SIL765: Network & System Security

Overview

• Reflections on Trusting Trust, Ken Thompson
• Shifting the Odds: Writing (More) Secure Software, slides by S. Bellovin, 1996
• Computer Security in the Real World, Butler W. Lampson,Microsoft

• Malware: Computer viruses, worms, botnets and key-loggers [PDF]

  • Hunting for metamorphic, Szor, P. Ferrie
  • Inside the slammer worm, S. Savage
  • An Analysis of Conficker's Logic and Rendezvous Points
  • SplitScreen: Enabling Efficient, Distributed Malware Detection
  • A detailed DDoS extortion story

Buffer Overflows, Integer Overflows, formatstring vulnerabilties, other libc bugs [PDF]

• Buffer Overflow
• Smashing the stack for Fun and Profit, Aleph One
• Basic Integer Overflows, blexim
• Format string attack, wikipedia.
• Basic Integer Vulnerabilities
• Format string Vulnerabilities
• mktemp() TOCTOU bug

Heap Spraying / Stack Spraying Attacks [PDF]

• Heap Feng Shui in Javascript, A. Sotriov 2007
• Nozzle: A Defense Against Heap-Spraying Code Injection Attacks, P. Ratanaworabhan et al. (MSR). November 2008
• Optional: Bypassic Browser Memory Protections, A. Sotirov, M. Dowd. 2008

Defenses against well-known attacks (buffer overflows, etc.) [PDF]

• Buffer Overflow-Defenses
• StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks, Cowan et al., 1998
• ASLR Smack and Laugh Reference, T. Muller 2008
• Optional: On the Effectiveness of Address-Space Randomization, H. Shacham
• Data Execution Protection (DEP)/SafeSEH, wikipedia.
• PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities, C. Cowan et al. Usenix Security 2003

Testing for security via fuzzing

• Real world fuzzing, by Charlie Miller
• Effective Bug Discovery, vf.
• How hackers look for bugs, by Dave Aitel

Access Control and Protection [PDF]

• Role-based Access Control, R. Sandhu et al., IEEE Computer 1996
• Kerberos description on wikipedia

Additional Reading:

Multi-level Security, Fred B. Schneider

Discretionary Access Control, Fred B. Schneider

Authentication for People, Fred B. Schneider

The Protection of Information in Computer Systems, JEROME H. SALTZER,IEEE

Web site security [PDF]

• Cross site scripting explained, Amit Klein
• SQL Injection attacks, Chris Anley
• Robust Defenses for Cross-Site Request Forgery, A. Barth, C. Jackson, J. Mitchell
• Secure Session Management with Cookies for Web Applications, C. Palmer
• Designing and Conducting Phishing Experiments, Finn and Jakobsson, 2007
• Designing an Authentication System: a Dialogue in Four Scenes
• Device Fingerprinting and Fraud Protection Whitepaper, Threat Metrix
• Solving Online Credit Fraud Using Device Identification and Reputation, Iovation

Security problems in network protocols: TCP, DNS, SMTP, and routing [PDF]

• A look back at security problems in TCP/IP Protocol Suite, S. Bellovin, ACSAC 2004
• A simple active attack against TCP, Joncheray, 1995
• A survey of BGP security, 2005
• A Quick and Dirty Guide to BGP attacks
• SoBGP vs SBGP
• DNSChanger
• DNS cache poisoning, Steve Friedl
• Using the Domain Name System for System Break-ins, Bellovin, 1995.
• Language Identification of Encrypted VoIP Traffic, Charles V. Wright
• Remote Timing Attacks are Practical, D. Brumley and Dan Boneh
• Network Layer 2-attacks & mitigation
• Network Attacks

Network defense tools: Firewalls, VPNs, Intrusion Detection, and filters [PDF]

• DNSSEC - The Theory, G. Huston
• Network Firewalls, S.M. Bellovin and W.R. Cheswick
• Firewall Configuration Errors
• Bro: A system for detecting network intruders in real-time, V. Paxon
• Taint-Enhanced Policy Enforcement

Network security testing [PDF]

• Network Security Testing
• The Art of Port Scanning, Fyodor
• pOf_2: Dr. Jekyll had something to Hyde, Zalewski

Smart Phones

• TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on SmartPhones (OSDI 2010)
• Understanding Android Security, 2009

References

• Trust in Cyberspace, Fred B. Schneider