Operating Systems and Web Security: Fall 2012: Difference between revisions

From Soma-notes
Line 126: Line 126:
       </td>
       </td>
       <td>
       <td>
       <p>Code Injection 1
       <p>Code Injection Attacks
       </p>
       </p>
       </td>
       </td>
       <td>
       <td>
       <p>Aleph One, [http://insecure.org/stf/smashstack.html Stack Smashing for Fun and Profit]<br>
       <p>Aleph One, [http://insecure.org/stf/smashstack.html Stack Smashing for Fun and Profit]<br>
          
         Buchanan et al., [http://dx.doi.org/10.1145/1455770.1455776 When good instructions go bad: generalizing return-oriented programming to RISC]
       </p>
       </p>
       </td>
       </td>
       <td>
       <td>
       <p>
       <p>[[OSWebSec: Code Injection Attacks|Code Injection Attacks]]
       </p>
       </p>
       </td>
       </td>
Line 145: Line 145:
       </td>
       </td>
       <td>
       <td>
       <p>Code Injection 2
       <p>Code Injection Defenses
       </p>
       </p>
       </td>
       </td>
       <td>
       <td>
       <p>Bojinov et al., [http://dx.doi.org/10.1145/1998412.1998434 Address space randomization for mobile devices]
       <p>Bojinov et al., [http://dx.doi.org/10.1145/1998412.1998434 Address space randomization for mobile devices]<br>
      Kc et al., [http://dx.doi.org/10.1145/948109.948146 Countering Code-Injection Attacks With Instruction-Set Randomization]
       </p>
       </p>
       </td>
       </td>
       <td>
       <td>
       <p>
       <p>[[OSWebSec: Code Injection Defenses|Code Injection Defenses]]
       </p>
       </p>
       </td>
       </td>

Revision as of 17:53, 20 September 2012

Course Outline

The outline of the course can be found here.

Reading Responses

In general, reading responses should be turned in by 8 PM on Monday prior to the associated readings being discussed in class. Submitted reading responses should be no more than 1000 words in total for discussion of all the week's readings. (NOT 1000 words per reading!) Reading responses should be a discussion of what you got out of the readings and what questions you still have. I will attempt to read everyone's responses before class so I have an idea how to direct in-class discussion. In particular, I will be looking for topics on which to give more background.

The first reading response is due on Monday, September 17th, 8 PM. Note that this response should also discuss how useful and enjoyable the unsupervised in-class discussion of the readings went.

Responses should be submitted via Carleton's new cuLearn.

Readings

Date

Topics

Readings

Notes

Sept. 6

Introduction

Introduction Notes

Sept. 11

Fundamentals (Groups)

Saltzer & Schroeder, The Protection of Information in Computer Systems (1975) (Link to PDF version)

Fundamentals Notes

Sept. 13

Criteria (Groups)

The DoD Orange Book (1985)

Criteria Notes

Sept. 18

Fundamentals (Discussion)

Sept. 20

Criteria (Discussion)

Sept. 25

Code Injection Attacks

Aleph One, Stack Smashing for Fun and Profit
Buchanan et al., When good instructions go bad: generalizing return-oriented programming to RISC

Code Injection Attacks

Sept. 27

Code Injection Defenses

Bojinov et al., Address space randomization for mobile devices
Kc et al., Countering Code-Injection Attacks With Instruction-Set Randomization

Code Injection Defenses

Oct. 2

Oct. 4