Instructor: R . Sekar
Textbook: Matt Bishop, Introduction to Computer Security, Addison Wesley
Download Slides from here
Description/Reading | Slides | Notes |
Introduction: Overview of Security Threats Emerging threats and research directions | ||
Cryptography Basics Reading: Who is guarding the guardians, or how secure are the CAs | ||
Identification and Authentication Reading: Lamport's One-Time Password Scheme Reading: How anonymous hacked into a security firm | ||
Discretionary Access Control Reading: Revisiting "Setuid Demystified" | ||
Capabilities, Mandatory Access Control Reading: The Confused Deputy (or why capabilities might have been invented) | ||
DTE and SELinux. POSIX Capabilities. Commercial Security Policies Reading: Confining Root Programs with Domain and Type Enforcement | ||
OS Security, UNIX Security, Database Security Reading: Linux capabilities (alternative link) Reading: SELinux | ||
Principles and practices for secure system design Reading: The Protection of Information in Computer Systems | ||
Background: Runtime memory organization | TXT | |
Stack-smashing, Heap overflows and Format string attacks Reading: Smashing the stack for fun and profit | ||
Integer overflows Memory corruption defenses: guarding, ASR, DSR, ... Reading: Memory exploitation defenses in Windows Optional Reading: (Not so) Recent advances in exploiting buffer overruns Optional Reading: Basic Integer Overflows | ||
Memory-error detection: Bounds-checking, etc. | ||
Injection Attacks, Taint-tracking Taint-enhanced policies Reading: Taint-Enhanced Policy Enforcement | ||
Race conditions and other Software vulnerabilities Reading: Top 25 Software Vulnerabilities | ||
Malware Evasion, obfuscation, Software tamper-resistance A very short article from 2011 on specific malware trends. | ||
Securing Untrusted Code: System-call interception, Inline-reference monitoring | ||
Securing Untrusted Code: Inline-reference monitoring, Software-based fault isolation, Control-flow integrity | ||
Binary analysis and transformation: Disassembly, static binary rewriting Dynamic translation | ||
Untrusted Code: Java, Javascript and Web security | ||
Untrusted Code: Virtual Machines | ||
Intrusion detection overview Host-based/Application layer Intrusion detection Intrusion detection models Reading: A sense of self for Unix processes | ||
Vulnerability analysis: Program analysis overview, Model-checking Abstract interpretation | ||
Course summary |
No comments:
Post a Comment