html5-img
1 / 10

CS457 – Introduction to Information Systems Security Projects

CS457 – Introduction to Information Systems Security Projects. Elias Athanasopoulos elathan@ics.forth.gr. Project 1. On the Security of RC4 in TLS Usenix Security 2013.

carlota-ramos
Download Presentation

CS457 – Introduction to Information Systems Security Projects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS457 – Introduction to Information Systems SecurityProjects Elias Athanasopoulos elathan@ics.forth.gr

  2. Project 1 On the Security of RC4 in TLS Usenix Security 2013. NadhemAlFardan, Royal Holloway, University of London; Daniel J. Bernstein, University of Illinois at Chicago and TechnischeUniversiteit Eindhoven; Kenneth G. Paterson, Bertram Poettering, and Jacob C.N. Schuldt, Royal Holloway, University of London. Elias Athanasopoulos

  3. Project 2 When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC ACM CCS 2008 E. Buchanan, R. Roemer, H. Shacham, and S. Savage. Suggested reading: The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) ACM CCS 2007 H. Shacham. Elias Athanasopoulos

  4. Project 3 Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code RandomizationSecurity and Privacy 2012 VasilisPappas, Michalis Polychronakis, and Angelos D. Keromytis Binary stirring: self-randomizing instruction addresses of legacy x86 binary code ACM CCS 2012 Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, Zhiqiang Lin Elias Athanasopoulos

  5. Project 4 Practical Control Flow Integrity & Randomization for Binary Executables Security and Privacy 2013 Chao Zhang, Tao Wei, Zhaofeng Chen , Lei Duan , Stephen McCamant , LászlóSzekeres, Dawn Song, and Wei Zou. Suggested reading: Control-Flow Integrity: Principles, Implementations, and Applications ACM CCS 2005 Abadi et al. Elias Athanasopoulos

  6. Project 5 Out Of Control: Overcoming Control-Flow Integrity Security and Privacy 2014 EnesGöktaş, Elias Athanasopoulos, Herbert Bos, and GeorgiosPortokalidis Suggested reading: Practical Control Flow Integrity & Randomization for Binary Executables Security and Privacy 2013 Chao Zhang, Tao Wei, Zhaofeng Chen , Lei Duan , Stephen McCamant , LászlóSzekeres, Dawn Song, and Wei Zou. Elias Athanasopoulos

  7. Project 6 Size Does Matter - Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Usenix Security 2014 EnesGöktaş, Elias Athanasopoulos, MichalisPolychronakis, Herbert Bos, and GeorgiosPortokalidis Suggested reading: Transparent ROP Exploit Mitigation using Indirect Branch Tracing Usenix Security 2013 Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis Elias Athanasopoulos

  8. Project 7 Cling: A Memory Allocator to Mitigate Dangling Pointers Usenix Security 2010 PeriklisAkritidis Elias Athanasopoulos

  9. Project 8 Improving Integer Security for Systems with KINT OSDI 2012 Xi Wang and Haogang Chen, MIT CSAIL; ZhihaoJia, Tsinghua University IIIS; NickolaiZeldovich and M. FransKaashoek, MIT CSAIL Elias Athanasopoulos

  10. Project 9 Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense NDSS 2009 YacinNadji , PrateekSaxena , Dawn Song Robust Defenses for Cross-Site Request Forgery ACM CCS 2008 Adam Barth, Collin Jackson, and John C. Mitchell Elias Athanasopoulos

More Related