Difference between revisions of "Operating Systems and Web Security: Fall 2012"

From Soma-notes
Jump to navigation Jump to search
Line 167: Line 167:
       </td>
       </td>
       <td>
       <td>
       <p>XSS 1
       <p>Cross-Site Scripting
       </p>
       </p>
       </td>
       </td>
       <td>
       <td>
       <p>
       <p>CERT, [http://www.cert.org/advisories/CA-2000-02.html Malicious HTML Tags]<br>
        Wikipedia, [http://en.wikipedia.org/wiki/Cross-site_scripting Cross-Site Scripting]<br>
        OWASP, [https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29 Cross-Site Scripting (XSS)]<br>
        Gundy &amp; Chen, [https://www.isoc.org/isoc/conferences/ndss/09/pdf/03.pdf Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks]
       </p>
       </p>
       </td>
       </td>

Revision as of 09:57, 27 September 2012

Course Outline

The outline of the course can be found here.

Reading Responses

In general, reading responses should be turned in by 8 PM on Monday prior to the associated readings being discussed in class. Submitted reading responses should be no more than 1000 words in total for discussion of all the week's readings. (NOT 1000 words per reading!) Reading responses should be a discussion of what you got out of the readings and what questions you still have. I will attempt to read everyone's responses before class so I have an idea how to direct in-class discussion. In particular, I will be looking for topics on which to give more background.

Suggestion on how to do responses: Read all the papers first, then take a break, then write a response. Don't write after each reading. You don't even need to take notes unless that is how you read papers.

The first reading response is due on Monday, September 17th, 8 PM. Note that this response should also discuss how useful and enjoyable the unsupervised in-class discussion of the readings went.

Responses should be submitted via Carleton's new cuLearn.

Readings

Date

Topics

Readings

Notes

Sept. 6

Introduction

Introduction Notes

Sept. 11

Fundamentals (Groups)

Saltzer & Schroeder, The Protection of Information in Computer Systems (1975) (Link to PDF version)

Fundamentals Notes

Sept. 13

Criteria (Groups)

The DoD Orange Book (1985)

Criteria Notes

Sept. 18

Fundamentals (Discussion)

Sept. 20

Criteria (Discussion)

Sept. 25

Code Injection Attacks

Aleph One, Stack Smashing for Fun and Profit
Buchanan et al., When good instructions go bad: generalizing return-oriented programming to RISC (proxy)

Code Injection Attacks Notes

Sept. 27

Code Injection Defenses

Bojinov et al., Address space randomization for mobile devices (proxy)
Kc et al., Countering Code-Injection Attacks With Instruction-Set Randomization (proxy)
OPTIONAL: Barrantes et al., Randomized instruction set emulation (proxy)

Code Injection Defenses Notes

Oct. 2

Cross-Site Scripting

CERT, Malicious HTML Tags
Wikipedia, Cross-Site Scripting
OWASP, Cross-Site Scripting (XSS)
Gundy & Chen, Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks

Oct. 4

XSS 2

Oct. 9

Oct. 11

Oct. 16

Oct. 18

Midterm Exam
Proposals Due

Oct. 23

Oct. 25

Oct. 30

Nov. 1

Nov. 6

Nov. 8

Nov. 13

Nov. 15

Nov. 20

Nov. 22

Nov. 27

Nov. 29

TBA

Final Exam

Retrieved from "https://homeostasis.scs.carleton.ca/wiki/index.php?title=Operating_Systems_and_Web_Security:_Fall_2012&oldid=17344"