Poly Logo

This course aims to educate students in the design and implementation techniques for assuring security of software applications. While many courses in computer security concentrate on cryptographic techniques and prevention of intrusion in computer systems, this course concentrates on writing software programs that make it difficult for intruders to exploit security holes. The course will have emphasis on writing secure distributed programs in Java. We will explore the security ramifications of class, field, and method visibility, sending data between components of a distributed program via Java's Remote Method Invocation mechanism, data integrity, as well as configuring the security policy for distributed program components. The students will be asked to design and implement a program for running online auctions. To make this task less daunting, partial implementation will be provided by the instructor. The security of completed programs will be evaluated by the instructor by attempting to disrupt operations of running student programs.



  • Final grades
    • I have put final grades in the Gradebook on the MyPoly page for this course. If you don't know how to use MyPoly, drop me an email and I will tell you your grade.

  • Schedule of the group meetings with me
    • Below is the schedule of group meetings with me on 5/14, following the final stage of the project. The purpose of these is for me to get informal feedback from you on the project. You should be able to demonstrate running a regular user client using your bookauction server installation. After that we'll chat about your design, your efforts to break other teams' servers, and (if you have information about it) about successful efforts by other teams to break yours.
      Please select one time slot per group and send me an email with your choice. Actually, select several time slots that would work for your group (in order of preference), since I'll be assigning slots on a first-come-first-server basis. If your group cannot make it on 5/14 or you would rather meet earlier, send me your proposed meeting date and time.
      Time Name
      10:00-10:30AM Group 5: Gary Lee, Yuliya Levit
      1:30-2:00PM Group 6: Hanning Gao, Emmanuel Harelimana, Weijin Zhao
      2:30-3:00PM Group 3: Tai-Chia Lien, Bum Joon Kim, Chun Cheung
      3:00-3:30PM Group 1: Karlil Amisial, Chirag Chhatriwala, Abhinav Guatam
      3:30-4:00PM Group 2: Ronak Patel, Shyam Iyer
      4:00-4:30PM Group 7: Emre Celebi
      4:30-5:00PM Group 4: Sofia Ahmed, Christo Kojouharov, Ruslan Sivak

  • Some hints for attacking bookauction servers
    • A couple of people asked for directions in trying to break other groups' servers. Here are some ideas.
      1. Many groups added session beans that all clients are supposed to go through. So, theoretically, one way to attack is for the attacker to try to call the entity bean StoreBean directly.
      2. Try calling methods that non-admin clients are not supposed to call, like add(IBook).
      3. Try crashing the server by passing illegal or "weird" values of arguments (null, a bid for an auction that doesn't exist, a bid by a user that does not exist, calling the add(IAuction) method with the same argument twice etc).
      4. Examine the serialized form of objects that may potentially contain sensitive data. For example, if an IUser object is used in serialization, maybe the password is a private field?
      5. Test for weaknesses in the implementation of the bidding logic. Make sure that no bids lower than the current highest bid are accepted.
      6. Analyze the flow of data between the server and clients. If some data is supposed to be modified and returned by clients (auction objects in my design), try modifying these objects in illegal ways (e.g. removing some bids from an auction).

  • Lecture 12 was uploaded into Lecture section