Reflections on Trusting Trust
S. Inguva et al.
Source Code Review of the Hart InterCivic Voting System (Chapter 3 only)
x86 primer and stack smashing
Aleph One Smashing The Stack For Fun And Profit
No reading, but I will demonstrate how to solve part 1 of project 1.
Memory safety vulnerabilities 1
Memory safety vulnerabilities 2
scut / team teso Exploiting Format String Vulnerabilities
Format string vulnerabilities, attempt 1
Format string vulnerabilities, attempt 2
L. Davi, A-R. Sadeghi, and M. Winandy ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks.
Software Fault Isolation and Control-Flow Integrity
S. McCamant and G. Morrisett Evaluating SFI for a CISC Architecture
M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti Control-Flow Integrity: Principles, Implementations, and Applications
Data as code
Why Python Pickle is Insecure
J. Mason, S. Small, F. Monrose, and G. MacManus English Shellcode
S. Checkoway, H. Shacham, and E. Rescorla Are Text-Only Data Formats Safe? Or, Use This LaTeX Class File to Pwn Your Computer
No Reading. Come with questions!
Heap spraying/ JIT spraying
F. Muttis and A. Sacco HTML5 Heap Sprays
Browsers and the Same-Origin Policy
Catch up on reading.
A. Barth, C. Jackson, and J. Mitchell Robust Defenses for Cross-Site Request Forgery
Frames: Communication and Clickjacking
A. Barth, C. Jackson, and J. Mitchell Securing Frame Communication in Browsers
Next Generation Clickjacking: New Attacks Against Framed Web Pages
C. Jackson and A. Barth ForceHTTPS: Protecting High-Security Web Sites from Network Attacks
C. Soghoian and S. Stamm Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL
Exam preperation and a worm!
M. Eichin and J. Rochlis With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988