9 years ago · 4bb52cdb94
--- a/Security/lesson_06.md
+++ b/Security/lesson_06.md
@@ -0,0 +1,43 @@
 
				+# Computer Security - lesson 6
			
 
				+#### Federico Maggi
			
 
				+###### 7 April 2016
			
 
				+## Software Security
			
 
				+
			
 
				+There is nothing really __secure__, there is something __secure enough__.
			
 
				+__Software security__ is a problem of design, but designing a software
			
 
				+in a secure way is __very hard__.
			
 
				+An unmet specification about security is a __security issue__.
			
 
				+
			
 
				+## Disclosure
			
 
				+Until the end of 1990' software vulnerabilities were not disclosed,
			
 
				+instead they were traded between security experts or they were sold.
			
 
				+At one point people began using __full disclosure__ to press software
			
 
				+vendors to fix vulnerabilities, that consists in making public information
			
 
				+about the vulnerabilities so that the vendors were forced to fix it
			
 
				+before someone takes advantage of it.
			
 
				+
			
 
				+## Anti Disclosure
			
 
				+After the full disclosure movement vendors realizes that offering visibility
			
 
				+to people disclosing bugs was a way of making them work for you instead of
			
 
				+against you, But then a new movement rose: the __Anti full disclosure__
			
 
				+that states that after the peoples gained visibility they have no
			
 
				+more reasons of giving vulnerabilities for free.
			
 
				+And this made the security expert role a paid job.
			
 
				+
			
 
				+The last developement in the sector was the introduction of __bug bounties__
			
 
				+
			
 
				+## Principles of secure design
			
 
				+- KISS
			
 
				+- Discard privileges as soon as possible
			
 
				+- Open design
			
 
				+- Concurrency and race conditions: __race conditions__ is an entire category of issues.
			
 
				+
			
 
				+## Key Issues of secure design
			
 
				+- fail-safe and default deny: programs should __fail-close__ and not fail-open
			
 
				+- use of shared-resources or untrusted libraries
			
 
				+- filter the input and outputs
			
 
				+- don't write crypto code, use tested libraries.
			
 
				+
			
 
				+## Conclusion
			
 
				+Volnerabilities may be __dense__ so taking out one vulnerability does not make the software
			
 
				+more secure.
			
--- a/Security/x86_lesson.md
+++ b/Security/x86_lesson.md
@@ -0,0 +1,24 @@
 
				+```
			
 
				+eax = 2     esp=FFF8
			
 
				+ebx = 44
			
 
				+
			
 
				+push eax
			
 
				+push ebx
			
 
				+
			
 
				+FFFF8
			
 
				+FFFFC 44
			
 
				+FFFFF 2
			
 
				+```
			
 
				+
			
 
				+### Push instruction
			
 
				+```
			
 
				+mov [esp], eax
			
 
				+sub esp, 4
			
 
				+```
			
 
				+### Pop instruction
			
 
				+```
			
 
				+add esp, 4
			
 
				+mov eax, [esp]
			
 
				+```
			
 
				+
			
 
				+