System Security Topics on Advanced OS Course

 

General Principals

--------------------------

There is a trend that smart devices, desktop computers, servers are evolving from close OS, fixed applications, and no connectivity to open OS, flexible services and with connectivity. However, the security for this domain is much weaker than traditional PC domain. Therefore, it is necessary to add security education related to system security in “Advanced OS” course for computer science major graduate students in Depart. of CS, Tsinghua University.

 

Topics

===============

Coursewares

--------------------------

1.      Software Security Overview

Introduction History of softeare security.  Confidentiality, integrity and availability.  Security and ethics.

2.      Buffer Overflow Security

buffer overflows and other memory safety bugs

integer overflows, format string bugs

3.      OS Security

OS security model, security capabilities, security mechanism

4.      Mobile Security

Topics of Android Security

5.      Internet Security

XSS, XCRF, SQLI, etc

 

Labs

--------------------------

1.      Lab1: Buffer Overflow attack

 

Summary of Papers

--------------------------

1.      KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs

2.      KINT: Improving Integer Security for Systems with KINT

3.      SymDrive: Testing Drivers without Devices

 

 

PROJECT LEADS

----------------------------

Shi Yuanchun, Tsinghua University

Yu Chen, Tsinghua University

 

SPONSORS

------------------------

Intel Corporation