CS179 Project in Computer Science (Operating Systems)

Home Syllabus Schedule Labs Resources

Class webpage and communication

http://www.cs.ucr.edu/~zhiyunq/teaching/cs179

Note: We will be using elearn to post slides, project materials, and discussion

Textbooks

Course textbook:  none

Supplementary books/materials (optional) - See the resources section also

• Understanding the Linux Kernel, 3rd edition, Daniel P. Bovet and Marco Cesati
• Hacking: the art of exploitation, 2nd edition, Jon Erickson
• A Guide to Kernel Exploitation: Attacking the Core

Catalog Description

This class facilitates deep understanding of aspects of modern operating systems through security-oriented projects. It covers the fundamental operating system exploitation techniques and defense strategies. Specifically, the projects will require students to design and implement one or more recent exploits against the Linux/Android operating system to gain highest privilege by running a seemingly benign app. The exploitation techniques are heavily dependent on the intrinsic details of the operating systems. After the class, the students are expected to master at least one type of exploitation techniques and can independently craft similar types of exploits. In addition, the students should have a much more concrete understanding (at the implementation level) of Linux and Android kernels.

Assignments, Projects and Exams

The class is purely project based (no exams). There are several major components:

(1) A set of introductory projects where the fundamentals are learned. Students work individually.

(2) Quarter-long project where we learn, understand, test, and re-implement an exploit against a real-world vulnerability in an operating system. The work will be divided into a vulnerability presentation and a final presentation. The former focuses on explaining the root cause of the vulnerability and not so much on the exploitation of it. The latter focuses on the exploitation explanation (ideally line by line) and a demo. The project will be evaluated on the clarity and creativity. The presentations are suppoed to be educational and informative. The easier it is to understand, the better. You can look at past Linux kernel exploits and the CVE database to get an idea (see the resources section also). It is recommended to pick the ones that have documentations and Proof-of-Concepts (PoCs). Tips: do not select the ones that are overly complex (look at the number of lines of code in the PoC)! Students work as a groups of two.

Grade Breakdown

Grades will be weighted as follows:

Component	Weight
Introductory projects	25%
Vulnerability presentation	15%
Project demo / final presentation	40%
Project creativity	10%
Class Participation	10%

Please note the following: Bonus points will be available in the projects. Late policy: 2 slack days allowed. You can use it on the first two introductory projects only (please email the TA when you intend to use it). A 10% deduction will be assessed per day afterwards. Note that no slack days are given for the final project.

Getting help from instructors and TA

During instructor or TA office hours, please feel free to stop in any time without an appointment. Any other time, please email the instructor to make an appointment at some mutually convenient time. You may also try to "drop in" for help, but please keep in mind that we may not be able to accommodate you.

Please come to us early if you feel you are having trouble keeping up. If you do your part (put in the effort, start early on the project, come to class), we will do our best to help you stay on top.

Academic Integrity

Academic integrity is fundamentally about ethical behavior. Appropriate collaboration and research of previous work is an important part of the learning process. However, not all collaboration or use of existing work is ethical. The overarching principles which should guide you when determining whether or not it is appropriate to use a source or collaborate with a classmate involve answering these questions:

• Does this fit within the spirit of the assignment/activity?

  In any ethical decision there is always judgment involved. Some assignments and activities involve collaborating with a team, in others you are asked to work individually. You are expected to have some common sense and to use it.

• Does this help me or someone else in the class to improve our skills and/or understanding of class material?

  As a guiding principle, talking about concepts is usually good, talking about specific answers or approaches to problems is usually not.

• Does this misrepresent my own (or someone else's) capabilities and understanding of materials for the purpose of grading?

  Attribution of sources is a key idea here; if you use work which is not your own, that work should be cited. For this class, citation is not required to be in a specific format, but any citation should clearly identify the author and source of any work which is not your own. Refer to the university policy on plagiarism and cheating.

• Have any specific instructions been given for this assignment?

  Not all assignments are the same. On some you will be given explicit instructions about what level of collaboration is appropriate, and you are expected to abide by those restrictions even if you disagree with them.

If you are at all uncertain about an action, whether it be working with another student, researching existing code, or something else, you are always welcome to ask the instructor for clarification.

The severity of sanctions imposed for an academic integrity violation will depend on the severity of the transgression and ascertained intent of the student. Penalties may range from failing the assignment to failing the course. Again, actions will adhere to the Academic Honesty policies of BCOE and UCR.