Search This Blog

Sunday, September 09, 2012

Computer System Security PDF SLIDES

Computer System Security

Instructor: R . Sekar
Textbook: Matt Bishop, Introduction to Computer Security, Addison Wesley
Download Slides from here




























































































































Description/Reading



Slides



Notes


Introduction: Overview of Security Threats
Emerging threats and research directions

PDF


Cryptography Basics
Reading: Who is guarding the guardians, or how secure are the CAs

PDF



PDF


Identification and Authentication
Reading: Lamport's One-Time Password Scheme
Reading: How anonymous hacked into a security firm

PDF



PDF


Discretionary Access Control
Reading: Revisiting "Setuid Demystified"

PDF



PDF


Capabilities, Mandatory Access Control
Reading: The Confused Deputy (or why capabilities might have been invented)



PDF


DTE and SELinux. POSIX Capabilities. Commercial Security Policies
Reading: Confining Root Programs with Domain and Type Enforcement



PDF


OS Security, UNIX Security, Database Security
Reading: Linux capabilities (alternative link)
Reading: SELinux

PDF



PDF
TXT


Principles and practices for secure system design
Reading: The Protection of Information in Computer Systems

PDF



PDF


Background: Runtime memory organizationTXT
Stack-smashing, Heap overflows and Format string attacks
Reading: Smashing the stack for fun and profit

PDF



PDF
PDF


Integer overflows
Memory corruption defenses: guarding, ASR, DSR, ...
Reading: Memory exploitation defenses in Windows
Optional Reading: (Not so) Recent advances in exploiting buffer overruns
Optional Reading: Basic Integer Overflows

PDF
PDF


Memory-error detection: Bounds-checking, etc.

PDF


Injection Attacks, Taint-tracking
Taint-enhanced policies
Reading: Taint-Enhanced Policy Enforcement

PDF



PDF
PDF


Race conditions and other Software vulnerabilities
Reading: Top 25 Software Vulnerabilities

PDF


PDF
Malware
Evasion, obfuscation, Software tamper-resistance
A very short article from 2011 on specific malware trends.

PDF



PDF
PDF


Securing Untrusted Code: System-call interception,
Inline-reference monitoring

PDF



PDF


Securing Untrusted Code: Inline-reference monitoring,
Software-based fault isolation, Control-flow integrity

PDF


Binary analysis and transformation: Disassembly, static binary rewriting
Dynamic translation

PDF



PDF


Untrusted Code: Java, Javascript and Web security

PDF



PDF


Untrusted Code: Virtual Machines

PDF


Intrusion detection overview
Host-based/Application layer Intrusion detection
Intrusion detection models
Reading: A sense of self for Unix processes

PDF



PDF
PDF
PDF


Vulnerability analysis: Program analysis overview,
Model-checking
Abstract interpretation

PDF
PDF
PDF


Course summary

PDF


No comments:

Post a Comment

Popular Courses

Resources Higher Education Blogs - BlogCatalog Blog Directory Resources Blogs