CS 491: Software Vulnerability Analysis Readings

Date	Topic and reading
Week 1
Tue, Aug 23	Introduction Reading K. Thompson. Reflections on Trusting Trust.
Thu, Aug 25	Assembly primer and stack smashing Reading Aleph One. Smashing The Stack For Fun And Profit.
Week 2
Tue, Aug 30	Constructing shellcode No reading
Thu, Sep 01	Project tutorial No reading
Week 3
Tue, Sep 06	Integer overflows and heap intro Reading blexim. Basic Integer Overflows.
Thu, Sep 08	Memory safety vulnerabilities 1 Reading MaXX. Vudo - An object superstitiously believed to embody magical powers.
Week 4
Tue, Sep 13	Memory safety vulnerabilities 2 Reading scut/team teso. Exploiting Format String Vulnerabilities. Format String Vulnerabilities slides.
Thu, Sep 15	Code reuse attacks No reading
Week 5
Tue, Sep 20	Return-Oriented Programming Reading H. Shacham. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86).
Thu, Sep 22	ROP defenses Reading L. Davi, A.-R. Sadeghi, and M. Winandy. ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks. V. Pappas. kBouncer: Efficient and Transparent ROP Mitigation.
Week 6
Tue, Sep 27	Software Fault Isolation Reading S. McCamant and G. Morrisett. Evaluating SFI for a CISC Architecture.
Thu, Sep 29	Control-flow Integrity Reading M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-Flow Integrity: Principles, Implementations, and Applications.
Week 7
Tue, Oct 04	Breaking ROP-defenses Reading N Carlini and D. Wagner. ROP is Still Dangerous: Breaking Modern Defenses.
Thu, Oct 06	Code-Pointer Integrity Reading V Kuznetsov et al.. Code-Pointer Integrity.
Week 8
Tue, Oct 11	Code-Pointer Integrity (part 2) No reading
Thu, Oct 13	Processor features for security No reading
Week 9
Tue, Oct 18	Return-oriented programing project tutorial No reading
Thu, Oct 20	No class: Work on project. No reading
Week 10
Tue, Oct 25	No class: Work on project. No reading
Thu, Oct 27	No class: Work on project. No reading
Week 11
Tue, Nov 01	ROP + mprotect No reading
Thu, Nov 03	Data as code Reading N. Alramli. Why Python Pickle is Insecure. J. Mason, S. Small, F. Monrose, and G. MacManus. English Shellcode. S. Checkoway, H. Shacham, and E. Rescorla. Are Text-Only Data Formats Safe? Or, Use This LaTeX Class File to Pwn Your Computer.
Week 12
Tue, Nov 08	Heap spraying/JIT spraying Reading A. Sotirov. Heap Feng Shui in JavaScript. Part I only. F. Muttis and A. Sacco. HTML5 Heap Sprays. D. Blazakis. Interpreter Exploitation: Pointer Inference and JIT Spraying.
Thu, Nov 10	Heap spraying defenses Reading P. Ratanaworabhan, B. Livshits, and B. Zorn. Nozzle: A Defense Against Heap-spraying Code Injection Attacks. C. Curtsinger et al.. Zozzle: Fast and Precise In-Browser JavaScript Malware Detection.
Week 13
Tue, Nov 15	Binary reverse-engineering No reading
Thu, Nov 17	Stack-reading No reading
Week 14
Tue, Nov 22	ASLR bypass No reading
Thu, Nov 24	No class: Thanksgiving No reading
Week 15
Tue, Nov 29	Secure network protocols Reading E. Rescorla. SSH, SSL, IPSec, WTF?.
Thu, Dec 01	Morris worm No reading