CS 6431 Security and Privacy Technologies

Lecture notes



Vitaly Shmatikov

Introduction and course logistics     (PPT, PDF)


Stack smashing attacks and defenses, return-oriented programming, integer overflow     (PPT, PDF)

Memory allocation vulnerabilities, heap spraying, ASLR, interpreter exploitation     (PPT, PDF)

Bounds checking, system call interposition, inline reference monitors, control-flow integrity     (PPT, PDF)

Web security: same origin policy     (PPT, PDF)

Web attacks and defenses: cross-site request forgery, SQL and NoSQL injection, cross-site scripting     (PPT, PDF)

Logic vulnerabilities and side channels in Web applications     (PPT, PDF)

Security of mobile applications     (PPT, PDF)

Design and analysis of secure network protocols     (PPT, PDF)

BGP and DNS security     (PPT, PDF)


Network telescopes     (PPT, PDF)

Anonymity networks and censorship resistance     (PPT, PDF)

Web tracking and fingerprinting     (PPT, PDF)

Data privacy: anonymization and differential privacy     (PPT, PDF)

Side-channel attacks     (PPT, PDF)