|Jan 7||Overview and introduction
Optional reading: Chapter 0x200 of Hacking
|Jan 9||Security foundations
Reading: Thompson's Reflections on Trusting Trust, Ch 1, and Ch 4.1-4.2
|Jan 14||Security foundations (in-class discussion) Kirill's slides|
|Jan 16||Stack buffer-overflows
Reading: Aleph One's Smashing the Stack for Fun and Profit
Optional reading: 0x300-0x320 from Hacking. 0x200-0x270 if you don't have a strong C background.
|Jan 21||MLK - no class|
|Jan 23||ASLR and W^X
Reading: Eternal War in Memory by Szekeres et al., ASLR, and NOEXEC
|Jan 28||Return-oriented programming
Reading: On the Effectiveness of Address-Space Randomization by Shacham et al., The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) by Shacham, and Hacking BLind by Bittau et al.
|Jan 30||Control flow integrity
Reading: Control-Flow Integrity by Abadi et al., Control-Flow Bending: On the Effectiveness of Control-Flow Integrity by Carlini et al. and Control-Flow Integrity: Precision, Security, and Performance by Burow et al.
|Feb 4||Memory safety
Reading: SoftBound: Highly Compatible and CompleteSpatial Memory Safety for C by Nagarakatte et al., Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers by Dang et al., and Bringing Memory Safety to WebAssembly by Disselkoen et al.
|Feb 6||Least privilege and privilege separation
Reading: Operating Systems Security by Jaeger
|Feb 11||Isolation and short review
Reading: Efficient Software-Based Fault Isolation by Wahbe et al.
|Feb 12||Midterm review|
|Feb 13||Midterm exam (in-class)|
|Feb 18||President's day - no class|
|Feb 20||Page tables, VMs, and side channels
Reading: Remote Timing Attacks are Practical by Brumley and Boneh
|Mar 13||Advanced topics in security|
|Mar 20||Final exam 7-9:59PM|