coursera上的软件安全课程的课后阅读补充
在coursera选修了一门软件安全的课程。下面是教授列出来的阅读:
Week 1
Readings
Required reading
The only required reading this week is the following:
- Common vulnerabilities guide for C programmers. Take note of the unsafe C library functions listed here, and how they are the source of buffer overflow vulnerabilities. This list will be relevant for the project and this week's quiz.
- (Reference) Memory layout. Explains a C program's memory layout, replicating the discussion in the second lecture.
Supplemental readings
The following readings are optional: They are meant to supplement the material you are getting in the videos. Check them out if you are interested in learning more, or if you just want to see it all explained in a different way.
- (Reference/refresher) PC Assembly Language, by Paul Carter. This free book introduces x86 assembly, and should complement ideas seen in the lectures.
- Smashing the Stack for Fun and Profit - original article on the topic by Aleph One, in 1996
- Exploiting Format String Vulnerabilities - report describing these format string attacks when they were first recognized
- Basic Integer Overflows - discussion of how overflowing integers can be a vector of attack
WEEK2
Required Readings
The following two blog posts cover the topics of memory safety and type safety in somewhat greater depth
- What is memory safety?
- What is type safety?
Supplemental readings and links
The following readings are optional: Check them out if you are interested in learning more about material we've covered in lecture (many were explicitly linked in the lecture slides).
Attacks and modern defenses, generally
- On the effectiveness of Address Space Randomization, by Shacham, Page, Pfaff, Goh, Modadugu, and Boneh - showed how ASLR implementations on 32-bit systems can be defeated relatively easily
- Smashing the Stack in 2011 - Paul Makowski revisits the 1996 Aleph One article (on the supplemental reading list from last week), considering modern defenses
- Low-level software security by example, by Erlingsson, Younan, Piessens, describes several low-level attacks and modern defenses.
Return-oriented Programming (ROP)
- Geometry of Innocent Flesh on the Bone: Return to libc without Function Calls (on the x86), by Hovav Shacham - introduced the idea, and the term, return oriented programming
- Q: Exploit Hardening Made Easy, by Schwartz, Avgerinos, and Brumley - explains how to automatically generate ROP exploits
- Blind ROP - return-oriented programming without source code, automatically
Control-flow integrity (CFI)
- Control Flow Integrity, by Abadi, Budiu, Erlingsson, and Ligatti - paper that introduced CFI
- Enforcing Forward-Edge Control Flow Integrity, by Tice, Roeder, Collingbourne, Checkoway, Erlingsson, Lozano, and Pike, describing a partial CFI implementation now available in LLVM and gcc
- MoCFI, by Niu and Tan - modular CFI that has low overhead
- See also the paper Low-level software security by example, above
Secure coding
These are a few references linked in the lecture slides. We will cover secure coding and design in more depth during week 4.
- CERT C coding standard
- Secure Programming HOWTO by David Wheeler
- Robust Programming by Matt Bishop
- DieHard project - drop-in replacement for
malloc
that uses randomization to defend against heap-based exploits
coursera上的软件安全课程的课后阅读补充的更多相关文章
- Andrew Ng在coursera上的ML课程_知识点笔记_(1)
1.Feature Scaling(特征缩放): 如上图所示,x1是房屋面积,x2是房间个数,若不进行特征缩放,则代价函数J的曲线近似为一个瘦长的椭圆(我暂时这么理解,θ1和θ2分别是x1和x2的权值 ...
- 关于Coursera上的斯坦福机器学习课程的编程作业提交问题
学习Coursera上的斯坦福机器学习课程的时候,需要向其服务器提交编程作业,我遇到如下问题: 'Submission failed: unexpected error: urlread: Peer ...
- 对于coursera上三门北大网课的评测
今年暑假开始就选了coursera上三门北大的网课——C++程序设计.算法基础.数据结构基础,它们属于一个项目的,上的话每个月249块钱,项目里包括这三门一共有七门课.因为一开始是三门课同时上的,数据 ...
