18732 Reading List
Part I: Secure Software
- Sep 12: Introduction
trusting trust, by Thompson
treatise on the construction of locks, Tomlinson.
- Sep 14:
Stack For Fun And Profit, Aleph One.
Overflows: Attacks and Defenses for the Vulnerability of the Decade,
Crispin Cowan, et al.
Exploiting Format String Vulnerabilities, Scut & Team Teso
- Sep 19:
First Step Towards Automated Detection of Buffer Overrun
Vulnerabilities, by David Wagner and Drew Dean
Coverage Detection of Input-Related Security Faults, by Eric Larson
and Todd Austin.
- Sep 21:
Taint Analysis: Automatic Detection, Analysis, and Signature Generation
Exploit Attacks on Commodity Software by James Newsome and Dawn Song
- Sep 26:
Type-Safe Retrofitting of Legacy Code. George C. Necula, Scott
McPeak, Westley Weimer.
Dynamic Buffer Overflow Detector, by O. Ruwase and M. Lam.
- Sep 28: Guest lecture (Brian Chess)
ITS4: A static vulnerability scanner for C and C++ code
Testing static analysis tools using exploitable buffer overflows from open source code
- Oct 3: Guest lecture (Anupam Datta)
A Derivation System and Compositional Logic for Security Protocols
- Oct 5: Guest lecture (Anupam Datta)
Correctness Proof of TLS and IEEE 802.11i
- Oct 10:
Guest lecturer (Sagar Chaki)
Automatic verification of
finite-state concurrent systems using temporal-logic specifications, by
E.M. Clarke, E.A. Emerson, and A.P. Sistla. (Optional reading)
Verification of Sequential and Concurrent C Programs by Sagar
Chaki, Edmund Clarke, Alex Groce, Joel Ouaknine, Ofer Strichman and
Concurrent Software Verification with States, Events, and Deadlocks, by
Sagar Chaki, Edmund Clarke, Joel Ouaknine, Natasha Sharygina, Nishant
- Oct 12: Guest Lecture (Lujo Bauer)
Carrying Code, by George Necula and Peter Lee.
- Oct 17: Guest Lecture (Jonathan Aldrich)
Dynamically Discovering Likely Program Invariants to Support Program Evolution
Effectively Prioritizing Tests in Development Environment
Part II: Secure OS
- Oct 19:
protection of information in computer systems, Saltzer and
Schroeder. (Skip, or skim, Section II.)
Software-Based Fault Isolation
- Oct 24: Midterm
- Oct 26:
of Self for Unix Processes by S. Forrest, S. A. Hofmeyr, A.
and T. A. Longstaff
Tracking for Anomaly Detection by Debin Gao, Michael K. Reiter and
- Oct 31:
Automatic Privilege Separation by David Brumley and Dawn Song
Flexible Containment Mechanism for Executing Untrusted Code
- Nov 2: Guest lecturer (Lujo Bauer)
security policies, Fred B. Schneider
Enforcement of Security Policies: A Retrospective, Erlingsson and
- Nov 7:
for Race Conditions in File Accesses, by M. Bishop and M. Dilger.
Detection and Prevention of Race Conditions in File Accesses, by
Eugene Tsyrklevich and Bennet Yee
- Nov 9: Virtual Machines
Virtual Machine Introspection Based Architecture for Intrusion Detection
the Art of Virtualization
- Nov 14:
Generation and Analysis of Attack Graphs, Oleg Sheyner,
Somesh Jha, and Jeannette M. Wing,
- Nov 16:
Debugging operating systems with time-traveling virtual machines, Samuel T. King, George W. Dunlap, Peter M. Chen.
Backtracking Intrusions, Samuel T. King, Peter M. Chen
Part III: Malcode Analysis and Defense and Other Topics