1. Attacks


Bluetooth issues (Giovanni Cavalieri)
Pin cracking: http://www.eng.tau.ac.il/~yash/shaked-wool-mobisys05/
BlueSnarf: http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf

When Good Instructions Go Bad: Generalizing Return-Oriented Programming to RISC
Erik Buchanan, Ryan Roemer, Hovav Shacham, Stefan Savage
ACM CCS 2008

x86-64 Buffer Overflow Exploits and the Borrowed Code Chunks Exploitation Technique
Sebastian Krahmer
Paper in PDF

Attacks and Design of Image Recognition CAPTCHAs
Bin Zhu , Jeff Yan , Chao Yang, Qiujie Li , Jiu Liu , Ning Xu , Meng Yi
ACM CCS 2010
Paper in PDF

Input Generation via Decomposition and Re-Stitching: Finding Bugs in Malware
Juan Caballero, Pongsin Poosankam , Stephen McCamant, Domagoj Babic, Dawn Song
ACM CCS 2010
Paper in PDF

Return-Oriented Programming Without Returns (Tinghua Xu)
Stephen Checkoway , Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi , Hovav Shacham , Marcel Winandy
ACM CCS 2010
Paper in PDF


English Shellcode
Joshua Mason, Sam Small, Fabian Monrose, Greg MacManus
ACM CCS 2009
Paper in PDF

On the Effectiveness of Address-Space Randomization (Peter Pokorny)
Hovav Shacham, Matthew Page, Ben Pfaff, Eu-Jin Goh, Nagendra Modadugu, Dan Boneh
USENIX Security 2001
Paper in PDF

2. Protection

Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors
Periklis Akritidis, Manuel Costa and Miguel Castro, Steven Hand,
USENIX Security 2009
Paper in PDF

DieHarder: Securing the Heap
Gene Novark, Emery D. Berger
ACM CCS 2010
Paper in PDF

VEX: Vetting Browser Extensions for Security Vulnerabilities
Sruthi Bandhakavi, Samuel T. King, P. Madhusudan, and Marianne Winslett
USENIX Security 2010
Paper in PDF

The Security Architecture of the Chromium Browser (Erin Chapman)
Adam Barth, Collin Jackson, Charles Reis, and the Google Chrome Team
Stanford Technical Report
Paper in PDF

Securing Frame Communication in Browsers
Adam Barth, Collin Jackson, and John C. Mitchell
In Proc. of the 17th USENIX Security Symposium (USENIX Security 2008)

Protecting Browsers from Extension Vulnerabilities
Adam Barth, Adrienne Porter Felt, Prateek Saxena, and Aaron Boodman
In Proc. of the 17th Network and Distributed System Security Symposium (NDSS 2010)

Securing Script-Based Extensibility in Web Browsers
Vladan Djeric and Ashvin Goel
USENIX Security 2010
Paper in PDF

Building a Dynamic Reputation System for DNS (David Harwood)
Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, and Nick Feamster
USENIX Security 2010
Paper in PDF

PaX project documentation + Linux ExecShield
PaX Team
Documents in txt
Article in PDF

FormatGuard: Automatic Protection from printf Format String Vulnerabilities
Crispin Cowan, et. al.
USENIX Security 2001
Paper in PDF
 
3. Reversing issues

Ether: Malware Analysis via Hardware Virtualization Extensions
Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee
ACM CCS 2008

Efficient Detection of Split Personalities in Malware
Davide Balzarotti, Marco Cova, Christoph Karlberger, Engin Kirda, Christopher Kruegel and Giovanni Vigna
NDSS 2010

Binary Obfuscation Using Signals
Igor V. Popov, Saumya K. Debray, and Gregory R. Andrews,
USENIX Security 2007
Paper site

Automatic Reverse Engineering of Malware Emulators
Monirul Sharif, Andrea Lanzi, Jonathon Giffin, Wenke Lee
IEEE Security and Privacy 2009 (Best Student Paper Award)

Analysis-Resistant Malware
J. Bethencourt, D. Song, B. Waters
NDSS 2008
Paper

Anti-emulation through Time-Lock Puzzles
T. Erbringer
CARO 2008
Paper

Unpacking Virtualization Obfuscators
Rolf Rolles
WOOT 2009
Paper in PDF

A Fistful of Red-Pills: How to Automatically Generate Procedures to Detect CPU Emulators
Roberto Paleari, Lorenzo Martignoni, Giampaolo Fresi Roglia and Danilo Bruschi,
WOOT 2009
Paper in PDF

Mimimorphism: A New Approach to Binary Code Obfuscation
Zhenyu Wu, Steven Gianvecchio, Mengjun Xie, Haining Wang
ACM CCS 2010
Paper in PDF

4. Detection

Digging for Data Structures
Anthony Cozzie, Frank Stratton, Hui Xue, and Samuel T. King,
OSDI 2008
Paper in HTML | PDF

To Catch a Predator: A Natural Language Approach for Eliciting Malicious Payloads
Sam Small, Joshua Mason, Fabian Monrose, Niels Provos, Adam Stubblefield,
USENIX Security 2008
Paper in HTML | PDF

Hypervisor Support for Identifying Covertly Executing Binaries
Lionel Litty, H. Andrés Lagar-Cavilla, and David Lie,
USENIX Security 2008
Paper in HTML | PDF

Automated Detection of Persistent Kernel Control-Flow Attacks
Nick Petroni and Michael Hicks
ACM CCS 2007

Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis (Justin Bailey),
Heng Yin, Dawn Song, Manuel Egele, Engin Kirda and Christopher Kruege
ACM CCS 2007

Stealthy Malware Detection Through VMM-Based "Out-of-the-Box" Semantic View Reconstruction
Xuxian Jiang, Xinyuan Wang and Dongyan Xu
ACM CCS 2007

On the Infeasibility of Modeling Polymorphic Shellcode,
Yingbo Song, Michael Locasto, Angelos Stavrou, Angelos Keromytis and Salvatore Stolfo
ACM CCS 2007

Hunting for Metamorphic
Peter Szor, Peter Ferrie
Symantec White Paper 2003
Paper in PDF

5.  Other papers

Re: CAPTCHAs—Understanding CAPTCHA-Solving Services in an Economic Context (Alexis Carlough)
Marti Motoyama, Kirill Levchenko, Chris Kanich, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage
USENIX Security 2010
Paper in PDF