18732 Reading List
- Jan 19: Martin Luther King day, no class!
- Jan 21:
Smashing
The Stack For Fun And Profit, Aleph One.
Buffer Overflows:
Attacks and Defenses for the Vulnerability of the Decade, Crispin
Cowan, et al.
- Jan 26:
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities,
by David Wagner and Drew Dean
Buffer Overrun Detection using Linear Programming and Static Analysis,
by Vinod Ganapathy, Somesh Jha, David Chandler, David Melski and David Vitek.
High Coverage
Detection of Input-Related Security Faults, by Eric Larson and Todd
Austin.
- Jan 28:
Exploiting
Format String Vulnerabilities, team teso.
Detecting
Format String Vulnerabilities With Type Qualifiers, by Shankar, Talwar,
Foster, Wagner
- Feb 2:
Automated Generation and Analysis of Attack Graphs, Oleg Sheyner, Somesh
Jha, and Jeannette M. Wing,
- Feb 4:
MOPS:
An Infrastructure for Examining Security Properties of Software, by
Hao Chen and David Wagner
Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems
Code, by Dawson Engler, David Yu Chen, Seth Hallem,
Andy Chou, and Benjamin Chelf
Checking System Rules Using System-Specific,
Programmer-Written Compiler Extensions, by Dawson
Engler, Benjamin Chelf, Andy Chou, and Seth Hallem
- Feb 9:
Proof Carrying
Code, by George Necula and Peter Lee.
Extended Static Checking for Java, by Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata.
- Feb 11:
Robustness Testing of the Microsoft Win32 API
Robust
Software -- No More Excuses
Fault injection techniques and
tools, by M-C. Hsueh et al.
- Feb 16: President's day, no class!
- Feb 18:
CCured: Type-Safe
Retrofitting of Legacy Code. George C. Necula, Scott McPeak, Westley
Weimer.
CCured in the
Real World. Condit et. al.
- Feb 23:
Backwards-compatible
bounds checking for arrays and pointers in C programs, by
R. Jones and P. Kelly.
A Practical Dynamic Buffer Overflow Detector, by
O. Ruwase and M. Lam.
- Feb 25: Guest Lecture (Chris Long)
Why Johnny Can't Encrypt: A Usability
Evaluation of PGP, Whitten and Tygar
Trusted Paths for Browsers, Ye and Smith
- March 1:
Software Security Checklist for the Software Life Cycle, by D. Gilliam, T. Wolfe, J. Sherif, and M. Bishop.
Java security:
from HotJava to Netscape, Dean, Felten, Wallach [pdf]
- March 3: prepare tool demo, no class (out of town)
- March 8: Spring break, no class!
- March 10: Spring break, no class!
- March 15: Tool Demo
- March 17: midterm (in class, closed book)
Part II: Secure OS
- March 22:
The
protection of information in computer systems, Saltzer and Schroeder.
(Skip, or skim, Section II.)
Protection,
Lampson.
- March 24:
A
note on the confinement problem, Lampson.
Efficient
Software-Based Fault Isolation
- March 29:
A secure
environment for untrusted helper applications: confining the wily
hacker, Ian Goldberg, David Wagner, et al.
Efficient Context-Sensitive Intrusion Detection, by J.T. Giffin, S. Jha, and B.P. Miller.
Model-Carrying
Code: A Practical Approach for Safe Execution of Untrusted Applications,by
R. Sekar, V.N. Venkatakrishnan, Samik Basu, Sandeep Bhatkar and Dan DuVarney
- March 31: Guest Lecture (Sagar Chaki)
Modular Verification of Software Components in C by Sagar Chaki et al.
Automatically Validating Temporal Safety Properties of Interfaces by Thomas Ball and Sriram Rajamani
- Apr 5:
Preventing
Privilege Escalation
A Flexible
Containment Mechanism for Executing Untrusted Code
- Apr 7:
Checking
for Race Conditions in File Accesses, by M. Bishop and M. Dilger.
RaceGuard:
Kernel Protection From Temporary File Race Vulnerabilities, by
Crispin Cowan et. al.
Dynamic
Detection and Prevention of Race Conditions in File Accesses, by
Eugene Tsyrklevich and Bennet Yee
- Apr 12:
Enforceable
security policies, Fred B. Schneider
SASI Enforcement
of Security Policies: A Retrospective, Erlingsson and Schneider
- Apr 14: Scenario Graphs and Attack Graphs (NSH 3305, 10am,
Oleg Sheyner)
- Apr 19:
Terra: A Virtual-Machine Based
Platform for Trusted Computing, by
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, Dan Boneh
Xen and the Art of Virtualization ,
by Paul Barham et al.
- Apr 21:
Nachenberg,
Computer Virus-Antivirus Coevolution
Static Analysis of Executables to Detect Malicious Patterns, by M. Christodorescu and S. Jha.
- Apr 26:
Collberg, Thomborson, Software Watermarking: Models and Dynamic Embeddings
- Apr 28: Project presentation & Demo (II)