Computer System SecurityInstructor: R . Sekar
Textbook: Matt Bishop, Introduction to Computer Security, Addison Wesley
Download Slides from here
Description/Reading | Slides | Notes |
| Introduction: Overview of Security Threats Emerging threats and research directions | ||
| Cryptography Basics Reading: Who is guarding the guardians, or how secure are the CAs | ||
| Identification and Authentication Reading: Lamport's One-Time Password Scheme Reading: How anonymous hacked into a security firm | ||
| Discretionary Access Control Reading: Revisiting "Setuid Demystified" | ||
| Capabilities, Mandatory Access Control Reading: The Confused Deputy (or why capabilities might have been invented) | ||
| DTE and SELinux. POSIX Capabilities. Commercial Security Policies Reading: Confining Root Programs with Domain and Type Enforcement | ||
| OS Security, UNIX Security, Database Security Reading: Linux capabilities (alternative link) Reading: SELinux | ||
| Principles and practices for secure system design Reading: The Protection of Information in Computer Systems | ||
| Background: Runtime memory organization | TXT | |
| Stack-smashing, Heap overflows and Format string attacks Reading: Smashing the stack for fun and profit | ||
| Integer overflows Memory corruption defenses: guarding, ASR, DSR, ... Reading: Memory exploitation defenses in Windows Optional Reading: (Not so) Recent advances in exploiting buffer overruns Optional Reading: Basic Integer Overflows | ||
| Memory-error detection: Bounds-checking, etc. | ||
| Injection Attacks, Taint-tracking Taint-enhanced policies Reading: Taint-Enhanced Policy Enforcement | ||
| Race conditions and other Software vulnerabilities Reading: Top 25 Software Vulnerabilities | ||
| Malware Evasion, obfuscation, Software tamper-resistance A very short article from 2011 on specific malware trends. | ||
| Securing Untrusted Code: System-call interception, Inline-reference monitoring | ||
| Securing Untrusted Code: Inline-reference monitoring, Software-based fault isolation, Control-flow integrity | ||
| Binary analysis and transformation: Disassembly, static binary rewriting Dynamic translation | ||
| Untrusted Code: Java, Javascript and Web security | ||
| Untrusted Code: Virtual Machines | ||
| Intrusion detection overview Host-based/Application layer Intrusion detection Intrusion detection models Reading: A sense of self for Unix processes | ||
| Vulnerability analysis: Program analysis overview, Model-checking Abstract interpretation | ||
| Course summary |
No comments:
Post a Comment