Security Reading List

This year the PL qual has two focus areas, PL and Security. The reading list for the security focus is below. The security focus area will have four questions, two on software security, one on cryptography, and one on network security.

In terms of classes, it is suggested to take 642 and the security 838. We have some supporting documents (summaries of the papers below) that may help with preparation, contact Prof. Ristenpart to obtain them.

Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns Pincus, Baker
The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) Shacham
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs Cadar, Dunbar, Engler
BitBlaze: A New Approach to Computer Security via Binary Analysis Song et al.
Control-Flow Integrity - Principles, Implementations, and Applications Abadi et al.
Intrusion detection via static analysis, Wagner and Dean
Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors Soltesz et al.
Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds, Ristenpart et al.
AmazonIA: When Elasticity Snaps Back Bugiel et al.
Inferring Internet Denial-of-Service Activity, Moore, Voelker, Savage
Accountable Internet Protocol (AIP) David G. Andersen et al.
A look back at Security Problems in the TCP/IP Protocol Suite Bellovin
Collaborative TCP Sequence Number Inference Attack: How to Crack Sequence Number Under A Second Zhiyun Qian, Z. Morley Mao, and Yinglian Xie
Tor: The Second-Generation Onion Router Dingledine et al.
Protocol Misidentification Made Easy with Format-Transforming Encryption Dyer et al.
Robust De-anonymization of Large Sparse Datasets Naranyan and Shmatikov
Compromising Electromagnetic Emanations of Wired and Wireless Keyboards Vuagnoux, Pasini
Hiding Information in Flash Memory Wang et al.
Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses. Halperin et al.
Cookieless Monster:Exploring the Ecosystem of Web-based Device Fingerprinting Nick Nikiforakis et all.
How to Shop for Free Online -- Security Analysis of Cashier-as-a-Service Based Web Stores Rui Wang et all.
Probabilistic encryption Goldwasser and Micali
Random oracles are practical: A paradigm for designing efficient protocols. Bellare and Rogaway
Practice-Oriented Provable Security and the Social Construction of Cryptography Rogaway
The Mix-and-Cut Shuffle: Small-domain Encryption Secure against N Queries Ristenpart and Yilek
On the Security of RC4 in TLS and WPA AlFardan et al.
Counter-cryptanalysis Stevens
Lest We Remember: Cold Boot Attacks on Encryption Keys Halderman, et al
Your botnet is my botnet: analysis of a botnet takeover Stone-Gross et al.
Click Trajectories: End-to-End Analysis of the Spam Value Chain Levchenko et al.
Impression Fraud in Online Advertising via Pay-Per-View Networks Springborn and Barford