CS 671 – Seminar In Computer Science

Secure Computing in the Post-PC World

 

Thu D. Nguyen

tdnguyen@cs.rutgers.edu

 

Tuesday 11:30 – 2:30, CoRE A*

 

 

Abstract.  It’s 8am somewhere in the world, is your Internet Service accessible to your millions of customers?  Or are all your resources “spinning their wheels” because of a denial of service (DoS) attack?

 

You are in an airport watching the news.  Suddenly, you see that the stock market has taken a nosedive.  You rush to a public kiosk to place a buy J (or sell L) order through your Internet brokerage.  Did a malicious program running on the kiosk just obtain sensitive information such as your account number and password?

 

With the explosion of the Web and Web-based services, we are increasingly trusting the storage, management, and manipulation of critical personal (and business) data to computers.  Examples include electronic banking and commerce and the storage of medical data on-line.  At the same time, our computing infrastructure is evolving rapidly into an interwoven collection of heterogenous hardware (e.g., servers, desktops, public kiosks, and mobile devices) and software (e.g., Java servlets and applets) components.  Together, these trends make secure computing a difficult but interesting problem.  Clearly, we want to protect the confidentiality, integrity, and availability of our data.  The expected computing environment, however, makes this especially challenging: security can be compromised at numerous different points using numerous different attacks!  For example, consider the example above of placing a stock purchase order through a public kiosk.  The security of this operation can be compromised through any of the following: a malicious program is running on the untrusted kiosk and steals sensitive information, a malicious program is stealing sensitive information by “sniffing” your network packets, a DoS attack is being directed at the broker’s servers.

 

In this seminar, we will study “end-to-end” secure computing.  Topics include:

 

·        Operating system security mechanisms and policies

·        Detecting and tracing DoS attacks

·        Intrusion detection

·        Secure execution of mobile code (e.g., Proof Carrying Code and Java byte-code verification)

·        Protection of confidential information when using public (untrusted) access points

 

The goal of this seminar is to build enough knowledge in security to find research issues and topics.

 

 

Requirements.  Some background in operating systems, distributed systems, and networking would be helpful.  Background in security is not necessary; we’ll be developing the necessary background in the seminar.  Each student will be required to do a project.

 

 

* Seminar meeting time may be flexible.  If you are interested in the seminar but cannot attend at this time, send me email with some proposed alternate times (as many as possible).