Related Resources

This section contains external resources related to the material taught in this class.

Cryptography

• Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley & Sons, 1996. ISBN: 9780471117094.
• Menezes, van Oorschot, and Vanstone. Handbook of Applied Cryptography. CRC Press. 1996. ISBN: 9780849385230. [Preview with Google Books]
• Buchmann, Johannes. Introduction to Cryptography. Springer, 2004. ISBN: 9780387211565. [Preview with Google Books]
• Cryptographic libraries:
  • KeyCzar by Google.
  • GPGME by GnuPG.
  • OpenSSL.
  • NaCl: Networking and Cryptography library by Tanja Lange and Daniel J. Bernstein.

Control Hijacking Attacks

• Smashing The Stack For Fun And Profit, Aleph One.
• Bypassing non-executable-stack during exploitation using return-to-libc (PDF) by c0ntex.
• Basic Integer Overflows, blexim.
• Kernighan, Brain W., and Dennis M. Ritchie. The C programming language. 2nd ed. Prentice Hall, 1988. ISBN: 9780131103627.
• Intel Memory Protection Extensions.
• Intel 80386 Programmer's Reference Manual, 1987. Alternatively, in PDF format. Much shorter than the full current Intel architecture manuals below, but often sufficient.
• Intel Architecture Software Developer Manuals.

Web Security

• Browser Security Handbook, Michael Zalewski, Google.
• Browser attack vectors.
• Google Caja (capabilities for Javascript).
• Google Native Client allows web applications to safely run x86 code in browsers.
• Myspace.com - Intricate Script Injection Vulnerability, Justin Lavoie, 2006.
• The Security Architecture of the Chromium Browser (PDF) by Adam Barth, Collin Jackson, Charles Reis, and the Google Chrome Team.
• Why Phishing Works (PDF) by Rachna Dhamija, J. D. Tygar, and Marti Hearst.

OS Security

• Secure Programming for Linux and Unix HOWTO, David Wheeler.
• Setuid demystified (PDF) by Hao Chen, David Wagner, and Drew Dean.
• Some thoughts on security after ten years of qmail 1.0 (PDF) by Daniel J. Bernstein.
• Wedge: Splitting Applications into Reduced-Privilege Compartments (PDF) by Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp.
• KeyKOS source code.

Exploiting Hardware Bugs

• Bug Attacks (PDF) on RSA, by Eli Biham, Yaniv Carmeli, and Adi Shamir.
• Using Memory Errors to Attack a Virtual Machine (PDF) by Sudhakar Govindavajhala and Andrew Appel.

Mobile Devices

• iOS security (PDF)