COMP 5407 (Jan-Apr 2022): Authentication and Software Security [A, S]

Course details page (
This is a research-oriented course, a major portion of which involves reading and understanding research papers.
Intended for thesis-based grad students, it is generally unsuitable for course-based Master’s and students lacking undergrad security and cryptography background.

Instructor: Prof. Paul Van Oorschot
Email: paulv (insert @ here)
Classroom location: posted on the public class schedule. Update: via Zoom for the first 3 weeks 4 weeks.
Lectures: Tues+Thurs, 4:00-5:30pm, Jan 10 – Apr 12, 2022 (excluding winter break, Feb 21-25)
Section type: synchronous. Students are expected to participate in all classes in real time.
Brightspace: (for Zoom link info, announcements, uploading deliverables, discussion boards)
U of Ottawa students: for access to Brightspace (Carleton’s Learning Management System), fill out this form.

Required Text and Resources. Readings and assignments will use online resources available openly or through the university library. As a baseline, students will be assumed to understand Chapters 1-11 of the COMP 4108 background textbook: Computer Security and the Internet: Tools and Jewels (1e or 2e). The second edition's Chapter 12, covering Wi-Fi and 802.11 security, may help as general background on wireless security, for Bluetooth-related parts of our course.

Course Calendar Description. Specialized topics in security including advanced authentication techniques, user interface aspects, electronic and digital signatures, security infrastructures and protocols, software vulnerabilities affecting security, untrusted software and hosts, protecting software and digital content.
Prerequisites: COMP 4108 (Comp. Systems Security) strongly recommended, plus an undergrad cryptography course. Students in course-based Masters or missing such background may expect to struggle to get passing grades (70%); please discuss with instructor.

Focus topics for Winter 2022. Authentication: PAKE protocols (password authenticated key exchange), FIDO (user authentication), Certificate Transparency (browser certificates), OAuth (web single sign-on), device pairing and Bluetooth security. Software security: security testing challenges and approaches (static analysis, model checkers, fuzz testing), memory safety and the Rust programming language.
Objectives for Winter 2022. 1) Gain experience in reading research papers and technical writing. 2) Exposure to advanced security topics, including (for authentication) several technologies that have gained prominence in the past 5 years, plus Bluetooth security as a long-term case study; and (for software security) two recent major security issues, approaches for detecting flaws during software development, and memory and type safety in programming languages (C vs. Rust).

Grading Scheme (dates and late penalties are firm; please plan your time carefully in advance).
Projects 1 and 2 involve reading and integrating research papers and other technical documents to produce original, detailed technical reports of 15-20 pages; students must find the source materials on their own. Project 1 requires a report on two recent software security flaws, Log4Shell (CVE-2021-44228) and the SolarWinds' Orion product attack; further details and the grading rubric for Project 1 are given here. Project 2 requires an in-depth, up-to-date technical survey on Bluetooth security, beyond the basic material covered in class; further details and the grading rubric for Project 2 are given here.

DETAILS for all WRITTEN DELIVERABLES: Other Notes: UNIVERSITY POLICIES: - - - - - - - - - - - - - - - -
DETAILED SYLLABUS (subject to update as the term progresses):
- - - - - - - - - - - - - - - -
* [xx] designates papers for which reading reflections are due; reference details are at the bottom of page.
[xx] designates primary papers to be read before class, for meaningful class discussion (no written reflection required).
Classes 23-25: no advance reading is required. Students may suggest papers for these classes.
"Extra" denotes readings that may be of interest to students seeking additional literature on the day's topic.

Part I, Authentication: Reading week (no classes): Feb 21-25, 2022. Project 1 due: 11:59pm, Feb 25 or any time earlier. Worth 20%.

Part II, Software Security: Project 2 due: 11:59pm, Apr 15 or any time earlier. Worth 30%.

Other software security resources:
... [younan2004report] (C and C++ vulnerabilities),
... [akritidis2011thesis] (memory safety for C),
... [payer2021+] (software security, book notes),
... [poll2019] (language-based security, lecture notes).
... The Fuzzing Book: Tools and Techniques for Generating Software Tests (Zeller et al.; online course textbook and resources)
... The Fuzzing Project (Hanno Böck; tutorials and other resources)
Older/partially outdated but helpful for learning, background, historical interest:
... Static analysis tools for security (from Flawfinder creator David A. Wheeler, pointers to tools including Splint).
... Software Security: Building Security In, Gary McGraw (Addison-Wesley, 2006)


[akritidis2011thesis] Periklis Akritidis. Practical memory safety for C. PhD thesis, University of Cambridge (UK), Jun 2011.

[angel2021] A Angelogianni, I Politis, C Xenakis. How many FIDO protocols are needed? Surveying the design, security and market perspectives. Technical report, arXiv:2107.00577v1, 29 Jun 2021.

[balasub2017] A Balasubramanian, MS Baranowski, A Burtsev, A Panda, Z Rakamaric, L Ryzhyk. System programming in Rust: Beyond safety. HotOS, 2017, pages 156-161.

