CS 6431 Security and Privacy Technologies

Introduction and course logistics     (PPT, PDF)

 

Stack smashing attacks and defenses, return-oriented programming, integer overflow     (PPT, PDF)

• Cowan et al. Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade (DISCEX 1999).
• Shacham. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) (CCS 2007).
• Dowd. Leveraging the ActionScript Virtual Machine (IBM technical report 2008).

Memory allocation vulnerabilities, heap spraying, ASLR, interpreter exploitation     (PPT, PDF)

• Once Upon a free() (Phrack 2001).
• Blazakis. Interpreter Exploitation (WOOT 2010).
• Snow et al. Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization (Oakland 2013).

Bounds checking, system call interposition, inline reference monitors, control-flow integrity     (PPT, PDF)

• Wagner and Dean. Intrusion Detection via Static Analysis (Oakland 2001).
• Abadi et al. Control-Flow Integrity (CCS 2005).
• Watson. Exploiting Concurrency Vulnerabilities in System Call Wrappers (WOOT 2007).
• Yee et al. Native Client: A Sandbox for Portable, Untrusted x86 Native Code (Oakland 2009).
• Akritidis et al. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors (USENIX Security 2009).

Web security: same origin policy     (PPT, PDF)

• Jackson and Barth. Beware of Finer-Grained Origins (W2SP 2008).

Web attacks and defenses: cross-site request forgery, SQL and NoSQL injection, cross-site scripting     (PPT, PDF)

• Wassermann and Su. Sound and Precise Analysis of Web Applications for Injection Vulnerabilities (PLDI 2007).
• Barth et al. Robust Defenses for Cross-Site Request Forgery (CCS 2008).
• Zalewski. Postcards from the Post-XSS World (2011).
• Son et al. Diglossia: Detecting Code Injection Attacks with Precision and Efficiency (CCS 2013).

Logic vulnerabilities and side channels in Web applications     (PPT, PDF)

• Chen et al. Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow (Oakland 2010).
• Bisht et al. NoTamper: Automatic Blackbox Detection of Parameter Tampering Opportunities in Web Applications (CCS 2010).
• Wang et al. How to Shop for Free Online: Security Analysis of Cashier-as-a-Service Based Web Stores (Oakland 2011).
• Jana and Shmatikov. Memento: Learning Secrets from Process Footprints (Oakland 2012).

Security of mobile applications     (PPT, PDF)

• Felt et al. Permission Re-Delegation: Attacks and Defenses (USENIX Security 2011).
• Luo et al. Attacks on WebView in the Android System (ACSAC 2011).
• Georgiev et al. Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks (NDSS 2014).

Design and analysis of secure network protocols     (PPT, PDF)

• Abadi and Needham. Prudent Engineering Practice for Cryptographic Protocols (Oakland 1994).
• Lowe. Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR (TACAS 1996).
• Borisov et al. Intercepting Mobile Communications: The Insecurity of 802.11 (MOBICOM 2001).

BGP and DNS security     (PPT, PDF)

• Butler et al. A Survey of BGP Security Issues and Solutions (Proceedings of the IEEE 2010).
• Kaminsky. It's the End of the Cache as We Know It (Black Hat Japan 2008).
• Bernstein. Breaking DNSSEC (WOOT 2009).

SSL/TLS     (PPT, PDF)

• Sotirov et al. MD5 Considered Harmful Today: Creating a Rogue CA Certificate (2009).
• Brubaker et al. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations (Oakland 2014).

Network telescopes     (PPT, PDF)

• Moore et al. Inferring Internet Denial-of-Service Activity (USENIX Security 2001).
• Kumar et al. Exploiting Underlying Structure for Detailed Reconstruction of an Internet-scale Event (IMC 2005).
• Graham. Witty 10 Years Later (2014).

Anonymity networks and censorship resistance     (PPT, PDF)

• Dingledine et al. Tor: The Second-Generation Onion Router (USENIX Security 2004).
• Houmansadr et al. The Parrot is Dead: Observing Unobservable Network Communications (Oakland 2013).
• Johnson et al. Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries (CCS 2013).

Web tracking and fingerprinting     (PPT, PDF)

• Mayer and Mitchell. Third-Party Web Tracking: Policy and Technology (Oakland 2012).
• Mowery and Shacham. Pixel Perfect: Fingerprinting Canvas in HTML5 (W2SP 2012).
• Acar et al. The Web Never Forgets: Persistent Tracking Mechanisms in the Wild (CCS 2014).

Data privacy: anonymization and differential privacy     (PPT, PDF)

• Narayanan and Shmatikov. Myths and Fallacies of "Personally Identifiable Information" (CACM 2010).
• Dwork. A Firm Foundation for Private Data Analysis (CACM 2011).

Side-channel attacks     (PPT, PDF)

• Brumley and Boneh. Remote Timing Attacks are Practical (USENIX Security 2003).
• Zhuang et al. Keyboard Acoustic Emanations Revisited (CCS 2005).
• Halderman et al. Lest We Remember: Cold Boot Attacks on Encryption Keys (USENIX Security 2008).
• White et al. Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on fon-iks (Oakland 2011).