Reading list

• Security Analysis of India's Electronic Voting Machines, CCS 2010.
  https://jhalderm.com/pub/papers/evm-ccs10.pdf
   
• Black-Box Assessment of Pseudorandom Algorithms, Black Hat 2013.
  https://media.blackhat.com/us-13/US-13-Soeder-Black-Box-Assessment-of-Pseudorandom-Algorithms-WP.pdf
   
• New Directions in Cryptography, IEEE Transactions on Information Theory, 1976.
  http://www.cs.virginia.edu/cs588/diffiehellman.pdf
   
• Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, USENIX Security 2012.
  https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final228.pdf
   
• SoK: Eternal War in Memory, IEEE S&P 2013.
  http://www.cs.berkeley.edu/~dawnsong/papers/Oakland13-SoK-CR.pdf
   
• The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86), CCS 2007.
  http://dl.acm.org/citation.cfm?id=1315313
   
• Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization, IEEE S&P 2013.
  http://www.ieee-security.org/TC/SP2013/papers/4977a574.pdf
   
• SoftBound: Highly Compatible and Complete Spatial Memory Safety for C, PLDI 2009.
  http://llvm.org/pubs/2009-06-PLDI-SoftBound.pdf
   
• Native Client: A Sandbox for Portable, Untrusted x86 Native Code, IEEE S&P 2009.
  http://static.googleusercontent.com/media/research.google.com/de/us/pubs/archive/34913.pdf
   
• RockJIT: Securing Just-In-Time Compilation Using Modular Control-Flow Integrity, CCS 2014.
  http://www.cse.lehigh.edu/~gtan/paper/rockjit.pdf
   
• The Confused Deputy, SIGOPS 1988.
  http://www.cis.upenn.edu/~KeyKOS/ConfusedDeputy.html
   
• Capsicum: practical capabilities for UNIX, USENIX Security 2010.
  https://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf
   
• Automatically Characterizing Large Scale Program Behavior, ASPLOS 2002.
  http://cseweb.ucsd.edu/~calder/papers/ASPLOS-02-SimPoint.pdf
   
• Spy in the Sandbox.
  http://iss.oy.ne.ro/SpyInTheSandbox.pdf