Reading List for System Security Qual

Students taking the security quals are required to read the following list of books and papers. The qual is a 30 minutes oral exam where topics from this reading list will be discussed. Please contact Dan Boneh to schedule the exam.

Papers

• (State of) The Art of War: Offensive Techniques in Binary Analysis, Y. Shoshitaishvili, R. Wang, C. Salls, N. Stephens, M. Polino,A. Dutcher, J. Grosen, S. Feng, C. Hauser, C. Kruegel, and G. Vigna, 2016
• Inside the slammer worm, D. Moore, V. Paxson, S. Savage, C. Shannon, S. Staniford, N. Weaver, IEEE Security and Privacy, 4(1), July 2003, pp. 33-39.
• Return-Oriented Programming: Systems, Languages, and Applications, R. Roemer, E. Buchanan, H. Shacham, and S. Savage. ACM Trans. Info. & Sys. Security 15(1):2, Mar. 2012
• Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers, X. Ugarte-Pedrero, D. Balzarotti, I. Santos Grueiro, P. Garcia Bringas, 2015
• Processor security: Spectre Attacks: Exploiting Speculative Execution, Paul Kocher, et al., 2019

---

• Control-flow integrity principles, implementations, and applications, M. Abadi, M. Budiu, U. Erlingsson, J. Ligatti. ACM Transactions on Information and System Security 13: 1, 2009
• Eternal War in Memory, Laszlo Szekeres, Mathias Payer, Tao We, Dawn Song, 2013
• Using Programmer-Written Compiler Extensions to Catch Security Holes, Ken Ashcraft, Dawson Engler, in IEEE Security and Privacy 2002.
• All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution, E. Schwartz, T. Avgerinos, D. Brumley, 2010
• System call interposition and seccomp
• Ron Rivest, Cryptography. Handbook of Theoretical Computer Science, Volume A, pp. 717-755

---

• A look back at Security Problems in the TCP/IP Protocol Suite, S. Bellovin, ACSAC 2004.
• Paxson, Bro: A System for Detecting Network Intruders in Real-Time. Proc. 7th USENIX Security Symposium, San Antonio, TX, January 1998.
• A survey of BGP security, K. Butler, T. Farley, P. McDaniel, and J. Rexford.

---

A Few Classics

• Reflections on Trusting Trust, K. Thompson, Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763.
• Efficient Software-Based Fault Isolation, R. Wahbe, S. Lucco, T. Anderson and S. Graham, ACM SIGOPS Operating Systems Review, Vol 27, No 5, Dec 1993, pp 203-216.