Resources for Computer Architecture

1. Notes on x86 architecture (and useful exploration links for Linux asm)
   • NASM (The Netwide Assembler) (with free download for Linux, Windows, and several other operating systems)
   • PC Assembly Language tutorial (large, in many languages, based on NASM)
   • gcc-based assembly: Just do: gcc -o myfile -g -O0 file.s
     Then debug via gdb myfile or just run: ./myfile
     (Mote that gdb can debug binary files created either by gcc or by NASM.)
   • To generate gcc-based assembly from source (with commented source lines):
     gcc -c -g -Wa,-alh,-L file.c > file.s
     or: gcc -c -g -Wa,-ahls=file.s file.c
     (man as: -al: emit assembly listing, -ah: emit high level C/C++ source; -L: keep local symbols; NOTE: "-g" is required, and "-S" is purposely omitted, since high level C/C++ source is apparently emitted only as part of full compilation)
2. CPU Layout (will be added)
3. Cache coherency (will be added)
4. Multicore architectures (e.g. AMD Hypertransport) (will be added)
5. GPGPU architectures (General Purpose Graphics Processing Units) (will be added)
   1. NVIDIA Cuda (including NVIDIA G8 and CUDA Overview)
   2. Intel Larrabee
   3. OpenCL (a newer standard)
6. Hacker Curriculum (hacking and ethics):
   • "There are several excellent academic research labs that are aware of hacker research and appreciate hacker skills. We are grateful for your support! Unfortunately, to many others fellow academics the hacker community is a stereotyped unknown that is both distrusted and discounted. We would like to fix this and make sure that the ethical hacker community gets acknowledged for what it is - a national resource of great value."
7. Security issues relating to buffer overflows, escalation of privileges
   1. A syllabus from a related course by Sergey Bratus at Dartmouth Coullege
      1. Buffer overruns and related issues
         • Buffer overruns: Won't work on modern Linux (due to address randomization, stack protection, C prolog/epilog)
           1. notes from a wrap-up on protective technologists
           2. ancient AlephOne
           3. Must turn off ExecShield, ProPolice (IBM), Stack Guard (Immunix -- Crispin Cowan)
           4. Homepage of the PaX Team
              1. Address Space Randomization (Wikipedia)
              2. PaX documentation on ASLR (address space layout randomization)
              3. Bypassing PaX ASLR protection
      2. PLT and GOT (global offset table) "weak links" in the linker
   2. Return-oriented programming: Cracking the kernel through Tcl-like (Forth-like) threaded programming
      1. "Return-oriented programming, or when good instructions go bad" (will add link), Novav Shacham
      2. Start here (Phrack, Nergal)
      3. PaX (Phrack)
      4. return-oriented rootkits (Hund/Holz) (and slides)
8. This Wikipedia return-to-libc attack article is a good place to start, in looking for other Wikipedia security articles, and external links such as Bypassing non-executable-stack during exploitation using return-to-lib (.pdf)
9. ELF hackery (cracking the linker)
   1. Notes on linkers for book Linkers and Loaders
   2. ELF Hackery (part 1)
   3. ELF Hackery (part 2)
   4. grugg -- Cheating the ELF (pdf)
   5. More ELF Buggery (follow-on paper)
10. (optional) DMTCP (Distributed MultiThreaded CheckPointing)
11. (optional) Virtualization, Paravirtualization, Xen (free, open source virtual machine) and other topics for virtual machines.

Potential Ideas for Projects concerning security. This list will be extended to provide project ideas in many areas --- not just in security.
example project ideas (ignore Crypto part): Dynamic loading, library function hijacking, ELF hackery

1. Hack the Linux dynamic linker ld-linux.so to log information and perform ad-hoc checks when libraries and loaded and functions are dynamically linked. You can start with a provided prototype.
2. Write a tool that would add a given executable payload to an ELF binary and modify the binary headers appropriately so that it retains its intended functionality. The code's activation method is up to you -- you can have it run before the executable starts or interpose itself into a standard library function call. Such code could be used in an ELF virus or as framework for inserting trapdoors to catch intruders.

• resources
• elf hackery
• includes gdb, UNIX tools, etc.
• Coming: Security and Education: draft paper