cse 291
play

CSE 291 Building Secure Systems using Programming Languages and - PowerPoint PPT Presentation

May 26, 2023 •381 likes •896 views

CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs 5:00-6:20PM Deian Stefan UC San Diego Who am I? New assistant professor PhD at Stanford (Mazieres & Mitchell) I like to build secure

  1. CSE 291 Building Secure Systems using Programming Languages and Analysis Fall 2016 Tue/Thurs 5:00-6:20PM Deian Stefan UC San Diego

  2. Who am I? • New assistant professor ➤ PhD at Stanford (Mazieres & Mitchell) • I like to build secure systems and think about them formally ➤ Security + Systems + PL ➤ Large focus: web servers and web browsers • I have a startup: security runtime sys for node • I sometimes participate in W3C spec work

  3. Who are you? (Please write your name on paper and put in in front of you.)

  4. Today • Details about the course • Course topics • Read and discuss paper

  5. Administrivia • Course website ➤ https://cseweb.ucsd.edu/~dstefan/cse291-fall16 ➤ https://cse291.programming.systems • Contact ➤ Piazza: https://piazza.com/ucsd/fall2016/cse291 ➤ Personal: deian+cse291@cs.ucsd.edu • Office hours ➤ Wed 1:30-2:30PM

  6. Course objectives • Objectively read research papers • Think critically (sometimes formally) about security and system designs • Work on a research project that spans PL, OS, and security ➤ Leverage ideas from one domain to solve problems in another • Present research results

  7. Course objectives • Objectively read research papers • Think critically (sometimes formally) about security and system designs • Work on a research project that spans PL, OS, and security ➤ Leverage ideas from one domain to solve problems in another • Present research results

  8. Course objectives • Objectively read research papers • Think critically (sometimes formally) about security and system designs • Work on a research project that spans PL, OS, and security ➤ Leverage ideas from one domain to solve problems in another • Present research results

  9. Course objectives • Objectively read research papers • Think critically (sometimes formally) about security and system designs • Work on a research project that spans PL, OS, and security ➤ Leverage ideas from one domain to solve problems in another • Present research results

  10. Course style • Read and discuss 1 paper / class meeting ➤ Short writing assignments due before each class ➤ Most class time will be spent discussing papers • Work on a relatively large project ➤ Short presentation at the end of quarter ➤ Short write-up (approx. 5pp) at the end of quarter

  11. Course style • Read and discuss 1 paper / class meeting ➤ Short writing assignments due before each class ➤ Most class time will be spent discussing papers • Work on a relatively large project ➤ Short presentation at the end of quarter ➤ Short write-up (approx. 5pp) at the end of quarter

  12. Writing assignments (30%) • Summarize paper ➤ Main points, 1-2 paragraphs ➤ Exemplary summaries may be posted on course site • Answer questions ➤ Goal: think deeply about the paper ➤ Non-goal: testing you ➤ Exemplary/interesting answers may be posted on site

  13. Writing assignments (30%) • Summarize paper ➤ Main points, 1-2 paragraphs ➤ Exemplary summaries may be posted on course site • Answer questions ➤ Goal: think deeply about the paper ➤ Non-goal: testing you ➤ Exemplary/interesting answers may be posted on site

  14. Class participation (25%) • Lead the discussion one paper ➤ Choose paper (will post howto on Piazza) ➤ Write discussion notes to be posted on site ➤ Keep the class engaged with questions/comments ➤ Often helpful to read some of the related work to get more breadth/depth ➤ Come talk to me about other resources

  15. Class participation (25%) • Come to class prepared to discuss paper ➤ No discussions = no fun ➤ Read paper 2-3 times, small details matter ➤ Come with feedback, thoughts, and questions ➤ Question the paper problem statement, question assumptions, question solution, question evaluation, question everything! ➤ Post comments, questions, etc. on Piazza

