![red](files/red.gif)
![yellow](files/yellow.gif)
![page22-orangeball](files/page22-orangeball-4-2.gif)
The labs are listed below, organized by chapter, together with an estimate of the number of weeks required for the typical student to complete a lab, assuming about 10 hours per week devoted to the task.
Chapter 3 - User Authentication
Pluggable Authentication Module: explore a flexible authentication technique. (1 week)
Chapter 4 - Access Control
Web Access Control: explore the Same-Origin Access Control Policy in web browsers (1 week) —For Ubuntu9.11 VM
—For Ubuntu11.04 and Ubuntu12.04 VMs Linux Capability-Based Access Control: explore the capability-based access control in Linux (1 week)
—For Ubuntu9.11 VM
—For Ubuntu11.04 and Ubuntu12.04 VMs Role-Based Access Control (Minix): design and implement an integrated access control system for Minix that uses both capability-based and role-based access control mechanisms. Students need to modify Minix kernel to implement both capability and RBAC. (4 weeks)
Capability-Based Access Control (Minix): design and implement a capability-based access control system for Minix (3 weeks)
Chapter 5 - Database Security
SQL Injection Attack: experience the SQL-Injection attacks (1 week)
Chapter 6 - Malicious Software
Clickjacking Attack: experience the ClickJacking attacks (1 week)
Chapter 7 - Denial-of-Service Attacks
TCP/IP Attacks: exploit the vulnerabilities of the TCP/IP protocols (2 weeks)
SYN Cookie: explore the SYN Cookies mechanism in Linux. (1 week)
Chapter 9 - Firewalls
Firewall (Linux): implement a simple firewall for Linux (2 weeks)
Linux Firewall Exploration: This is the redesign of the Linux Firewall Design/Implementation Lab. The focus is shifted from programming to exploration. Students will explore various firewall-related technologies, such as netfilter, web proxy, URL rewriting, and using SSH tunnels to evade egress filtering (1 week)
Firewall (Minix): implement a simple firewall for Minix (2 weeks)
Chapter 10 - Buffer Overflow
Buffer Overflow Vulnerability: exploit the buffer overflow vulnerability using the shell-code approach (1 week)
—For Ubuntu9.11 VM
—For Ubuntu11.04 VM
—For Ubuntu12.04 VM Return-to-libc Attack: exploit the buffer-overflow vulnerabilities using the return-to-libc attack (1 week)
Chapter 11 - Software Security
Format String Vulnerability: exploit the format string vulnerability (1 week)
Race Condition Vulnerability: exploit the race condition vulnerability (1 week)
—For Ubuntu9.11 VM
—For Ubuntu11.04 and Ubuntu12.04 VMs Set-UID Program Vulnerability: exploit the vulnerabilities of the privileged Set-UID programs (1 week)
—For Ubuntu9.11 VM
—For Ubuntu11.04 and Ubuntu12.04 VMs Cross-Site Request Forgery Attack: exploiting cross-site request forgery vulnerabilities (1 week)
Cross-Site Scripting Attack: exploiting cross-site scripting vulnerabilities (1 week)
Chapter 12 - OS Security
Chroot Sandbox Vulnerability: explore how the chroot sandbox can be broken (1 week)
Encrypted File System (Minix): design and implement an encrypted file system for Minix (4 weeks)
Set-RandomUID Sandbox (Minix): design and implement a simple sandbox for Minix (1 week)
Address Space randomization (Minix): randomize stack and heap in Minix to improve security. (2 weeks)
Chapter 20 - Symmetric Encryption and Message Confidentiality
Secret Key Encryption: explore secret-key encryption and its applications using OpenSSL (1 week)
Chapter 21 - Public-Key Cryptography and Message Authentication
One-Way Hash Function: explore one-way hash function and its applications using OpenSSL (1 week)
Public-Key Infrastructure: explore public-key cryptography, digital signature, certificate, and PKI using OpenSSL (1 week)
Chapter 22 - Internet Security Protocols and Standards
DNS Pharming Attacks: exploit the vulnerabilities of the DNS protocol to launch Pharming attacks (2 weeks)
Packet Sniffing & Spoofing: explore how sniffing and spoofing tools are implemented (1 week)
Virtual Private Network (Linux): implement a simple VPN in Linux (a comprehensive project). This lab involves encryption, hash, public key certificates, SSL, and network tunneling techniquess (4 weeks)
IPSec (Minix): implement a simplified IPSec protocol for Minix (4 weeks)