Operating Systems Security

COMP 5900T/CSI 5140 IT0 (Areas T, A, S). OCICIS page.

Page last updated: Jan 9, 2020.

Overview: The course examines past, present, and emerging approaches for securing operating systems. The focus is to provide a foundation for understanding requirements to secure hosts at the operating system level and survey the landscape of available tools and techniques for implementing security controls.

Topics covered: Operating system security: fundamentals and context. Methodologies for analyzing and evaluating the security of an operating system. Mandatory and discretionary access control. Secure operating systems: Multics and security kernels. Security analysis of general purpose operating systems (Windows, Linux/BSD, iOS, Android). Isolation architectures for data and processes: containers, sandboxing, virtual machines. Security of IoT operating systems (RIOT, Contiki, MbedOS). Alternative operating systems (Qubes, Plan 9).

  • Fridays 11:30 - 14:30 at Carleton University (Tory Building 230).
  • Instructor: David Barrera
  • Office hours: Fridays 14:30 - 16:00 (HP5131) or by appointment
  • Prerequisites: Introductory course in Operating Systems (e.g., COMP 3000) or equivalent. Introductory course in computer security is helpful but not mandatory.
  • Course textbook: None. Required readings are freely available online, or accessible through the university library.

Grading Scheme

  • 20% Assignment: Report of 4 OS security vulnerabilities (due Feb 7th. Details on cuLearn)
  • 30% Midterm (March 6th, in class). Covers all material up to test date.
  • 30% Research paper (Proposal due February 14th. Paper due April 13th. Details on cuLearn)
  • 10% Poster presentation (April 3rd, in class)
  • 10% Participation (attendance is mandatory)

Participation: This course is taught as a “flipped classroom”. Students prepare readings before class, and are actively involved during class for discussions, activities, challenges, etc. to deepen understanding of the material. Attendance is therefore mandatory.

cuLearn: We will use the cuLearn course management system for submitting assignments and projects, as well as for online discussion and access to additional resources. Carleton students registered in this course should automatically have access to it; UofO students will need to fill out the form found here, or check with a University of Ottawa administrator.

Tentative Schedule

(Subject to change)

Class 1: Introduction, overview of OS attacks, OS history

Class 2: Defining an ideal secure OS, the reference monitor, access control fundamentals

Class 3: Multics

Class 4: Unix/Linux security

Class 5: Mandatory Access Control: SELinux, Apparmor, GRSecurity

Class 6: Sandboxing: OpenBSD pledge(2), Linux seccomp(2), FreeBSD Capsicum

Reading week

Class 7: Mobile OS security: Android and iOS

Class 8: Midterm

Class 9: IoT OS security

Class 10: Virtualization, Containers, and Jails

Class 11: Alternative OSs: QubesOS, Plan 9/Inferno

Class 12: Poster session (student presentations)

University Policies

Student Academic Integrity Policy. Every student should be familiar with the Carleton University student academic integrity policy. A student found in violation of academic integrity standards may be awarded penalties which range from a reprimand to receiving a grade of F in the course or even being expelled from the program or University. Some examples of offences are: plagiarism and unauthorized co-operation or collaboration. Information on this policy may be found in the Undergraduate Calendar.

Plagiarism. As defined by Senate, “plagiarism is presenting, whether intentional or not, the ideas, expression of ideas or work of others as one’s own”. Reported offences will be reviewed by the office of the Dean of Science.

Unauthorized Co-operation or Collaboration. Senate policy states that “to ensure fairness and equity in assessment of term work, students shall not co-operate or collaborate in the completion of an academic assignment, in whole or in part, when the instructor has indicated that the assignment is to be completed on an individual basis”. Please refer to the course outline statement or the instructor concerning this issue.

Academic Accommodations for Students with Disabilities. The Paul Menton Centre for Students with Disabilities (PMC) provides services to students with Learning Disabilities (LD), psychiatric/mental health disabilities, Attention Deficit Hyperactivity Disorder (ADHD), Autism Spectrum Disorders (ASD), chronic medical conditions, and impairments in mobility, hearing, and vision. If you have a disability requiring academic accommodations in this course, please contact PMC at 613-520-6608 or pmc@carleton.ca for a formal evaluation. If you are already registered with the PMC, contact your PMC coordinator to send your course instructor your Letter of Accommodation at the beginning of the term, and no later than two weeks before the first in-class scheduled test or exam requiring accommodation (if applicable). After requesting accommodation from PMC, meet with your course instructor to ensure accommodation arrangements are made. Please consult the PMC website for the deadline to request accommodations for the formally-scheduled exam (if applicable) at http://www2.carleton.ca/pmc/new-and-current-students/dates-and-deadlines

Accommodation for Student Activities. Carleton University recognizes the substantial benefits, both to the individual student and for the university, that result from a student participating in activities beyond the classroom experience. Reasonable accommodation must be provided to students who compete or perform at the national or international level. Please contact your instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. More information can be found here.

Survivors of Sexual Violence. As a community, Carleton University is committed to maintaining a positive learning, working and living environment where sexual violence will not be tolerated, and survivors are supported through academic accommodations as per Carleton’s Sexual Violence Policy. For more information about the services available at the university and to obtain information about sexual violence and/or support, visit: carleton.ca/sexual-violence-support

Religious Obligation: Write to the course instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. For more details visit the Equity Services website: http://www2.carleton.ca/equity/

Pregnancy Obligation: Write to the course instructor with any requests for academic accommodation during the first two weeks of class, or as soon as possible after the need for accommodation is known to exist. For more details visit the Equity Services website: http://www2.carleton.ca/equity/

Medical Certificate: The official medical certificate (form) accepted by Carleton University for the deferral of final examinations or assignments in undergraduate courses can be accessed from: http://www.carleton.ca/registrar/forms