  16. One rule http://imgur.com/gallery/T8I86

  17. One rule http://imgur.com/gallery/T8I86

  18. Final project (45%) • Work on original research ➤ Build a new system or extend an existing one, formalize/prove something about a system, disprove the results of an existing paper, etc. • Can use your research for the final project ➤ Please confirm this with me first • I will provide a list of project ideas soon

  19. Final project (45%) • Work on original research ➤ Build a new system or extend an existing one, formalize/prove something about a system, disprove the results of an existing paper, etc. • Can use your research for the final project ➤ Please confirm this with me first • I will provide a list of project ideas soon

  20. Final project (45%) • Form teams of 2-3 people in next 2 weeks ➤ Outside this range: come talk to me • Mid-quarter updates ➤ Come talk to me about status of project • Final presentation and write-up ➤ Show off what you did ➤ Tell us what you learned +where/why/how things failed ➤ Write short conference-like paper describing your work

  21. Final project (45%) • Fallback: paper reading project ➤ Alternative to building ➤ Read handful of papers on common theme ➤ Come up with research direction from the papers • Must get approval for this from me ➤ Expectation: understand the papers and area deeply

  22. Final project (45%) • Fallback: paper reading project ➤ Alternative to building ➤ Read handful of papers on common theme ➤ Come up with research direction from the papers • Must get approval for this from me ➤ Expectation: understand the papers and area deeply

  23. Grading summary • Writing assignments (30%) • Class participation (25%) • Final project (45%) • No exams!

  24. You’ll also get 2 free passes • 2 no-questions asked passes towards ➤ Writing assignments ➤ Class participation (not when leading discussion) • What does this mean? ➤ You didn’t do the writing assignment (in time): use up a pass ➤ You can’t show up to class: use up a pass • Exceptional cases: contact me http://www.lovelyspanyc.com/wp-content/uploads/2014/05/Special-Offer.gif

  25. You’ll also get 2 free passes • 2 no-questions asked passes towards ➤ Writing assignments ➤ Class participation (not when leading discussion) • What does this mean? ➤ You didn’t do the writing assignment (in time): use up a pass ➤ You can’t show up to class: use up a pass • Exceptional cases: contact me http://www.lovelyspanyc.com/wp-content/uploads/2014/05/Special-Offer.gif

  26. Collaboration policy: collaborate! • Talk with each other, talk on Piazza ➤ Good ideas come from talking to smart people • Writing assignments ➤ Write your own, but if you discussed with others/ used external resources: acknowledge them • Project ➤ Talk to others about your project, acknowledge them in your write-up if it helped/led to something

  27. Again,

  28. Again,

  29. Who should take this class? • Those interested in learning how to: ➤ build secure systems ➤ use various (PL) techniques to address security ➤ reason about security using PL semantics

  30. Prerequisites • Programming languages ➤ Type systems, structural operational semantics, parse trees, CFGs • Operating systems ➤ Processes, virtual memory, concurrency, CPU modes • Security ➤ Web security, buffer overflows, TLS, MPC

  31. Prerequisites • Some familiarity + willingness to learn • If you’re not familiar with something: ask! ➤ I can post external resources (e.g., book chapters) ➤ Post on Piazza: others can help explain things ➤ Ask questions in class ➤ Come to office hours • Not knowing something is okay ➤ Asking + providing help counts towards participation

  32. Prerequisites • Some familiarity + willingness to learn • If you’re not familiar with something: ask! ➤ I can post external resources (e.g., book chapters) ➤ Post on Piazza: others can help explain things ➤ Ask questions in class ➤ Come to office hours • Not knowing something is okay ➤ Asking + providing help counts towards participation

  33. Today • Details about the course • Course topics • Read and discuss paper

  34. Topics We’re going to learn how different PL techniques can be used to provide security in various systems domains

  35. PL techniques • Language runtime security monitors • Type systems for enforcing security • Authenticated data structures • Domain specific languages • Symbolic execution and micro-grammars • Refinement types and protocol verification

  36. Security properties/mechanisms • Mandatory access control and confinement • Least privilege • Privilege separation • Software fault isolation • Control flow integrity

