Paradigms and Approaches to Computer Security

Outline and materials

Lecture 1: main issues in the field, discussion

Lecture 2: low level vulnerabilities

the vulnerability description (and exploit) on

its first discovery:

using the LCA fuzz tester:

the description of the possible abuses:

the very simple patch;

its description:

a lengthy but complete discussion:

a specific occurrence of this kind of vulnerability, in the Linux kernel:

its description:

the (again) simple patch;

Lecture 3: CLIPPER, Trusted Computing

Lecture 4: a vulnerability in Android, a checker for “buffer overflow”

Lecture 5: two other checkers

Lecture 6: introduction to model checking

Lecture 7: model checking with SPIN, checking a protocol

Lecture 8: closing (thu. 6 march 2014 h.10(NEW!), “Sala Seminari”)