Software security
|
Aug 28.
Course outline and logistics.
Buffer overflow attacks.
[slides]
|
Read
Smashing the stack for fun and profit and
Blended attacks.
|
|
Sep 2.
Memory corruption attacks: format strings, integer overflow,
non-control attacks.
[slides]
|
Read
Exploiting format string vulnerabilities,
Leveraging the ActionScript Virtual Machine and
Non-control-data attacks.
|
|
Sep 4.
Dynamic overflow defenses: StackGuard, PointGuard, CRED,
TIED/LibsafePlus.
[slides]
|
Read
Attacks and defenses for the vulnerability of the decade,
Practical dynamic buffer overflow detector and
TIED, LibsafePlus.
|
|
Sep 9.
Static overflow defenses: BOON and CCured.
[slides]
|
Read
Automated detection of buffer overrun vulnerabilities.
|
|
Sep 11.
Address-space randomization.
[slides]
|
Read
On the effectiveness of address-space randomization.
|
|
Sep 16.
Inline reference monitors: SFI, CFI, XFI, WIT.
[slides]
|
Read
Control-flow integrity and
Preventing memory error exploits.
|
|
Sep 18.
TOCTTOU attacks and defenses (Don Porter).
[slides]
|
Read
Fixing races for fun and profit.
|
|
Sep 23.
Reference monitors (cont'd).
|
Homework 1 assigned.
|
|
Sep 25.
System call interposition.
[slides]
|
Read
Practical problems in system call interposition and
Exploiting concurrency vulnerabilities in system call wrappers.
|
|
Sep 30.
UNIX security: setuid and chroot.
Static security analysis with MOPS.
[slides]
|
Read
Setuid demystified and
Model checking one million lines of C code.
|
|
Oct 2.
Web security: cross-site scripting and SQL injection.
[slides]
|
Homework 1 due.
Project proposals due.
Read Cross-site scripting explained and
Advanced SQL injection.
|
|
Oct 7.
Static detection of Web application vulnerabilities.
[slides]
|
Read
Static analysis tool for detecting Web application vulnerabilities and
Sound and precise analysis of Web applications for injection
vulnerabilities.
|
|
Oct 9.
Web browser security.
[slides]
|
Read
Robust defenses for cross-site request forgery,
Transaction generators and
Beware of finer-grained origins.
|
|
Oct 14.
Static detection of denial-of-service vulnerabilities
(Ricky Chang).
[slides]
|
Read
Inputs of coma.
|
|
Oct 16.
Security applications of dynamic data flow analysis
(Walter Chang).
[static analysis slides]
[dynamic data flow slides]
|
Read
Security enforcement using dynamic data
flow analysis.
|
|
Oct 21.
Intrusion detection:
Wagner-Dean, Dyck, mimicry attacks.
[slides]
|
Read
Intrusion detection via static analysis,
Formalizing sensitivity in static analysis for intrusion detection and
Practical mimicry attack.
|
|
Oct 23.
Decentralized information flow control.
[slides]
|
Read
A note on the confinement problem and
Decentralized model for information flow control.
|
|
Oct 28.
Midterm.
|
|
Privacy
|
|
Oct 30.
Semantic security.
[slides]
|
Homework 2 assigned.
|
|
Nov 4.
Introduction to secure multi-party computation.
Oblivious transfer.
[slides]
|
|
|
Nov 6.
Pedersen commitments and Schnorr's Id protocol.
Introduction to zero-knowledge proofs.
[slides]
|
Homework 2 due.
|
|
Nov 11.
Yao's protocol.
[slides]
|
|
|
Nov 13.
Oblivious transfer and secure multi-party computation with malicious
parties.
[slides]
|
Homework 3 assigned.
|
|
Nov 18.
Privacy and anonymity in social networks
(Arvind Narayanan).
|
|
|
Nov 20.
Database privacy: query auditing.
[slides]
|
Homework 3 due.
Read
Simulatable auditing.
|
|
Nov 25.
Database privacy: input and output perturbation, SuLQ.
[slides]
|
Homework 4 assigned.
Read
Limiting privacy breaches and
SuLQ framework
|
|
Nov 27.
No class (Thanksgiving).
|
|
|
Dec 2.
Database privacy: differential privacy.
|
Read
Differential privacy.
|
Dec 4.
Timing attacks.
Last day of class.
|
Homework 4 due.
Read
Remote timing attacks are practical.
|
|
Dec 14.
Project reports due.
|