This section contains external resources related to the material taught in this class.
Cryptography
- Schneier, Bruce. Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley & Sons, 1996. ISBN: 9780471117094.
- Menezes, van Oorschot, and Vanstone. Handbook of Applied Cryptography. CRC Press. 1996. ISBN: 9780849385230. [Preview with Google Books]
- Buchmann, Johannes. Introduction to Cryptography. Springer, 2004. ISBN: 9780387211565. [Preview with Google Books]
- Cryptographic libraries:
- KeyCzar by Google.
- GPGME by GnuPG.
- OpenSSL.
- NaCl: Networking and Cryptography library by Tanja Lange and Daniel J. Bernstein.
Control Hijacking Attacks
- Smashing The Stack For Fun And Profit, Aleph One.
- Bypassing non-executable-stack during exploitation using return-to-libc (PDF) by c0ntex.
- Basic Integer Overflows, blexim.
- Kernighan, Brain W., and Dennis M. Ritchie. The C programming language. 2nd ed. Prentice Hall, 1988. ISBN: 9780131103627.
- Intel Memory Protection Extensions.
- Intel 80386 Programmer’s Reference Manual, 1987. Alternatively, in PDF format. Much shorter than the full current Intel architecture manuals below, but often sufficient.
- Intel Architecture Software Developer Manuals.
Web Security
- Browser Security Handbook, Michael Zalewski, Google.
- Browser attack vectors.
- Google Caja (capabilities for Javascript).
- Google Native Client allows web applications to safely run x86 code in browsers.
- Myspace.com - Intricate Script Injection Vulnerability (TXT), Justin Lavoie, 2006.
- The Security Architecture of the Chromium Browser (PDF) by Adam Barth, Collin Jackson, Charles Reis, and the Google Chrome Team.
- Why Phishing Works (PDF) by Rachna Dhamija, J. D. Tygar, and Marti Hearst.
OS Security
- Secure Programming for Linux and Unix HOWTO, David Wheeler.
- Setuid demystified (PDF) by Hao Chen, David Wagner, and Drew Dean.
- Some thoughts on security after ten years of qmail 1.0 (PDF) by Daniel J. Bernstein.
- Wedge: Splitting Applications into Reduced-Privilege Compartments (PDF) by Andrea Bittau, Petr Marchenko, Mark Handley, and Brad Karp.
- KeyKOS source code.
Exploiting Hardware Bugs
- Bug Attacks (PDF) on RSA, by Eli Biham, Yaniv Carmeli, and Adi Shamir.
- Using Memory Errors to Attack a Virtual Machine (PDF) by Sudhakar Govindavajhala and Andrew Appel.