I know you guys have been eager to see the next assignment. Here it goes – assignment 2 is posted. The deadline is still 2 weeks. This assignment involves Linux kernel hacking and hands-on experience with LSM modules. I was thinking about the kernel module approach then I realized that you guys would miss a good opportunity to do some real kernel hacking. Meanwhile, I also consider the fact that it might be your first time hacking the Linux kernel. There are 3 different parts within this assignment, each of which is built upon on each other. The bottom line is I hope everyone can get the 1st part done to get the 50% points. If you push harder (or want more fun), the 2nd part is definitely doable as well. The 3rd part will also be within your research once you have finished the first two parts.
It is possible that this assignment will be our last one (I hope now and I am still planning for another one involving Intel SGX and ARM TrustZone). If that is the case, I will make sure these two assignments take enough portion of points in the final grading.
Remember: if you get stuck somewhere, use google, find friends, talk with your classmates, or even ask questions in/out-side the class. Linux kernel hacking is not rocket science but it definitely takes some time to get started if it is totally new to you. Start this assignment ASAP if possible.
Let’s have our “midterm” this Wed (10/30) before ghosts start to haunt. Everyone should have 15 min in total: 10~12 min presentations about your final project + 3~5 min Q&A. I will give a score based on the “technical merit” of the final project, the quality of your presentation, and your progress of the final project.
For the presentation, you could consider including slides for the technical area, the problem that you are trying to solve, the security model of your approach (again, what is a security model?), your methodology, design, implementation, evaluation, progress, and etc. Make sure you are able to make your audience understand how cool your final project is while demonstrating enough technical depth.
For the presentation, you could use the machine in our classroom, bring your own laptop, or even use my laptop (please let me know ahead of time if this is the case). Look forward to seeing cool projects from you guys~
I’ve finished the grading for Assignment-1 on Blackboard. I assume you could see your score within the system now. If your score does not look right, please let me know. Happy Oct break!
In later Oct or early Nov, we will have our midterms. At this point, everyone should have started their final project and have some progress to report. I’m looking forward to hearing about these cool projects!
As mentioned, I will be traveling for the whole week next week. Prof. Antonio Bianchi will give a guest lecture on Android security model (e.g., Permission model) on Mon. Please be there and have fun. You could find more fun if you apply the things we have learned so far (e.g., Reference monitor concept) to Android security.
For the class on Wed, there is no need to show up in the class. Instead, please watch an awesome talk from Uncle Ahmad on TEE. Assignment 3 will be some TEE hands-on involving both Intel SGX and ARM TrustZone. Happy weekend~
I have been told, I quote, “Fall 2019 CS 59000 Operating System Security course has been approved for inclusion on an MS or PhD plan of study per the grad chair.”, and “Your course may still be added by students thru October 22nd, if desired.”
As the title, please check out Assignment 1 on the blog. Like we mentioned before, the deadline is in 2 weeks.
I have uploaded the slides of the first 2 weeks into the Blackboard system. If they are still not available, please let me know. Also, please keep these slides by yourself instead sharing them publicly (e.g., via github).
Someone asked about assignments and I figured it might be a good idea to write it down here. In general, we are gonna have 4 assignments in total. The first one will be about Multics (it’s perfect if you have never heard of it:). The 2nd one will be about Linux Security Module (LSM), which involves Linux kernel hacking (excited?). The 3rd one will focus on Trusted Execution Environment (TEE). Specifically, we will play with Intel SGX and ARM TrustZone (thrilled?). The last one will be about kernel fuzzing and we will fuzz the Linux kernel.
You could find the general schedule for each assignment from the syllabus. The deadline for each assignment will be 2 weeks. I don’t plan to make these assignments challenging but you do need some effort to learn if you are not familiar with some of the topics. Nevertheless, it is definitely doable! I will publish each assignment once we reach the corresponding topic.
I was asked if this course could be added into “planned studies” for Ph.D. students after our first class yesterday. Here is a quick update: we are working on it now. By “we”, I mean some staffs within the department and myself. I am hoping to get it approved soon, e.g, within the next few weeks. Meanwhile, there is a caveat: for a better chance to get this course approved, I will need to add a midterm exam:( Nevertheless, I do not think this newly added will change my intention for this course, which is learning things while having fun. Let me know if you have other concerns. See you guys tomorrow~
Please leave a comment by explicitly writing that you have read the ethics statement and agree to abide by it.
The purpose of this assignment is to get yourself familiar with leaving a comment on this blog, and to allow me to sleep well during nights.