[ball2001] T Ball, SK Rajamani. Automatically validating temporal safety properties at interfaces. SPIN, 2001 (LNCS 2057), pages 103-222.

[blue1999spec] Bluetooth SIG Security Expert Group. Specification of the Bluetooth System. (Core v1.0 B, 1 Dec 1999).

[blue2002white] Bluetooth SIG Security Expert Group. Bluetoooth security white paper. Apr 2002.

[chen2002] H Chen, DA Wagner. MOPS: An infrastructure for examining security properties of software. ACM CCS, 2002, pages 235-244.

[chen2004] H Chen, D Dean, DA Wagner. Model checking one million lines of C code. NDSS, 2004. (See also slides on Hao Chen's page.)

[chen2014] EY Chen, Y Pei, S Chen, Y Tian, R Kotcher, P Tague. OAuth demystified for mobile application developers. ACM CCS, 2014, pages 892-903

[chong2014] M Ki Chong, R Mayrhofer, H Gellersen. A survey of user interaction for spontaneous device association. ACM Computing Surveys 47(1):8:1-8:40, 2014. Official ACM version here.

[clarke2009] EM Clarke, EA Emerson, J Sifakis. Model checking: Algorithmic verification and debugging. Commun. ACM 52(11):74-84, Nov 2009 (2007 Turing lecture lecture). See also overview slides from Clarke.

[dowling2016] B Dowling, F Gunther, U Herath, D Stebila. Secure logging schemes and Certificate Transparency. Proceedings (Part 2) of ESORICS 2016, LNCS 9879, pages 140-158. See also author's overview.

[feng2021] H Feng, H Li, X Pan, Z Zhao. A formal analysis of the FIDO UAF protocol. NDSS, 2021.

[fett2016] D Fett, R Kusters, G Schmitz. A comprehensive formal security analysis of OAuth 2.0. ACM CCS, 2016, page 1204-1215.

[fett2018thesis] Daniel Fett. An Expressive Formal Model of the Web Infrastructure. PhD thesis, University of Stuttgart, Oct 2018.

[gasser1988] Morrie Gasser. Building a Secure Computer System. Van Nostrand Reinhold, 1988.

[gehr2004mana] C Gehrmann, CJ Mitchell, K Nyberg. Manual authentication for wireless devices. RSA Cryptobytes, Spring 2004, pages 29-37.

[gehr2004book] Christian Gehrmann, J Persson, B Smeets. Bluetooth Security. ISBN 1-58053-504-6, Artech House (Norwood, MA), 2004.

[ghase2018] M Ghasemisharif, A Ramesh, S Checkoway, C Kanich, J Polakis. O single sign-off, where art thou? An empirical analysis of single sign-on account hijacking and session management on the web. USENIX Security, 2018, pages 1475-1492.

[godefroid2008] P Godefroid, MY Levin, DA Molnar. Automated whitebox fuzz testing. NDSS, 2008.

[godefroid2012] P Godefroid, MY Levin, DA Molnar. SAGE: Whitebox fuzzing for security testing. Commun. ACM 55(3):40-44, 2012.

[godefroid2020] P Godefroid. Fuzzing: Hack, art, and science. Commun. ACM 63(2):70-76, Feb 2020.

[hao2021] F Hao, PC van Oorschot. SoK: Password-authenticated key exchange - theory, practice, standardization and real-world lessons. Cryptology ePrint archive (no.1492), 2021.

[howard2006book] M Howard, S Lipner. The Security Development Lifecycle. Microsoft Press, 2006. (xxii + 320 pages.)

[ionescu2020] A Ionescu. OS security is hard: Why all the fuzzers in the world won't change the way platform security is failing us. Keynote talk (35min), USENIX WOOT'20, 11 Aug 2020.

[jakob2001] M Jakobsson, S Wetzel. Security weaknesses in Bluetooth. CT-RSA, 2001, pages 176-191.

[jover2020] R Piqueras Jover. Security analysis of SMS as a second factor of authentication. Commun. ACM 63(12):46-52, Dec 2020.

[jung2018] R Jung, J-H Jourdan, R Krebbers, D Dreyer. RustBelt: Securing the foundations of the Rust programming language. ACM POPL vol.2, 66:1-66:34, Jan 2018.

[jung2020] Ralf Jung. Understanding and evolving the Rust programming language. PhD thesis, Saarland University, Aug 2020. Awards recognizing thesis.

[jung2021] R Jung, J-H Jourdan, R Krebbers, D Dreyer. Safe systems programming in Rust. Commun. ACM 64(4):144-152, Apr 2021.

[klees2018] G Klees, A Ruef, B Cooper, S Wei, M Hicks. Evaluating fuzz testing. ACM CCS, 2018.

[kuo2007] C Kuo, J Walker, A Perrig. Low-cost manufacturing, usability, and security: An analysis of Bluetooth simple pairing and Wi-Fi Protected Setup. Financial Cryptography, 2007, pages 325-340.

