required for this course. We will use research articles, technical reports, and technical specifications on the subject of operating system (OS) security.

Recommended reading:
  • Andrew S. Tanenbaum Modern Operating Systems, 2nd Edition, Prentice Hall PTR, 2001. ISBN 0-130-31358-0
  • Michael Palmer Guide to Operating Systems Security, Course Technology, 2004. ISBN: 0-619-16040-3
  • Matt Bishop Computer Security: Art and Science, Addison Wesley, 2003. ISBN 0-201-44099-7
  • Charles P. Pfleeger and Shari Lawrence Pfleeger Security in Computing, 3rd Edition, Prentice Hall PTR, 2002. ISBN 0-130-35548-8