SEED:

Developing Instructional Laboratories for Computer SEcurity EDucation

Principal Investigator

Co-PIs

  • Dr. Tom Daniels
  • Dr. Noreen Gaubatz
  • Dr. Peng Ning
  • Dr. Gene Spafford

Current Students

  • Bandan Das
  • Lin Huang
  • Karthick Jayaraman
  • Zutao Zhu

Graduated Students & Employments

  • Sudheer Bysani (Microsoft)
  • Sridhar Iyer (Mailshell)
  • Ronghua Wang (Microsoft)
  • Mingdong Shang (Microsoft)
  • Divyakaran Sachar
  • Nishant Doshi (Symantec)
  • Swapnil Bhalode (Symantec)
  • Sankara Narayanan (Cisco)
  • Sunil Vajir


Vulnerability and Attack Labs

People learn from mistakes. In security education, we study mistakes that lead to software vulnerabilities. Studying mistakes from the past not only help students understand why systems are vulnerable, why a "seemly-benign" mistake can turn into a disaster, and why many security mechanisms are needed. More importantly, it also helps students learn the common patterns of vulnerabilities, so they can avoid making similar mistakes in the future. Moreover, using vulnerabilities as case studies, students can learn the principles of secure design, secure programming, and security testing.

(1) Software in general

  1. Set-UID Lab: exploit the vulnerabilities of the privileged Set-UID programs.
  2. Buffer Overflow Vulnerability Lab: exploit the buffer overflow vulnerability using the shell-code approach.
  3. Return-to-libc Attack Lab: exploit the buffer-overflow vulnerabilities using the return-to-libc attack.
  4. Format String Vulnerability Lab: exploit the format string vulnerability.
  5. Race Condition Vulnerability Lab: exploit the race condition vulnerability.
  6. Chroot Sandbox Vulnerability Lab: explore how the chroot sandbox can be broken.

(2) Network Protocols

  1. TCP/IP Attack Lab: exploit the vulnerabilities of the TCP/IP protocols.
  2. DNS Pharming Attack Lab (New): exploit the vulnerabilities of the DNS protocol to launch Pharming attacks.

(3) Web Applications

  1. Cross-site Scripting Attack Lab exploiting cross-site scripting vulnerabilities.
  2. Cross-site Request Forgery Attack Lab (New): exploiting cross-site request forgery vulnerabilities.
  3. SQL-Injection Attack Lab (New): experience the SQL-Injection attacks

Design/Implementation Labs

The objective of the design/implementation labs is to provide students with opportunities to apply security principles in designing and implementing systems. They help students achieve learning by system development.
  1. Capability Lab: design and implement a capability-based access control system for Minix (this is a comprehensive project).
  2. Role-Based Access Control (RBAC) Lab -- Minix Version design and implement an integrated access control system for Minix that uses both capability-based and role-based access control mechanisms. Students need to modify Minix kernel to implement both capability and RBAC (this is a comprehensive project for access control).
  3. Role-Based Access Control (RBAC) Lab -- Linux Version (new): design and implement a RBAC access control system for Fedora Linux based on the POSIX 1.e capability in Fedora. This lab takes advantage of Linux Security Module (LSM), so there is no need to modify or recompile Linux kernenl (this is a comprehensive project for access control).
  4. Encrypted File System Lab (Recently Revised): design and implement an encrypted file system for Minix (a comprehensive project).
  5. Set-RandomUID Lab: design and implement a simple sandbox for Minix.
  6. IPSec Lab: implement the IPSec protocol (simplified) for Minix (a comprehensive project).
  7. Firewall Lab (New): implement a simple firewall (called minifirewall) for Minix.
  8. Address Space Layout Randomization (ASLR) Lab (New): randomize stack and heap in Minix to improve security.

Exploration Labs

The objective of the exploration labs is two-fold: the first is to enhance students' learning via observation, playing and exploration, so they can see what security principles ``feel'' like in a real system; the second objective is to provide students with opportunities to apply security principles in analyzing and evaluating systems. The exploration labs provide a feasible means by which the students have "a direct encounter with the phenomena being studied rather than merely thinking about the encounter, or only considering the possibility of doing something about it".
  1. Set-UID Lab: explore the Set-UID mechanism and the vulnerabilities of Set-UID programs.
  2. Linux Capability Exploration Lab (new): explore the capability access control in Linux.
  3. Web Browser Access Control Lab: Exploring the access control mechanism in web browsers.
  4. Pluggable Authentication Modules (PAM) Lab: explore a flexible authentication technique.
  5. SYN Cookies Lab: explore the SYN Cookies mechanism in Linux.
  6. Linux Security Module (LSM) Exploration Lab: explore the LSM and see how it can be used to extend and change Linux's access control.
  7. RBAC Exploration Lab (under development)
  8. Mandatory Access Control (MAC) Exploration Lab (under development)
  9. Encrypted File System Exploration Lab (under development)
  10. IPSec and VPN (Virtual Private Network) Exploration Lab (under development)
  11. Intel 80386 Protection Mode Exploration Lab (under development)

Other Labs that we plan to develop

  • Access Control List Lab
  • Reference Monitor Lab: explore the reference monitor of Minix.
  • Mandatory Access Control Lab (Simplified from SELinux)
  • Jail Sandbox Lab (Simplified from FreeBSD).
  • Sniffer Lab
  • Firewall Lab
  • Routing Security Lab
  • Intrusion Detection Lab
  • Kerberos Lab