18732 Reading List
Part I: Secure Software
- Sep 12: Introduction
Reflections on
trusting trust, by Thompson
Rudimentary
treatise on the construction of locks, Tomlinson.
- Sep 14:
Smashing The
Stack For Fun And Profit, Aleph One.
Buffer
Overflows: Attacks and Defenses for the Vulnerability of the Decade,
Crispin Cowan, et al.
Exploiting Format String Vulnerabilities, Scut & Team Teso
- Sep 19:
A
First Step Towards Automated Detection of Buffer Overrun
Vulnerabilities, by David Wagner and Drew Dean
High
Coverage Detection of Input-Related Security Faults, by Eric Larson
and Todd Austin.
- Sep 21:
Dynamic
Taint Analysis: Automatic Detection, Analysis, and Signature Generation
of
Exploit Attacks on Commodity Software by James Newsome and Dawn Song
- Sep 26:
CCured:
Type-Safe Retrofitting of Legacy Code. George C. Necula, Scott
McPeak, Westley Weimer.
A Practical
Dynamic Buffer Overflow Detector, by O. Ruwase and M. Lam.
- Sep 28: Guest lecture (Brian Chess)
ITS4: A static vulnerability scanner for C and C++ code
Testing static analysis tools using exploitable buffer overflows from open source code
- Oct 3: Guest lecture (Anupam Datta)
A Derivation System and Compositional Logic for Security Protocols
- Oct 5: Guest lecture (Anupam Datta)
A Modular
Correctness Proof of TLS and IEEE 802.11i
- Oct 10:
Guest lecturer (Sagar Chaki)
Automatic verification of
finite-state concurrent systems using temporal-logic specifications, by
E.M. Clarke, E.A. Emerson, and A.P. Sistla. (Optional reading)
Efficient
Verification of Sequential and Concurrent C Programs by Sagar
Chaki, Edmund Clarke, Alex Groce, Joel Ouaknine, Ofer Strichman and
Karen Yorav
Concurrent Software Verification with States, Events, and Deadlocks, by
Sagar Chaki, Edmund Clarke, Joel Ouaknine, Natasha Sharygina, Nishant
Sinha
- Oct 12: Guest Lecture (Lujo Bauer)
Proof
Carrying Code, by George Necula and Peter Lee.
- Oct 17: Guest Lecture (Jonathan Aldrich)
Dynamically Discovering Likely Program Invariants to Support Program Evolution
Effectively Prioritizing Tests in Development Environment
Part II: Secure OS
- Oct 19:
The
protection of information in computer systems, Saltzer and
Schroeder. (Skip, or skim, Section II.)
Efficient
Software-Based Fault Isolation
- Oct 24: Midterm
- Oct 26:
A
Sense
of Self for Unix Processes by S. Forrest, S. A. Hofmeyr, A.
Somayaji
and T. A. Longstaff
On Gray-Box
Program
Tracking for Anomaly Detection by Debin Gao, Michael K. Reiter and
Dawn
Song
- Oct 31:
Privtrans:
Automatic Privilege Separation by David Brumley and Dawn Song
A
Flexible Containment Mechanism for Executing Untrusted Code
- Nov 2: Guest lecturer (Lujo Bauer)
Enforceable
security policies, Fred B. Schneider
SASI
Enforcement of Security Policies: A Retrospective, Erlingsson and
Schneider
- Nov 7:
Checking
for Race Conditions in File Accesses, by M. Bishop and M. Dilger.
Dynamic
Detection and Prevention of Race Conditions in File Accesses, by
Eugene Tsyrklevich and Bennet Yee
- Nov 9: Virtual Machines
A
Virtual Machine Introspection Based Architecture for Intrusion Detection
Xen:
the Art of Virtualization
- Nov 14:
Automated
Generation and Analysis of Attack Graphs, Oleg Sheyner,
Somesh Jha, and Jeannette M. Wing,
- Nov 16:
Debugging operating systems with time-traveling virtual machines, Samuel T. King, George W. Dunlap, Peter M. Chen.
Backtracking Intrusions, Samuel T. King, Peter M. Chen
Part III: Malcode Analysis and Defense and Other Topics