  37. System domains • Language runtimes • Server-side web frameworks • Browser and extension architectures • New and existing operating systems • New hardware architectures • Cryptography and network protocols

  38. Example: server-side security • Problem: web apps are leaking user data • Why? ➤ Apps are plagued with bugs ➤ Bugs have security implications ➤ Most code runs with privilege of process: grave

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lessons from the Coalbed Methane Boom in Wyoming Kathryn Bills Walsh, Montana State University

Lessons from the Coalbed Methane Boom in Wyoming Kathryn Bills Walsh, Montana State University

Lessons from the Coalbed Methane Boom in Wyoming Kathryn Bills Walsh, Montana State University Dr. Julia H. Haggerty, Montana State University ASMR April 10, 2017 Mitigating destructive legacies: Reclamation of natural gas production sites

239 views • 22 slides
Propagation of Interval and What We Do in This . . . Probabilistic Uncertainty in Chapter 2:

Propagation of Interval and What We Do in This . . . Probabilistic Uncertainty in Chapter 2:

Need for Data . . . Need to Take . . . Measurement . . . Propagation of . . . Propagation of Interval and What We Do in This . . . Probabilistic Uncertainty in Chapter 2: Towards . . . Chapter 3: Towards . . . Cyberinfrastructure-Related

1.09k views • 65 slides
Location Problems using Branch-and and-Benders-Cuts Ivana Ljubic ESSEC Business School, Paris

Location Problems using Branch-and and-Benders-Cuts Ivana Ljubic ESSEC Business School, Paris

Solving Very ry Large Scale Covering Location Problems using Branch-and and-Benders-Cuts Ivana Ljubic ESSEC Business School, Paris Based on a joint work with J.F. Cordeau and F. Furini IWOLOCA 2019 , Cadiz, Spain, February 1, 2019 Covering

854 views • 43 slides
Many thanks to the organizers Asia: Austrian Radiologists presents their US/Mammo trial

Many thanks to the organizers Asia: Austrian Radiologists presents their US/Mammo trial

6/7/2017 Managing Women with Dense Breast in Europe, Many thanks to the organizers Asia: Austrian Radiologists presents their US/Mammo trial Research Fellow, University California San Francisco (UCSF); Molecular TH. Helbich Imaging

354 views • 13 slides
Drawing uniformly at random in dynamic sets of paths Fr ed eric Voisin, Marie-Claude Gaudel

Drawing uniformly at random in dynamic sets of paths Fr ed eric Voisin, Marie-Claude Gaudel

Drawing uniformly at random in dynamic sets of paths Fr ed eric Voisin, Marie-Claude Gaudel LRI, Univ Paris-Sud, CNRS, CentraleSup elec, Universit e Paris-Saclay, France Frederic.Voisin@lri.fr, marieclaude.gaudel@gmail.com CLA 2019,

650 views • 22 slides
Solving (Problems with) Quantified Boolean Formulas: Recent Trends and Challenges Florian Lonsing

Solving (Problems with) Quantified Boolean Formulas: Recent Trends and Challenges Florian Lonsing

Solving (Problems with) Quantified Boolean Formulas: Recent Trends and Challenges Florian Lonsing Knowledge-Based Systems Group, Vienna University of Technology, Austria http://www.kr.tuwien.ac.at/staff/lonsing/ 25th International Joint

1.21k views • 104 slides
Highlights from the art Users' Meeting, the FIFE workshop, and the LArSoft Usability Workshop

Highlights from the art Users' Meeting, the FIFE workshop, and the LArSoft Usability Workshop

Highlights from the art Users' Meeting, the FIFE workshop, and the LArSoft Usability Workshop Tom Junk DUNE Software and Computing General Meeting June 27, 2016 First an Announcement: ProtoDUNE Science Workshop@CERN June 28 to June 30

505 views • 22 slides
About Directed Fuzzing and Use-After-Free: How to Find Complex & Silent Bugs? Manh-Dung

