Introduction to Computer Security References

In principle the PDFs of all papers listed below are available from the website of the publisher for staff and students of Twente, Eindhoven and Nijmegen. However, there are some exceptions for which a pasword protected PDF is provided here:
[Che00]
[Cia01]
[Mil11(chapter 4)]

1-Introduction References

2-Biometrics Security References

3-Physical Security References

4-Software Security References

19-Social Engineering References

20-Network Security and Management References

21-Operating System Security references

Rings:

[Silber12] Silberschatz, Galvin and Gagne. Operating System Concepts, page 732 - Wiley Publishers

Micro/Mono kernels:

[Tan06a] A. S. Tanenbaum, J. N. Herder, and H. Bos. Can we make operating systems reliable and secure? IEEE Computer, 39(5):44-51, 2006. Link

Buffer overflow guards:

[Wiland03] J Wilander, M Kamkar. A comparison of publicly available tools for dynamic buffer overflow prevention Link

String formatting:

* [Anley07] C. Anley, J. Heasman,F. Linder, G. Richarte. The Shellcoder's Handbook, chapter 4 Link

[Sahit08] R. Sahita and D. Kolar. Beyond Ring-3: Fine Grained Application Sandboxing - World Wide Web Consortium Link

[Bright12] P. Bright. Better on the inside: under the hood of Windows 8 - Ars Technica - Link

[Mahm12] R. Mahmood, N. Esfahani, T. Kacem, N. Mirzaei, S. Malek and A. Stavrou. A whitebox approach for automated security testing of Android applications on the cloud - 7th International Workshop on Automation of Software Test Link

* [Roem12] R. Roemer, E. Buchanan, H. Shacham and S. Savage. Return-Oriented Programming: Systems, Language and Applications - ACM Transactions on Information and System Security 2012 Vol. 15, No. 2 Link

* [Vreu10] P. Vreugendhil, Pwn2Own 2010 Windows 7 Internet Explore 8 exploit - Link

[Caba12] J. Caballero, G. Grieco, M. Marron and A. Nappa. Undangle: Early Detection of Dangling Pointers in Use-After-Free and Double-Free Vulnerabilities - Proceedings of the 2012 International Symposium on Software Testing and Analysis p133-143 Link

[Egel09] M. Egele, P. Wurzinger, C. Kruegel and E. Kirda. Defending Browsers against Drive-by Downloads: Mitigating Heap-Spraying Code Injection Attacks - Detection of Intrusions and Malware, and Vulnerability Assessment: Proceedings of the 6th International Conference DIMVA 2009 Link

[Wei10] T. Wei, T. Wang, L. Duan and J. Luo. Secure dynamic code generation against spraying - Proceedings of the 17th ACM Conference on Computer and Communication Security p. 738-740 Link

[Prot12] E. Protalinski. Android malware surged in Q3? Sure, but only 0.5% came from Google Play - The Next Web Link

22-Offensive Security References

* [Moh12] V. Mohan and K. W. Hamlen. Frankenstein: Stitching malware from benign binaries. In 6th USENIX Workshop on Offensive Technologies (WOOTS), pages 77-84, Bellevue, Washington, Aug 2012. USENIX Association. Link

* [Jeun12]Inkyung Jeun, Youngsook Lee, Dongho Won, A Practical Study on Advanced Persistent Threats, In: Int. Conf. SecTech, CA, CES3, Nov, 2012. pages 144-152, Jeju Island, Korea, Link

Red October attacks Link

Defcon talk on info gathering / spearphishing / PDF infection Link

Analysis of the Aurora attack on Google and others Link