La facultad de Ingeniería Eléctrica e Informática de la Universidad Carnegie Mellon, ha publicado el material de una de sus clases, llamada Secure Software Systems. Las diapositivas de la clase son las siguientes:
Introduction [pdf] System model: Source code to execution [pdf] Attacks: Buffer overflows, format-string vulnerabilities, and other attacks [pdf] Basic building blocks: separation, memory protection [pdf] Basic building blocks: VMs, Java sandboxing [pdf] Isolation and confinement in Android [pdf] Control-flow integrity [pdf] Run-time enforcement: enforceable properties [pdf] Web attacks [pdf] Web defenses: Native client, app isolation [pdf] Crypto overview [pdf]; software security architectures: Trusted Computing Software security architectures: Trusted Computing + policy Static analysis: C programs Static analysis: web applications Static analysis: malware Dynamic analysis Software model checking Software model checking Software model checking Building verifiable systems: seL4, browsers Language-based security: type systems Language-based security: typed assembly language Language-based security: noninterference Dynamic taint analysis Language-based security: security-typed languages Usability in software security Usable Security: Passwords (Part 1) Usable Security: Passwords (Part 2) Wrap-up Con cada clase, se recomienda algún tipo de lectura que podréis encontrar en el enlace del curso.
Leer más