This course aims to educate students in the design and
implementation techniques for assuring security of software
applications. While many courses in computer security concentrate on
cryptographic techniques and prevention of intrusion in computer
systems, this course concentrates on writing software programs that
make it difficult for intruders to exploit security holes. The course
will have emphasis on writing secure distributed programs in Java. We
will explore the security ramifications of class, field, and method
visibility, sending data between components of a distributed program
via Java's Remote Method Invocation mechanism, data integrity, as well
as configuring the security policy for distributed program components.
The students will be asked to design and implement a program for
running online auctions. To make this task less daunting, partial
implementation will be provided by the instructor. The security of
completed programs will be evaluated by the instructor by attempting
to disrupt operations of running student programs.
- I have put final grades in the Gradebook on the MyPoly page for this course. If you don't know how to use MyPoly, drop me an email and I will tell you your grade.
- Schedule of the group meetings with me
- Below is the schedule of group meetings with me on 5/14,
following the final stage of the project. The purpose of these is for
me to get informal feedback from you on the project. You should be
able to demonstrate running a regular user client using your
bookauction server installation. After that we'll chat
about your design, your efforts to break other teams' servers, and
(if you have information about it) about successful efforts by other
teams to break yours.
Please select one time slot per group and send me an email with your
choice. Actually, select several time slots that would work for your
group (in order of preference), since I'll be assigning slots on a
first-come-first-server basis. If your group cannot make it on 5/14
or you would rather meet earlier, send me your proposed meeting date
||Group 5: Gary Lee, Yuliya Levit
||Group 6: Hanning Gao, Emmanuel Harelimana,
||Group 3: Tai-Chia Lien, Bum Joon Kim, Chun Cheung
||Group 1: Karlil Amisial, Chirag Chhatriwala, Abhinav Guatam
||Group 2: Ronak Patel, Shyam Iyer
||Group 7: Emre Celebi
||Group 4: Sofia Ahmed, Christo Kojouharov, Ruslan Sivak
- Some hints for attacking bookauction servers
- A couple of people asked for directions in trying to break other groups' servers. Here are some ideas.
- Many groups added session beans that all clients are supposed to go through. So, theoretically, one way to attack is for the attacker to try to call the entity bean
- Try calling methods that non-admin clients are not supposed to call, like
- Try crashing the server by passing illegal or "weird" values of arguments (
null, a bid for an auction that doesn't exist, a bid by a user that does not exist, calling the
add(IAuction) method with the same argument twice etc).
- Examine the serialized form of objects that may potentially contain sensitive data. For example, if an
IUser object is used in serialization, maybe the password is a private field?
- Test for weaknesses in the implementation of the bidding logic. Make sure that no bids lower than the current highest bid are accepted.
- Analyze the flow of data between the server and clients. If some data is supposed to be modified and returned by clients (auction objects in my design), try modifying these objects in illegal ways (e.g. removing some bids from an auction).
- Lecture 12 was uploaded into Lecture section