About Directed Fuzzing and Use-After-Free: How to Find Complex & Silent Bugs? Manh-Dung

About Directed Fuzzing and Use-After-Free: How to Find Complex & Silent Bugs? Manh-Dung Nguyen, Sbastien Bardin, Matthieu Lemerre (CEA LIST) Richard Bonichon (Tweag I/O) Roland Groz (Universit Grenoble Alpes) #BHUSA @BLACKHATEVENTS

546 views • 44 slides
or how to survive a PhD Don ont P Panic nic or how to survive a PhD

or how to survive a PhD Don ont P Panic nic or how to survive a PhD

or how to survive a PhD Don ont P Panic nic or how to survive a PhD Jilles V Vreeke ken Disclaimer 1) Im not the useful type of doctor Disclaimer 1) Im not the useful type of doctor. 2) Any

1.61k views • 145 slides
IE1206 Embedded Electronics PIC-block Documentation, Seriecom Pulse sensors Le1 Le2 I , U , R ,

IE1206 Embedded Electronics PIC-block Documentation, Seriecom Pulse sensors Le1 Le2 I , U , R ,

IE1206 Embedded Electronics PIC-block Documentation, Seriecom Pulse sensors Le1 Le2 I , U , R , P , serial and parallel Le3 Ex1 KC1 LAB1 Pulse sensors, Menu program Start of programing task Kirchhoffs laws Node analysis Two-terminals

734 views • 55 slides
The Recent Resurgence of the Electric Car The zero-emissions e-car went extinct a century ago.

The Recent Resurgence of the Electric Car The zero-emissions e-car went extinct a century ago.

The Recent Resurgence of the Electric Car The zero-emissions e-car went extinct a century ago. Now it is back in a big way, thanks to a complete redesign of the usual sedan's innards. Theres nothing under the hood. Or trunk. You have to

1.25k views • 70 slides
About William Bill Mason http://www.aoe.vt.edu/people/faculty/whmason.html R S Pant The Boss A

About William Bill Mason http://www.aoe.vt.edu/people/faculty/whmason.html R S Pant The Boss A

Aircraft Configuration Design Prof. Rajkumar S. Pant Aerospace Engineering Department IIT Bombay rkpant@aero.iitb.ac.in Credits: Mr. Vishaal Sharma, Junior Research Fellow, Aerospace Engg. Deptt, IIT Bombay About William Bill Mason

563 views • 20 slides
The Frequency Comb (R)evolution Thomas Udem Max-Planck Institut fr Quantenoptik

The Frequency Comb (R)evolution Thomas Udem Max-Planck Institut fr Quantenoptik

The Frequency Comb (R)evolution Thomas Udem Max-Planck Institut fr Quantenoptik Garching/Germany 1 The History of the Comb Derivation of the Comb Self-Referencing 2 3 Mode Locked Laser as a Comb Generator Mode Locked Laser as a

972 views • 50 slides
THE GREAT PACIFIC WAR: U.S. v. JAPAN, 1940-1945 1 October 2020: FACTORS OF WAR Dr. Joe

THE GREAT PACIFIC WAR: U.S. v. JAPAN, 1940-1945 1 October 2020: FACTORS OF WAR Dr. Joe

THE GREAT PACIFIC WAR: U.S. v. JAPAN, 1940-1945 1 October 2020: FACTORS OF WAR Dr. Joe Fitzharris Professor Emeritus of History The University of St. Thomas OVERVIEW DISTANCE LOGISTICS KNOWLEDGE & TECHNOLOGY STRATEGIC

802 views • 34 slides
For personal use only Manager Companies Company Announcements Office Australian Securities

For personal use only Manager Companies Company Announcements Office Australian Securities

21 November 2019 For personal use only Manager Companies Company Announcements Office Australian Securities Exchange Limited Level 4, Stock Exchange Centre 20 Bridge Street SYDNEY NSW 2000 Dear Sir / Madam BWX Limited: Chairman and CEO

768 views • 28 slides
Welcome to CO@Work Sebastian Pokutta V I C E P R E S I D E N T A N D D I V I S I O N H E A D

