User:Locasto

Please see my CPSC Web Site

Public Projects and Resources
An Information Security Reading List (work in progress)

CPSC 601.29 ISSA, Information Systems Security Analysis, grad course in Fall and Winter 2011; this course is a guided tour of systems security analysis, x86 architecture, and intrusion {detection, prevention, response, analysis, recovery}

CPSC 457 (W2012), an undergraduate computer science course in operating systems principles

Winter 2013 version: CPSC 457 (W2013), an undergraduate computer science course in operating systems principles

CPSC 525

A graduate seminar on cyberwar

U of C's Private Cloud Initiative for studying the behavior and security properties of a real cloud computing environment.

Distributed Web Search Project

libvei, a prototype implementation of a network packet injection framework for programs that wraps libpcap. In particular, this project gave me a chance to write a libpcap tutorial that goes a bit more into depth on features that other tutorials do not.

A Virtual Machine Fingerprinting project

An annotated Security Blog List, collecting the advice of multiple security folk.

A tutorial on the Linux command line: 1K Linux Commands

A wiki page on the Cost of Information Security

A list of nearby venues suitable for Computer Science retreats, workshops, and conferences: Retreat Locations Near Calgary (this is a good resource for potential local chairs)

Survey of Intrusion Defense

Deep Introspection

A list of my favorite Top N Systems Security Problems

= Langsec =


 * http://www.cs.dartmouth.edu/~sergey/langsec/
 * http://www.sequitur.info/
 * http://research.microsoft.com/en-us/um/people/lamport/tla/tla.html
 * http://raf.org/papers/mt-disciplined.html
 * Programming with Nothing: http://experthuman.com/programming-with-nothing
 * Learning to classify vulns: http://dl.acm.org/citation.cfm?doid=1835804.1835821
 * PHY layer hacking: http://2012.hackitoergosum.org/blog/schedule/talks#Strangeand
 * RT @daveaitel RT @RegexTip: Catastrophic backtracking in regular expressions http://t.co/KWVDhLyI
 * http://geer.tinho.net/geer.sourceboston.18iv12.txt
 * http://www.cs.cornell.edu/Info/People/jgm/lang-based-security/

Network Security Links
http://internetcensus2012.bitbucket.org/download.html

http://packetstorm.linuxsecurity.com/papers/general/blackmagic.txt

arp-sk: http://sid.rstack.org/arp-sk/

JI's Internet Routing Course: http://www.cs.columbia.edu/~ji/F02/

http://personalpages.manchester.ac.uk/staff/m.dodge/cybergeography//atlas/historical.html

http://www.cs.uit.no/~daniels/PingTunnel/#using

browser security handbook: http://code.google.com/p/browsersec/wiki/Main

http://packetlife.net/blog/2011/mar/2/tcp-flags-psh-and-urg/

http://arstechnica.com/security/2013/08/twitter-rolls-out-two-factor-authentication-thats-simpler-more-secure/

http://blogs.wsj.com/digits/2013/07/31/why-google-doesnt-encrypt-user-data-while-its-stored/

Cloud
http://research.microsoft.com/en-us/um/redmond/events/socc2010/index.htm

http://matt-welsh.blogspot.ca/2011/05/how-can-academics-do-research-on-cloud.html

Overlay Networks
http://www.opendht.org/faq.html

http://current.cs.ucsb.edu/projects/chimera/

https://github.com/sit/dht/wiki

http://research.microsoft.com/en-us/um/people/antr/pastry/pubs.htm

http://oceanstore.cs.berkeley.edu/

http://www.bamboo-dht.org/

Testbeds
https://www.planet-lab.org/about

Canadian Cyber Security Links
http://www.calgaryherald.com/business/story.html?id=8658076

http://www.techvibes.com/blog/government-fights-cyber-crime-2013-03-21

Random Links
https://github.com/mbostock/d3/wiki/Gallery

vxheavens archive: http://web.archive.org/web/20111103034748/http://vxheavens.com/vl.php?

http://blogs.cisco.com/security/transparency-transparency-transparency-and-trustworthy-systems/

http://blog.jgc.org/2013/04/how-i-coded-in-1985.html

http://ossmann.blogspot.ca/2013/05/introducing-daisho.html

http://cyberlaw.stanford.edu/blog/2013/07/mozilla-professors-scientists-researchers-stand-weev

Using meta-data to find Paul Revere: http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/

composition kills: http://www.veracode.com/blog/2013/05/executable-archaeology-the-case-of-the-stupid-thing-eating-all-my-ram/

modern advice for a software design and build process that supports more resilient code: http://blog.erratasec.com/2013/08/the-rob-test-12-steps-to-safer-code.html#.UgfU9mS-5GQ

http://www.coding2learn.org/blog/2013/07/29/kids-cant-use-computers/

Big Data
https://aws.amazon.com/datasets/

Wii
http://abstrakraft.org/cwiid/wiki/MotionPlus

http://dvdhrm.wordpress.com/xwiimote/

gdb manual: http://www.delorie.com/gnu/docs/gdb/gdb_toc.html#SEC_Contents

Privacy
http://justdelete.me/

http://www.volokh.com/2013/09/03/can-police-enter-property-marked-trespassing-signs-take-two/

http://www.forbes.com/sites/kashmirhill/2013/09/12/e-zpasses-get-read-all-over-new-york-not-just-at-toll-booths/

http://www.zdnet.com/a-new-secure-and-free-internet-dream-on-7000020322/

http://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption

Cybersecurity Education and Vulns / Bugs

 * http://www.ranum.com/security/computer_security/editorials/dumb/
 * http://www.qualys.com/research/top10/
 * http://packetstormsecurity.com/files/122965
 * http://seclists.org/oss-sec/2013/q3/286
 * http://securityintelligence.com/all-resources/it-security-skills-gap-how-to-deal-with-it/
 * http://www.robertgraham.com/journal/030815-blaster.c
 * http://codeinsecurity.wordpress.com/2013/10/11/steam-uac-bypass-via-code-execution/
 * http://labs.bitdefender.com/2012/06/flame-the-story-of-leaked-data-carried-by-human-vector/
 * http://www.cvedetails.com/cve/CVE-2011-4914/
 * http://www.openssh.com/txt/gcmrekey.adv
 * http://blogs.vmware.com/vmtn/2008/02/keeping-your-vm.html
 * Hacker OPSEC: http://grugq.github.io/blog/2013/11/06/required-reading/