CSC 495 — Readings
Readings on Responsible Disclosure (read before Jan. 15)
-
Wikipedia entry on Responsible Disclosure (general overview)
-
Google unveils Windows 8.1 vulnerability, releases sample code - a recent controversial case
Readings on Security Background and Vulnerability Markets (read before Jan. 20)
-
What is a Zero-Day Exploit - from Tom’s Guide
-
Bug Bounty Program - Wikipedia entry
-
Assignment: Find two companies that offer cash rewards as part of a bug bounty program, and look up details (amounts, conditions, etc.) - be prepared to discuss this in class on Jan. 20
-
Readings on Process/Memory Models (read before Jan. 27)
-
This is a 3-part series on Linux processes - light on explanation but gives a good "big picture" (all by Himanshu Arora, March 2012):
-
More detail on process memory management and layout - read this after you get the "big picture"!
-
Anatomy of a Program in Memory - by Gustavo Duarte (Jan 27, 2009)
-
Readings on Buffer Overflows (read before Feb. 10)
-
CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) - number 3 on CWE/SANS "Top 25 Most Dangerous Software Errors" (see also the broader category “CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer”)
-
Smashing The Stack For Fun And Profit by Aleph One (Phrack 49, 1996) - the most famous (infamous?) description of stack-based buffer overflows and how to exploit them
Readings on Other Memory Safety Issues (read before Feb. 17)
-
CWE-131: Incorrect Calculation of Buffer Size (#20 on Top 25 Most Dangerous Software Errors)
-
CWE-676: Use of Potentially Dangerous Functions (#18 on Top 25 Most Dangerous Software Errors)
-
CWE-190: Integer Overflow or Wraparound (#24 on Top 25 Most Dangerous Software Errors)
-
CWE-134: Uncontrolled Format String (#23 on Top 25 Most Dangerous Software Errors)
=== Readings on Exploring/Understanding Large Codebases (read before Feb. 26) - George V. Neville-Neil, https://queue.acm.org/detail.cfm?id=945136[Code Spelunking: Exploring Cavernous Code Bases], _Queue_, Vol. 1, No. 6, Sept. 2003, pp. 42-48.
-
George V. Neville-Neil, Code Spelunking Redux, Queue, Vol. 6, No. 7, Jan. 2009, pp. 26-33.
Reading on Stack Protection (read by Thursday, March 19)
-
Windows Security 101: EMET 4.0 - overview of Microsoft Enhanced Mitigation Experience Toolkit, written by Brian Krebs (KrebsOnSecurity)
-
Researchers blow past all protections in Microsoft’s EMET anti-exploitation tool - PCWorld article that is a good reminder that no security protection is perfect.
-
-
Crispin Cowan, Carlton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Proceedings of the 7th USENIX Security Symposium, 1998.
-
This was a very influential research paper that introduced the idea of stack canaries - something that is now standard in every major C compiler
-
Read at least sections 1-3 by March 19, and everything by March 24
-
Videos on clang static analyzer (watch by Thursday, March 26)
Injection vulnerabilities (read by Tuesday, April 14)
-
CWE-89: Improper Neutralization of Special Elements in an SQL Command (SQL Injection) (#1 on Top 25 Most Dangerous Software Errors)
-
Additional reading: OWASP #1)
-
-
CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) (#2 on Top 25 Most Dangerous Software Errors)