Software security
|
Aug 27.
Course outline and logistics.
Introduction to buffer overflow.
[slides]
|
Read
Smashing the stack for fun and profit and
Blended attacks.
|
|
Sep 1.
Memory corruption attacks: format strings, integer overflow,
non-control attacks.
[slides]
|
Read
Exploiting format string vulnerabilities,
Leveraging the ActionScript Virtual Machine and
Non-control-data attacks.
|
|
Sep 3.
Return-oriented programming.
|
Read
Return-oriented programming.
|
|
Sep 8.
Runtime memory protection: StackGuard, PointGuard, TIED/LibsafePlus,
runtime bounds checking.
[slides]
|
Read
Attacks and defenses for the vulnerability of the decade,
TIED, LibsafePlus, and
Backwards-compatible array bounds checking.
|
|
Sep 10.
Address-space layout randomization.
[slides]
|
Read
On the effectiveness of address-space randomization.
|
|
Sep 15.
Static and hybrid detection of overflows: BOON, CSSV, CCured.
[slides]
|
Read
Automated detection of buffer overrun vulnerabilities,
Buffer overrun detection using linear programming and static analysis, and
Realistic tool for statically detecting all buffer overflows.
|
|
Sep 17.
TOCTTOU attacks and defenses (guest lecture by Don Porter).
[slides]
|
Read Exploiting
Unix file-system races.
|
|
Sep 22.
Static detection of buffer overflows (cont'd).
|
|
|
Sep 24.
Inline reference monitors: SFI, CFI, XFI, WIT, Native Client.
[slides]
|
Homework 1 assigned.
Read CFI,
WIT,
and Native Client.
|
|
Sep 29.
Intrusion detection:
system call interposition, Wagner-Dean, Dyck. Virtual machine introspection.
[slides]
|
Project proposals due.
Read Intrusion
detection via static analysis, Formalizing
sensitivity in static analysis for intrusion detection, and Practical
problems in system call interposition.
|
|
Oct 1.
UNIX security: setuid and chroot. MOPS.
[slides]
|
Homework 1 due.
Read
Setuid demystified and
Model checking one million lines of C code.
|
|
Oct 6.
Web security: cross-site scripting, SQL injection, cross-site request forgery.
[slides]
|
Read Cross-site scripting explained,
Advanced SQL injection, and
Robust defenses for cross-site request forgery.
|
|
Oct 8.
Web security (cont'd).
|
|
|
Oct 13.
Static detection of Web application vulnerabilities.
[slides]
|
Read
Pixy and
Sound and precise analysis of Web applications for injection
vulnerabilities.
|
|
Oct 15.
Web browser security.
[slides]
|
Read
Beware of finer-grained origins and
Pretty-bad-proxy.
|
|
Oct 20.
Access control. Information flow security.
[slides]
|
Read
A note on the confinement problem and
Decentralized model for information flow control.
|
|
Oct 22.
Midterm.
|
|
Privacy
|
|
Oct 27.
Semantic security.
[slides]
|
|
|
Oct 29.
Introduction to secure multi-party computation. Oblivious transfer.
[slides]
|
Homework 2 assigned.
|
|
Nov 3.
Pedersen commitments and Schnorr's Id protocol. Introduction to
zero-knowledge proofs.
[slides]
|
|
|
Nov 5.
Yao's protocol.
[slides]
|
Homework 2 due.
|
|
Nov 10.
Oblivious transfer and secure multi-party computation with malicious
parties.
[slides]
|
|
|
Nov 12.
Database privacy: query auditing.
[slides]
|
Homework 3 assigned.
Read
Simulatable auditing.
|
|
Nov 17.
Database privacy: input and output perturbation, SuLQ.
[slides]
|
Read
Limiting privacy breaches and
SuLQ framework
|
|
Nov 19.
Database privacy: k-anonymity, l-diversity, t-closeness.
[slides]
|
Homework 3 is due.
Read t-closeness.
|
|
Nov 24.
Differential privacy.
[slides]
|
Homework 4 is assigned.
Read
Differential privacy.
|
|
Nov 26.
No class (Thanksgiving).
|
|
|
Dec 1.
Misuse of cryptography in secure system design.
[slides]
|
|
Dec 3.
Timing attacks.
[slides]
Last day of class.
|
Homework 4 due.
Read
Remote timing attacks are practical.
|
|
Dec 14.
Project reports due.
|