- Coursera台大机器学习课程笔记5 -- Theory of Generalization
本章思路: 根据之前的总结,如果M很大,那么无论假设泛化能力差的概率多小,都无法忽略,所以问题转化为证明M不大,然后上章将其转化为证明成长函数:mh(N)为多项式级别.直接证明似乎很困难,本章继续利用 ...
- Coursera上的machine learning学完啦
Coursera上的第一门公开课最终要结束啦-- 全部的代码http://download.csdn.net/detail/abcd1992719g/7306053 老师的Octave代码很赞.框架打 ...
- 范仁义html+css课程---11、html补充知识
范仁义html+css课程---11.html补充知识 一.总结 一句话总结: 小于号(<):< 大于号(>):> 空格: 二.html 字符实体 1.小于号(<)和大 ...
- 一些我推荐的和想上的网络课程(Coursera, edX, Udacity)
从面向找工作的角度出发,我觉得以下课程有很大帮助: 首推Robert Sedgewick,也是我觉得对我帮助最大的老师,讲课特点是能把复杂的算法讲解清楚(典型例子:红黑树,KMP算法) 他在Cours ...
- 在coursera上有哪些值得推荐的课程
来自知乎 https://www.zhihu.com/question/22436320/answer/224996328
- 无责任共享 Coursera、Udacity 等课程视频
本文转载自网络,原作者不详. (本文是用 markdown 写的,访问 https://www.zybuluo.com/illuz/note/71868 获得更佳体验) 程序语言 interactiv ...
随机推荐
- Redis分布式缓存 教程以及DEMO
原文地址:http://blog.csdn.net/qiujialongjjj/article/category/1800171 redis demo源码下载:http://download.csdn ...
- CROW-5 WEB APP引擎商业计划书(HTML5方向)-微信网页版微信公众平台登录-水仙谷
CROW-5 WEB APP引擎商业计划书(HTML5方向)-微信网页版微信公众平台登录-水仙谷 CROW-5 WEB APP引擎商业计划书(HTML5方向)
- Mitsubish FX 3U PLC 串口 连接单元
前段时间遇到一个Mitsubish FX 3U PLC ,现将PLC连接单元分享一下,希望对其他人有所启示. unit PLC_MitsubishiFX; interface uses Windows ...
- Day01_UNIX基础及VI简介
2013年09月29日 星期日 11时35分58秒 Linux 是一个区别于Windows的操作系统 Linux 是一个多用户的操作系统 Linux 系统通过账号区分不同的用户 在使用Linux系统的 ...
- UINavigation push 于 present到另一个页面详解
如果页面中没有导航栏,可以present到这个A页面,在A页面想要跳转到有个有导航栏的页面就需要添加给B页面添加一个UINavigationController 然后present到B页面,代码如下 ...
- HybridApp开发准备工作——WebView
如大家所见,手机真是越来越离不开我们的日常生活了,像我,现在出门必带的是手机.移动电源.公交卡:钱包什么的再也没出过门.两年前,我还在Android的应用开发中当了一次过客.嗯,当时JAVA学得太糟糕 ...
- WSAWaitForMultipleEvents()
简述:只要指定事件对象中的一个或全部处于有信号状态,或者超时间隔到,则返回. #include <winsock2.h> DWORD WSAAPI WSAWaitForMultipleEv ...
- Java基础知识强化34:String类之String类的转换功能
1. String类的转换功能 String[] split(String regex)//将字符串变成字符串数组(字符串切割) byte[] getBytes()//将字符串变成字节数组 char[ ...
- Nginx 主配置文件参数详解
Nginx 主配置文件参数详解 Nginx 安装完毕后,会有响应的安装目录,安装目录里 nginx.conf 为 nginx 的主配置文件, ginx 主配置文件分为 4 部分,main(全局配置). ...
- 零基础学习云计算及大数据DBA集群架构师【Linux系统\网络服务及安全配置2015年1月8日周五】
考试考一天,得分94,最后一题防火墙当时还没搞明白 考题如下: 注意事项: .确保在重启主机后所有配置仍然生效. .selinux 必须为Enforing 模式,防火墙必须开始.默认策略必须清空. . ...