La CMU publica el material de su clase Secure Software Systems

16927107-security-concept-blue-opened-padlock-on-digital-background-3d-render.jpg

La facultad de Ingeniería Eléctrica e Informática de la Universidad Carnegie Mellon, ha publicado el material de una de sus clases, llamada Secure Software Systems. Las diapositivas de la clase son las siguientes:

Introduction [pdf]
System model: Source code to execution [pdf]
Attacks: Buffer overflows, format-string vulnerabilities, and other attacks [pdf]
Basic building blocks: separation, memory protection [pdf]
Basic building blocks: VMs, Java sandboxing [pdf]
Isolation and confinement in Android [pdf]
Control-flow integrity [pdf]
Run-time enforcement: enforceable properties [pdf]
Web attacks [pdf]
Web defenses: Native client, app isolation [pdf]
Crypto overview [pdf]; software security architectures: Trusted Computing
Software security architectures: Trusted Computing + policy
Static analysis: C programs
Static analysis: web applications
Static analysis: malware
Dynamic analysis
Software model checking
Software model checking
Software model checking
Building verifiable systems: seL4, browsers
Language-based security: type systems
Language-based security: typed assembly language
Language-based security: noninterference
Dynamic taint analysis
Language-based security: security-typed languages
Usability in software security
Usable Security: Passwords (Part 1)
Usable Security: Passwords (Part 2)
Wrap-up

Con cada clase, se recomienda algún tipo de lectura que podréis encontrar en el enlace del curso. Como nota extra, sólo apuntar que de esta universidad es la "cantera" de PPP o Plaid Parliament of Pwning, un conocido equipo de jugadores CTF. Este año, entre otros, han ganado el CTF de DEF CON.