Lecture notes from 6.858, taught by Prof. Nickolai Zeldovich and Prof. James Mickens in 2014. These lecture notes are slightly modified from the ones posted on the 6.858 course website.
- Lecture 1: Introduction: what is security, what's the point, no perfect security, policy, threat models, assumptions, mechanism, buffer overflows
- Lecture 2: Control hijacking attacks: buffer overflows, stack canaries, bounds checking, electric fences, fat pointers, shadow data structure, Jones & Kelly, baggy bounds checking
- Lecture 3: More baggy bounds and return oriented programming: costs of bounds checking, non-executable memory, address-space layout randomization (ASLR), return-oriented programming (ROP), stack reading, blind ROP, gadgets
- Lecture 4: OKWS: privilege separation, Linux discretionary access control (DAC), UIDs, GIDs, setuid/setgid, file descriptors, processes, the Apache webserver, chroot jails, remote procedure calls (RPC)
- Lecture 5: Penetration testing guest lecture by Paul Youn, iSEC Partners
- Lecture 6: Capsicum: confused deputy problem, ambient authority, capabilities, sandboxing, discretionary access control (DAC), mandatory access control (MAC), Capsicum
- Lecture 7: Native Client (NaCl): sandboxing x86 native code, software fault isolation, reliable disassembly, x86 segmentation
- Lecture 8: Web Security, Part I: modern web browsers, same-origin policy, frames, DOM nodes, cookies, cross-site request forgery (CSRF) attacks, DNS rebinding attacks, browser plugins
- Lecture 9: Web Security, Part II: cross-site scripting (XSS) attacks, XSS defenses, SQL injection atacks, Django, session management, cookies, HTML5 local storage, HTTP protocol ambiguities, covert channels
- Lecture 10: Symbolic execution guest lecture by Prof. Armando Solar-Lezama, MIT CSAIL
- Lecture 11: Ur/Web guest lecture by Prof. Adam Chlipala, MIT, CSAIL
- Lecture 12: TCP/IP security: threat model, sequence numbers and attacks, connection hijacking attacks, SYN flooding, bandwidth amplification attacks, routing
- Lecture 13: Kerberos: Kerberos architecture and trust model, tickets, authenticators, ticket granting servers, password-changing, replication, network attacks, forward secrecy
- Lecture 14: ForceHTTPS: certificates, HTTPS, Online Certificate Status Protocol (OCSP), ForceHTTPS
- Lecture 15: Medical software guest lecture by Prof. Kevin Fu, U. Michigan
- Lecture 16: Timing attacks: side-channel attacks, RSA encryption, RSA implementation, modular exponentiation, Chinese remainder theorem (CRT), repeated squaring, Montgomery representation, Karatsuba multiplication, RSA blinding, other timing attacks
- Lecture 17: User authentication: what you have, what you know, what you are, passwords, challenge-response, usability, deployability, security, biometrics, multi-factor authentication (MFA), MasterCard's CAP reader
- Lecture 18: Private browsing: private browsing mode, local and web attackers, VM-level privacy, OS-level privacy, OS-level privacy, what browsers implement, browser extensions
- Lecture 19: Tor guest lecture by Nick Mathewson, Tor Project
- 6.858 notes from 2012 on Anonymous communication: onion routing, Tor design, Tor circuits, Tor streams, Tor hidden services, blocking Tor, dining cryptographers networks (DC-nets)
- Lecture 20: Mobile phone security: Android applications, activities, services, content providers, broadcast receivers, intents, permissions, labels, reference monitor, broadcast intents
- Lecture 21: Information flow tracking: TaintDroid, Android data leaks, information flow control, taint tracking, taint flags, implicit flows, x86 taint tracking, TightLip
- Lecture 22: MIT's IS&T guest lecture by Mark Silis and David LaPorte, MIT IS&T
- Lecture 23: Security economics: economics of cyber-attacks, the spam value chain, advertising, click-support, realization, CAPTCHAs, botnets, payment protocols, ethics
- Lecture 8: Intel Software Guard Extensions (SGX): isolation, Iago attacks, enclaves, attestation, Haven
List of papers we read (papers/):
- Baggy bounds checking
- Hacking blind
- OKWS
- The confused deputy (or why capabilities might have been invented)
- Capsicum (capabilities)
- Native Client (sandboxing x86 code)
- OWASP Top 10, the most critical web application security risks
- KLEE (symbolic execution)
- Ur/Web (functional programming for the web)
- A look back at "Security problems in the TCP/IP protocol suite"
- Kerberos: An authentication service for open network systems
- ForceHTTPs
- Trustworthy Medical Device Software
- Remote timing attacks are practical
- The quest to replace passwords
- Private browsing modes
- Tor: the second-generation onion router
- Understanding Android security
- TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
- Click trajectories: End-to-end analysis of the spam value chain