[lang2016] J Lang, A Czeskis, D Balfanz, M Schilder, S Srinivas. Security Keys: Practical cryptographic second factors for the modern web. Financial Cryptography, 2016, pages 422-440. See also: FIDO Alliance summary of this work as a case study.

[laurie2014] B Laurie. Certificate Transparency. Commun. ACM 57(10):40-46, 2014.

[lindell2008] Andrew Y Lindell. Attacks on the pairing protocol of Bluetooth v2.1. BlackHat USA, 2008.

[lipner2004] SB Lipner. The trustworthy computing Security Development Lifecycle. ACSAC, 2004, pages 2-13.

[lu2005] Y Lu, W Meier, S Vaudenay. The conditional correlation attack: A practical attack on Bluetooth encryption. Crypto, 2005, pages 97-117.

[manes2021] VJM Manès, H Han, C Han, S Kil Cha, M Egele, EJ Schwartz, M Woo. The art, science, and engineering of fuzzing: A survey. IEEE Trans. on Software Eng. 47(11):2312-2331, Nov 2021. Open version as arXiv preprint. (See also related: genealogy database of fuzzers and relevant papers.)

[mcnally2012] R McNally, K Yiu, D Grove, D Gerhardy. Fuzzing: The State of the Art. Australian Government, Dept. of Defence. Technical report DSTO-TN-1043, Feb 2012. (An unclassified survey of history of fuzzing, circa 2012.)

[nazario2002] J Nazario. Source Code Scanners for Better Code Software. 26 January 2002, Linux Journal. (A quick circa-2002 overview of: Flawfinder, RATS, ITS4.)

[payer2020] M. Payer. Bluetooth and the pitfalls of wireless protocols. CANS (Cryptology and Network Security). YouTube talk (56 min), 2020.

[payer2021+] M Payer. Software Security: Principles, Policies, and Protection. Book notes (used at EPFL), updated online, July 2021 (v0.37).

[poll2019] Erik Poll. Lecture Notes on Language-Based Security. Sept 2019. Radboud University, The Netherlands.

[rivertz2005] HJ Rivertz. Bluetooth Security. Note No. DART/05/05, Norwegian Computing Center. 3-Mar-2005. (An early overview of Bluetooth's security design and known problems; sparse on details.)

[schwarz2005] B Schwarz, H Chen, DA Wagner, J Lin, W Tu, G Morrison, J West. Model checking an entire Linux distribution for security violations. ACSAC 2005, pages 13-22. (See also slides on Hao Chen's page.)

[shaked2005] Y Shaked, A Wool. Cracking the Bluetooth PIN. MobiSys, 2005, pages 39-50.

[stark2019] E Stark, R Sleevi, R Muminovic, D O'Brien, E Messeri, A Porter Felt, B McMillion, P Tabriz. Does Certificate Transparency break the web? Measuring adoption and error rate. IEEE Symp. Security and Privacy, 2019, pages 211-226.

[stark2021] E Stark, J DeBlasio, D O'Brien, D Balzarotti, W Enck, S King, A Stavrou. Certificate Transparency in Google Chrome: Past, present, and future. IEEE Secur. Priv. magazine 19(6):112-118, Nov 2021.

[suoma2009] J Suomalainen, J Valkonen, N. Asokan. Standards for security associations in personal networks: A comparative analysis. Int. Journal Secur. Networks 4(1/2):87-100, 2009.

[szekeres2013] L Szekeres, M Payer, T Wei, D Song. SoK: Eternal war in memory. IEEE Symp. Security and Privacy, 2013, pages 48-62. Magazine version: IEEE Security and Privacy magazine, May 2014.

[torabi2016] M Torabi Dashti, DA Basin. Security testing beyond functional tests. ESSoS, 2016, pages 1-19.

[vaud2005cisc] S Vaudenay. On Bluetooth repairing: Key agreement based on symmetric-key cryptography. CISC (Conference on Info. Security and Cryptology), 2005, pages 1-9. (Another interesting circa-2005 discussion of key agreement in early Bluetooth.)

[veen2012] V van der Veen, N Dutt-Sharma, L Cavallaro, H Bos. Memory errors: The past, the present, and the future. RAID, 2012, pages 86-106.

[viega2000] J Viega, JT Bloch, Y Kohno, G McGraw. ITS4: A static vulnerability scanner for C and C++ code. ACSAC, 2000. (See also journal version: TISSEC 2002.)

[wagner2000] DA Wagner, JS Foster, EA Brewer, A Aiken: A first step towards automated detection of buffer overrun vulnerabilities. NDSS, 2000.

[wong2005] F-L Wong, F Stajano, J Clulow. Repairing the Bluetooth pairing protocol. Security Protocols Workshop, 2005, pages 31-45 and (transcript) 46-50. (For the transcript, download the official Springer LNCS version.)

[younan2004report] Y Younan, W Joosen, F Piessens. Code injection in C and C++: A survey of vulnerabilities and countermeasures. Katholieke Universiteit Leuven (Belgium), Dept of Computer Science, Report CW 386, July 2004.

Last updated: 20 Oct 2022.