CSE 127: Computer Security
Engineering, 2nd ed., Wiley, 2008
- Jean-Philippe Aumasson, Serious
Cryptography, No Starch, 2017
- Dan Boneh and Victor
Graduate Course in Applied Cryptography, book draft, 2017.
- Whitfield Diffie and Susan
on the Line, MIT Press, 2010
- Jens Gustedt,
C, book draft, 2017
Security, book draft, 2014
Spots on the Map, NAL Trade, 2010
- Eric Rescorla, SSL and
TLS, Addison-Wesley, 2001
- Ivan Ristic,
SSL and TLS, Feisty Duck, 2015
Tangled Web, No Starch, 2011
- Project #1: Control flow.
giftwrap.ova, a VirtualBox VM with SPARC emulator;
sparcbox.tar.bz2, a SPARC VM (for running inside giftwrap);
pp1-rev.tar.gz, exploits and targets (for running inside SPARC VM);
project instructions; and
turnin script (for running inside SPARC VM)
Due: Thursday, January 18, 11:59 PM.
NB: You may not use late days on this assignment.
No late submissions will be accepted. You must submit working exploits
for at least one target to pass the course.
- Project #2: Return-Oriented Programming.
pp2.tar.gz, exploits and targets (for running inside SPARC VM);
sploit A turnin script (for running inside SPARC VM); and
sploits B and C turnin script (for running inside SPARC VM)
Sploit A Due: Wednesday, February 7, 11:59 PM.
Sploits B and C Due: Tuesday, February 13, 11:59 PM.
- Project #3: Web security.
Download: project #3 VM (warning: 1.5 GB!);
project #3 instructions;
project #3 frequently asked questions; and
Due: Friday, February 23rd, 11:59 PM.
- Project #4: JIT spraying.
project #4 VM (warning: 500 MB!);
and project instructions; and
Due: Monday, March 5th, 11:59 PM.
- Project #5: Rainbow tables.
pp5.tar.gz, rainbow table implementation starter code;
and project instructions.
Due: Thursday, March 15th, 11:59 PM.
- Project #6: Speculative execution.
This material is based upon work supported by the National Science
Foundation under Grant No. 0831532.