CS5432 Advanced System Security - Topic Outline - Spring 2021
Contents are subject to change, as each topic is reached.
Slides could change up until 12n on the day of a lecture.
Where available, readings are given that complement lectures.
-
Introduction
[slides]
-
Authentication of Inanimate Objects
- PUFS
[Suh and Devadas 2007]
[slides]
- Measured principals and gating functions
[Schneider, Chapter 11]
[slides]
- Hardware support
- Applications
- Remote attestation
-
Authentication logics [slides]
- Quick refresher on formal logic.
[Chapter 2,
On Concurrent Programming (Springer-Verlag, 1997)]
- CAL
[Schneider, Chapter 9]
- Formulas, interpretations, compound principals
- Constructive logics and accountability
- Credentials and certificates
- Applications
-
Information Flow
- Static enforcement [slides]
- Dynamic enforcement [slides]
- Reactive Information Flow (RIF)
[slides]
[RIF paper]
-
Independence and moving target defenses
- Secret sharing and threshold cryptography
[slides]
- Proactive Obfuscation and Moving Target Defenses
[slides]
[APSS paper]
[Proactive
Obfuscation paper]
-
Web Security Origins and Evolution [slides]
Guest Lecturer: Mary Ellen Zurko (MIT Linclon Laboratory)
-
Control flow defenses [slides]
- Buffer overflows [Aleph
One paper]
- Return-oriented programming (ROP) [ROP
for x86 paper]
- CFI enforcement [CFI paper]
-
Memory defenses
- Attacks
- Memory safety