Welcome to CO@Work Sebastian Pokutta V I C E P R E S I D E N T A N D D I V I S I O N H E A D

Welcome to CO@Work Sebastian Pokutta V I C E P R E S I D E N T A N D D I V I S I O N H E A D M A T H E M A T I C A L A L G O R I T H M I C I N T E L L I G E N C E A I I N S O C I E T Y , S C I E N C E , A N D T E C H N O L O G Y ( A I

293 views • 4 slides
Introduction to Introduction to with Application to Bioinformatics with Application to

Introduction to Introduction to with Application to Bioinformatics with Application to

Introduction to Introduction to with Application to Bioinformatics with Application to Bioinformatics - Day 3 - Day 3 Review Day 2 Review Day 2 Give an example of a tuple What is the difference between a tuple and a list? How would you

972 views • 38 slides
How Might You Teach a Genre in Your Class? My discipline is Rhetoric and Writing. We are

How Might You Teach a Genre in Your Class? My discipline is Rhetoric and Writing. We are

How Might You Teach a Genre in Your Class? My discipline is Rhetoric and Writing. We are interested in how Identify a genre in your discipline. people use language to make Think about an assignment that will allow things happen in the

374 views • 8 slides
Project Informa.on Metadata? David Filip Agenda What is

Project Informa.on Metadata? David Filip Agenda What is

Project Informa.on Metadata? David Filip Agenda What is related? What to cover? Project Informa.on If .me allows Process State (general

257 views • 6 slides
Func%onal)Dependencies) Chapter)3) 1) 2) 3)

Func%onal)Dependencies) Chapter)3) 1) 2) 3)

Func%onal)Dependencies) Chapter)3) 1) 2) 3) O"en,&our&first&a.empts&at&DB&schemas&can&be& improved,&especially&by&elimina;ng& redundancy .& &

1.13k views • 51 slides
music genre recognition karin kosina kyrah@gnu.org systems in motion music genre recognition

music genre recognition karin kosina kyrah@gnu.org systems in motion music genre recognition

music genre recognition karin kosina kyrah@gnu.org systems in motion music genre recognition p.1/22 [ mugrat ] music genre recognition by analysis of texture kyrahs masters thesis at fh hagenberg system for

650 views • 30 slides
Telling His Stories: The Artistry of the Biblical Narrative Chafer Theological Seminary Bible

Telling His Stories: The Artistry of the Biblical Narrative Chafer Theological Seminary Bible

Telling His Stories: The Artistry of the Biblical Narrative Chafer Theological Seminary Bible Conference March 2019 1 Dr. Mark McGinniss LOVE 2 We gain grammatical knowledge when we understand the rules that govern a particular

742 views • 23 slides
AUTHORSHIP CLASSIFICATION: A SYNTACTIC TREE MINING APPROACH SANGKYUM KIM, HYUNGSUL KIM, TIM

AUTHORSHIP CLASSIFICATION: A SYNTACTIC TREE MINING APPROACH SANGKYUM KIM, HYUNGSUL KIM, TIM

AUTHORSHIP CLASSIFICATION: A SYNTACTIC TREE MINING APPROACH SANGKYUM KIM, HYUNGSUL KIM, TIM WENINGER, JIAWEI HAN DEPT OF COMPUTER SCIENCE UNIV OF ILLINOIS AT URBANA-CHAMPAIGN UP@KDD10 (July 2010, Washington DC) Outline Background

702 views • 22 slides
Classifying fake news using supervised learning with NLP Katharine Jarmul Founder, kjamistan

Classifying fake news using supervised learning with NLP Katharine Jarmul Founder, kjamistan

DataCamp Natural Language Processing Fundamentals in Python NATURAL LANGUAGE PROCESSING FUNDAMENTALS IN PYTHON Classifying fake news using supervised learning with NLP Katharine Jarmul Founder, kjamistan DataCamp Natural Language Processing

380 views • 20 slides

More recommend