Basic operating system concepts – Processes, Threads, Virtual memory, File system
Security Goals, Secure Design Principles, Authentication, Linux Password scheme, Password Security, Authorization – Access control, MAC, DAC, ACL, Capabilities, Information flow control, Privilege Escalation Attacks, constraining and sandboxing users and applications. Assembly Primer, Shell coding, ELF File Format. Memory Exploits – Buffer Overflow, Off by one overflow, Format String Attacks, Integer Overflow, Return to Libc, Heap Overflow, Exploit prevention mechanisms : stack canaries, Data Execution Prevention, Address Space Layout Randomization, bypassing DEP & ASLR. Trusted Execution Environment – Case Study on Intel SGX. Fuzzing – Types of fuzzers, Bug detection, Case study – AFL fuzzer. Vulnerability and exploit analysis: spectre, meltdown, foreshadow, dirty COW.
